Skip to main content

Authenticated OpenVAS Scanning

Authenticated scanning allows the HostedScan agent to log into systems during vulnerability scans, providing deeper visibility into potential security issues that are only detectable when the scanner has authenticated access to the target systems.

tip

Authenticated scanning provides more comprehensive results by allowing the vulnerability scanner to access internal system information, configuration files, the registry, and installed software that would otherwise be hidden from external scans.

info

Authenticated scanning requires a Premium or MSP account.

What is Authenticated Scanning?

When performing internal network vulnerability scans, the scanner typically only sees what's accessible from the network level - open ports, running services, and externally visible configuration. However, many vulnerabilities can only be detected when the scanner has authenticated access to the target system.

Authenticated scanning enables the scanner to:

  • Check for insecure settings in configuration files
  • Identify outdated software versions and missing security patches
  • Detect weak passwords, excessive privileges, and account misconfigurations
  • Verify compliance with security baselines and best practices
  • Find issues that are only visible from inside the system

Supported Credential Types

The HostedScan agent supports two types of credentials for authenticated scanning:

  • SSH Credentials: Used for authenticating to Linux/Unix systems via SSH.

  • SMB Credentials: Used for authenticating to Windows systems via SMB/CIFS. Can also authentic to *nix systems with SMB enabled.

Managing Credentials

Credentials are managed directly on the scanning server using the HostedScan agent command-line interface. The agent provides several commands for credential management:

info

All credential management commands must be run on the scanning server where the HostedScan agent is installed.

Listing Credentials

To see all configured credentials:

./hostedscan-agent --list-credentials

This displays all available credentials with their names and types.

Creating Credentials

To create a new credential for authenticated scanning:

./hostedscan-agent --create-credential

The command will guide you through the process:

  1. Select credential type: Choose between SSH (Linux/Unix) or SMB (Windows)
  2. Enter username: Provide the username for authentication
  3. Enter password: Enter the password (input will be hidden)
  4. Confirm password: Re-enter the password to confirm
  5. Name the credential: Give the credential a descriptive name

Example session:

Create a credential for authenticated scanning. This will allow the scanner to log in to machines and inspect internal information. Credentials types include:

1. SSH username/password
2. SMB (Windows) username/password

What credential do you want to create? 1 for SSH or 2 for SMB (Windows): 1

Enter username: scanuser
Enter password: ********
Confirm password: ********
Enter a name for this credential: Linux Admin Account

✅ Credential "Linux Admin Account" created.

Testing Credentials

Before using credentials in a scan, you can test them against a specific target:

./hostedscan-agent --test-credential

The test process:

  1. Select a credential from your available credentials
  2. Enter target IP address to test against
  3. Specify port (for SSH credentials, default is 22)
  4. The agent runs a quick scan to verify the credential works

Example session:

Select a credential to test:
1. Linux Admin Account [SSH]
2. Windows Domain Account [SMB]

Enter credential number to test (1-2): 1
Enter the IP address to test: 192.168.1.100
Enter the port to test (default: 22): 22

Test started. It may take a few minutes to complete.

Waiting for test to complete. Progress: 25%
Waiting for test to complete. Progress: 50%
Waiting for test to complete. Progress: 100%

Test completed
✅ Successful login!

Updating Credentials

To modify an existing credential:

./hostedscan-agent --update-credential

You can update the username, password, or both. Press Enter to keep the current value unchanged.

Deleting Credentials

To remove a credential:

./hostedscan-agent --delete-credential
warning

You cannot delete a credential that is currently in use by scan targets. Wait for the scan to finish or stop it if necessary.

Running Authenticated Scans

Once credentials are configured on the agent, they become available in the HostedScan web interface for use in scan configurations.

Using Credentials in Scans

  1. Navigate to the Targets page in your HostedScan dashboard
  2. Click the "Scan" button next to your internal network source
  3. Enter the target IP range (CIDR notation)
Await Scan Results
  1. Configure OpenVAS Settings (this section appears when scanning internal networks):
    • Credential: Select from available credentials configured on the agent
    • Custom SSH Port: If your systems use a non-standard SSH port (default: 22)
    • Alive Test: Choose how the scanner determines if systems are online
Await Scan Results

For an explanation of the OpenVAS settings, see OpenVAS Settings Explained

tip

The OpenVAS Settings section will only appear when configuring scans for internal network sources that have the HostedScan agent installed.

  1. Confirm the settings and click the "Run Scan" button

Once the scan has run, you can verify the login status of each machine by clicking on the scan in the scans table. The expansion shows each detected target, along whether or not authentication succeeded for that target.

Await Scan Results

OpenVAS Settings Explained

Credential (Optional)

  • Select a credential for authenticated scanning
  • If no credential is selected, the scan will run unauthenticated
  • Credentials must be configured on the agent before they appear in this list

Custom SSH Port (Optional)

  • Specify if your SSH services run on a non-standard port
  • Leave blank to use the default port (22)
  • Only applies when using SSH credentials

Alive Test

  • ICMP Ping: Uses ping to check if systems are online (fastest)
  • ICMP & TCP-ACK Service Ping: Combines ping with TCP checks (more thorough)
  • Consider Alive: Assumes all IPs in range are online (slowest but most comprehensive)

Troubleshooting

Credential Test Fails

  • Verify the username and password are correct
  • Check that the target system is accessible on the network
  • Ensure the appropriate service (SSH/SMB) is running on the target
  • Verify firewall rules allow connections from the scanning server

Credentials Don't Appear in Web Interface

  • Ensure credentials are created on the same agent/source
  • Check that the agent is connected and running
  • Verify the agent has successfully synchronized with HostedScan

Limited Scan Results with Credentials

  • Check that the scan account has sufficient permissions
  • Verify the account can access system directories and files
  • Review scan logs for authentication errors or permission issues

Need Help?

If you encounter issues with authenticated scanning:

  1. Test credentials using the --test-credential command to isolate authentication issues
  2. Check agent logs for detailed error messages: journalctl -u hostedscan-agent.service -f
  3. Review scan results for authentication status and any error messages
  4. Contact support at hello@hostedscan.com for assistance