AnsweredAssumed Answered

WAS SCAN taking too long, is it normal?

Question asked by Muhammad Omair Siddiqui on Nov 24, 2017
Latest reply on Nov 27, 2017 by Busby

Hi,
I am scanning a SharePoint(IIS) based portal. The portal is not huge but vulnerability scanning is taking a very long time. I am using an authenticated scan with low intensity. Its almost 22 hours and the scan is not finished yet.

 

Based on below discovery scan and vulnerability scan result. Can you guide if something is wrong?

Also is there a time limit after which scan will be canceled? I do not have problem even if scan can take another 10-15 hours but want to ensure that i have selected some of the parameters which will take ages?

 

+++++++

Results:

+++++++
Vulnerability Scan Progress

====================


Scan running since 21:17:50(20 hours and 51 minutes over baseline scan time)
Scan running since 21:17:50(20 hours and 51 minutes over baseline scan time)
Statistics
Links Collected 460
Links Crawled 296
Requests Performed 26444
Avg. Response Time 8.255839 seconds
Duration: Run till completion.

Form Submissions GET and POST
Form Crawl Scope: Do not include 'Form Action URI'
Performance Settings: Low
Maximum links tested: 300
Detection Scope: Complete


The discovery scan finished successfully in less than 30 min

 

Discovery Details:

==============

Duration:00:25:51
Crawling Time 00:25:19
Assessment Time 00:00:32
Operating System: {It detected my load balancer as OS}
Links Collected 463
Links Crawled 250
Requests Performed 682
Avg. Response Time 2.276817 seconds

Duration: Run till completion.
Form Submissions GET and POST

Ignore Binary Files Yes
Form Crawl Scope Do not include 'Form Action URI'
Performance Settings Low
Maximum links tested 300


Timeout Error Threshold 100
Unexpected Error Threshold 300
Password Bruteforcing Settings Minimal
Bruteforce Attempts –
Bruteforce List Name –

Outcomes