![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgE0YL1w8R88koFF59HHcBqDab1nymAXKubzJajdUSbdGT1y7_ZT0PXD8cJO1tzpliE6FPOEjbOPihuOyKtbbeRV7hoHE3fdcEuEKjHpJTNYj4j-mrOnyIaVFx4Ec9CNc6nUwmQ3w/s200/ScreenShot014.png)
Between writing this post and writing April's toolsmith a couple of weeks ago, I used OpenVAS-4, April's toolsmith topic, for a penetration testing engagement rather than the other freely available vulnerability scanner.
The project leads just released OpenVAS-4 in March and it offers some noteworty enhancements.
Between the highly functional web UI, the Greebone Security Assistant, and the impressive scan configuration methodology, I may be a convert.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg8s0aPbJuUNReQmogwk0bE8CcxcTuN2gKEBmhSNSzqE8WP5dCgtBMQB4U0Lsb-cm82ifgvUfYcd_mF2DE5uZ_fAPLZ8RMCuPa-oXTXaPwysZyvU6yfrAfIkGLbwcGZlSppbZnt0Q/s200/greenbone.png)
OpenVAS-4 offers seriously strong report-fu; an essential part of successful engagement tooling.
I also find the ability to slave multiple OpenVAS Managers to one Manager to load balance and distrbute resource intensive scan tasks.
As part of recent testing I discovered a host running the Mongoose web server.
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMeTNNpoLVRFMhMop8oECUJWs7joOA6m-_xz0ydMsGg6tYGgVWTZt-9IlVoI7bRFfQ2U2tkLuJBGWJO3nXrocVirPUsF0pVVx56367WaQi8zmLJXvH04AcyCqulfLf7CXEL0aKqA/s200/OpenVAS.png)
It's here we'll have some fun, a contest if you will, more of a guessing game than anything.
On what specific host type was Mongoose running?
Hint: Keep in mind that Mongoose is an "easy to use web server. It also can be used as embedded web server library to provide a web interface to applications."
First correct guess received via holisticinfosec at gmail dot com will receive an information security book of my choosing.
Check out OpenVAS; I think you'll be impressed.
Cheers.