Arachni and wapiti I would highly recommend running separately from OpenVAS. These tools can be highly customized to be as effective as possible for web applications, and any generic check that runs them will certainly not be the optimal settings for your web applications.
In fact, archni just went through a major rewrite, most of the command line arguments have been changed. I would not be surprised if the arachni check were broken by this latest rewrite. These should be separate touch points in your environment scanning and not be embedded in a solution like OpenVAS. On Tue, Sep 30, 2014 at 2:54 PM, Jack Harvey <[email protected]> wrote: > Thanks! I'll disable arachni. What about the wapiti-related messages? > > Jack Harvey RHCE CISSP > Synnex Corporation > 864-349-4939 > > -----Original Message----- > From: Openvas-discuss [mailto:[email protected]] > On Behalf Of Reindl Harald > Sent: Tuesday, September 30, 2014 3:45 PM > To: [email protected] > Subject: Re: [Openvas-discuss] arachni, etc. > > > Am 30.09.2014 um 21:39 schrieb Jack Harvey: > > I realize this has been asked...and asked...and...but enquiring minds > want > > to know... > > > > OpenVAS v7 install via atomic repo includes in the pre-built scan > > configs components arachni and wapiti (and of course others) > > > > I am getting this when I run a scan using "Full and very deep ultimate" > config: > > > > Vulnerability Detection Result: > > arachni report filename is empty. that could mean that wrong version > > of arachni is used or tmp dir is not accessible. > > In short: check installation of arachni and OpenVAS > > > > I found this which was posted 2/22/2013 by Tasos Laskos: > > > > I'm sorry, that OpenVAS plugin was written a long time ago by a > > third-party and has been incompatible with Arachni for a long time. > > > > It's not supported by the Arachni project nor OpenVAS and from what I > > remember it used to parse the text report using regular expressions > > (which is a really unreliable way to extract the necessary information) > so you're actually better off being unable to use it. > > > > Should I disable the arachni NASL wrapper? > > * openvas should not ship it for years > * atomic should not add it to deps for years > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
