So I just clone the desired config, edit and UN-select both wapiti and arachni. Are there any others? I ask because previously dirb and nikto gave similar “can’t be found, etc.’ messages. I believe this is not currently the case with them.
Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 From: Brandon Perry [mailto:[email protected]] Sent: Tuesday, September 30, 2014 3:59 PM To: Jack Harvey Cc: Reindl Harald; [email protected] Subject: Re: [Openvas-discuss] arachni, etc. Arachni and wapiti I would highly recommend running separately from OpenVAS. These tools can be highly customized to be as effective as possible for web applications, and any generic check that runs them will certainly not be the optimal settings for your web applications. In fact, archni just went through a major rewrite, most of the command line arguments have been changed. I would not be surprised if the arachni check were broken by this latest rewrite. These should be separate touch points in your environment scanning and not be embedded in a solution like OpenVAS. On Tue, Sep 30, 2014 at 2:54 PM, Jack Harvey <[email protected]<mailto:[email protected]>> wrote: Thanks! I'll disable arachni. What about the wapiti-related messages? Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939<tel:864-349-4939> -----Original Message----- From: Openvas-discuss [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: > I realize this has been asked...and asked...and...but enquiring minds want > to know... > > OpenVAS v7 install via atomic repo includes in the pre-built scan > configs components arachni and wapiti (and of course others) > > I am getting this when I run a scan using "Full and very deep ultimate" > config: > > Vulnerability Detection Result: > arachni report filename is empty. that could mean that wrong version > of arachni is used or tmp dir is not accessible. > In short: check installation of arachni and OpenVAS > > I found this which was posted 2/22/2013 by Tasos Laskos: > > I'm sorry, that OpenVAS plugin was written a long time ago by a > third-party and has been incompatible with Arachni for a long time. > > It's not supported by the Arachni project nor OpenVAS and from what I > remember it used to parse the text report using regular expressions > (which is a really unreliable way to extract the necessary information) so > you're actually better off being unable to use it. > > Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years _______________________________________________ Openvas-discuss mailing list [email protected]<mailto:[email protected]> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
