Not sure about those at all. On Tue, Sep 30, 2014 at 3:06 PM, Jack Harvey <[email protected]> wrote:
> So I just clone the desired config, edit and UN-select both wapiti and > arachni. Are there any others? I ask because previously dirb and nikto > gave similar “can’t be found, etc.’ messages. > > I believe this is not currently the case with them. > > > > Jack Harvey RHCE CISSP > > Synnex Corporation > > 864-349-4939 > > > > *From:* Brandon Perry [mailto:[email protected]] > *Sent:* Tuesday, September 30, 2014 3:59 PM > *To:* Jack Harvey > *Cc:* Reindl Harald; [email protected] > > *Subject:* Re: [Openvas-discuss] arachni, etc. > > > > Arachni and wapiti I would highly recommend running separately from > OpenVAS. These tools can be highly customized to be as effective as > possible for web applications, and any generic check that runs them will > certainly not be the optimal settings for your web applications. > > > > In fact, archni just went through a major rewrite, most of the command > line arguments have been changed. I would not be surprised if the arachni > check were broken by this latest rewrite. > > > > These should be separate touch points in your environment scanning and not > be embedded in a solution like OpenVAS. > > > > On Tue, Sep 30, 2014 at 2:54 PM, Jack Harvey <[email protected]> wrote: > > Thanks! I'll disable arachni. What about the wapiti-related messages? > > Jack Harvey RHCE CISSP > Synnex Corporation > 864-349-4939 > > -----Original Message----- > From: Openvas-discuss [mailto:[email protected]] > On Behalf Of Reindl Harald > Sent: Tuesday, September 30, 2014 3:45 PM > To: [email protected] > Subject: Re: [Openvas-discuss] arachni, etc. > > > Am 30.09.2014 um 21:39 schrieb Jack Harvey: > > I realize this has been asked...and asked...and...but enquiring minds > want > > to know... > > > > OpenVAS v7 install via atomic repo includes in the pre-built scan > > configs components arachni and wapiti (and of course others) > > > > I am getting this when I run a scan using "Full and very deep ultimate" > config: > > > > Vulnerability Detection Result: > > arachni report filename is empty. that could mean that wrong version > > of arachni is used or tmp dir is not accessible. > > In short: check installation of arachni and OpenVAS > > > > I found this which was posted 2/22/2013 by Tasos Laskos: > > > > I'm sorry, that OpenVAS plugin was written a long time ago by a > > third-party and has been incompatible with Arachni for a long time. > > > > It's not supported by the Arachni project nor OpenVAS and from what I > > remember it used to parse the text report using regular expressions > > (which is a really unreliable way to extract the necessary information) > so you're actually better off being unable to use it. > > > > Should I disable the arachni NASL wrapper? > > * openvas should not ship it for years > * atomic should not add it to deps for years > > _______________________________________________ > Openvas-discuss mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > > > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
