I will also admit however that I do not use OpenVAS as a pen-tester, as others might. My use cases could obviously differ from those of another OpenVAS user. :)
On Wed, Oct 1, 2014 at 9:52 AM, Brandon Perry <[email protected]> wrote: > I agree that utilities like dirb and nikto are useful as plugins for > OpenVAS since these are generally applicable to any web server. > > Arachni and wapiti require such application specific configurations that I > wouldn't want to give people using OpenVAS the idea that running arachni > through OpenVAS is as good as running it independently. Both are very > powerful (particularly arachni), but I do think they almost serve a > different purpose than OpenVAS in that OpenVAS in my mind is about finding > and remediating known vulnerabilities such as missing patches and a /backup > folder on a web server. > > Finding SQL injections and XSS should be in the development lifecycle, not > the patch management and insecure configuration discovery. > > Just my 2c. > > > On Wed, Oct 1, 2014 at 8:51 AM, Geoff Galitz <[email protected]> wrote: > >> >> FWIW, openvas as a wrapper around other established tools/projects is half >> the point of openvas (to me anyways). It would be great if the project >> somehow identifies what needs to be done to get these to work again. >> There's no real reason the appropriate scripts/configs cannot be edited or >> added.. just lack of develpment resources. >> >> It's not my intention to whine about technical debt and inefficiencies... >> but it's something to consider as the project continues to gain momentum >> and moves forward. >> >> We've stopped using openvas on some projects as a result of these >> not-really-supported and mostly broken plugins that cause more trouble >> than they're worth. >> >> -G >> >> >> >> > I have (at least) one last question regarding components. The version >> of >> > nmap which I end up with after the install is 6.47. It seems I had >> > recently encountered something >> > Indicating nmap (somewhere around) 5.51 as the preferred version. Could >> > someone please elaborate on the appropriate version of nmap? >> > Thanks in advance for your help! >> > >> > Jack Harvey RHCE CISSP >> > Synnex Corporation >> > 864-349-4939 >> > >> > -----Original Message----- >> > From: Openvas-discuss [mailto: >> [email protected]] >> > On Behalf Of Reindl Harald >> > Sent: Tuesday, September 30, 2014 3:45 PM >> > To: [email protected] >> > Subject: Re: [Openvas-discuss] arachni, etc. >> > >> > >> > Am 30.09.2014 um 21:39 schrieb Jack Harvey: >> >> I realize this has been asked...and asked...and...but enquiring minds >> >> want >> >> to know... >> >> >> >> OpenVAS v7 install via atomic repo includes in the pre-built scan >> >> configs components arachni and wapiti (and of course others) >> >> >> >> I am getting this when I run a scan using "Full and very deep ultimate" >> >> config: >> >> >> >> Vulnerability Detection Result: >> >> arachni report filename is empty. that could mean that wrong version >> >> of arachni is used or tmp dir is not accessible. >> >> In short: check installation of arachni and OpenVAS >> >> >> >> I found this which was posted 2/22/2013 by Tasos Laskos: >> >> >> >> I'm sorry, that OpenVAS plugin was written a long time ago by a >> >> third-party and has been incompatible with Arachni for a long time. >> >> >> >> It's not supported by the Arachni project nor OpenVAS and from what I >> >> remember it used to parse the text report using regular expressions >> >> (which is a really unreliable way to extract the necessary information) >> >> so you're actually better off being unable to use it. >> >> >> >> Should I disable the arachni NASL wrapper? >> > >> > * openvas should not ship it for years >> > * atomic should not add it to deps for years >> > >> > _______________________________________________ >> > Openvas-discuss mailing list >> > [email protected] >> > >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > >> >> >> ------------------------------ >> Geoff Galitz >> http://www.galitz.org >> >> _______________________________________________ >> Openvas-discuss mailing list >> [email protected] >> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss >> > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
