Hi, I'm trying to do a web vulnerability only scan with OpenVas. I'm creating my target, then a scan config where only the family "Web application abuses" is selected. This is currently 4505 scripts that are shown in my custom scan config correctly. I'm cloning my custom scan config from the "empty" template, which seems to be important.
The scan starts but it ends after 1-2 Minutes without a result besides a single "Log" showing that it resolved the hostname correctly but failed at OS detection. When listing processes during the scan I can see the only thing OpenVas does is: 427 ? Ss 0:11 openvassd: Serving /var/run/openvassd.sock 428 ? S 0:00 openvasmd: OTP: Handling scan XXX 435 ? R 1:33 openvassd: testing XXX.XXX.XXX.XXX 452 ? S 0:10 openvassd: testing XXX.XXX.XXX.XXX (/var/lib/openvas/plugins/os_fingerprint.nasl) 453 ? S 0:00 openvassd: testing XXX.XXX.XXX.XXX (/var/lib/openvas/plugins/ssh_authorization.nasl) 454 ? S 0:00 openvassd: testing XXX.XXX.XXX.XXX (/var/lib/openvas/plugins/netbios_name_get.nasl) It basically runs these scripts and then exits. No other scripts seem to be executed during the scan, the list doesn't seem to change. The same happens on other scan templates in a little different manner. When I try to conduct only an FTP-Family scan (cloned from the empty template) OpenVas again only does a host OS check (unsuccessfull, also running /var/lib/openvas/plugins/os_fingerprint.nasl) and nothing more. Other preconfigured scans like "Full and fast" run without problems. When I clone my custom scan template from the "Full and fast" config and deselect every family besides the "Web application abuses" checkbox, something seems to run. But there are still more tests then I asked for. Since when I deselect a family from which "3477 from 3478" tests are included the 3477 tests do not get deselected when deselecting the family and I really don't want to deselect each of those manually. So this doesn't help me either (and seems to be a problem of the GUI). What's going on here? How can I configure my scans correctly and, for example, do a "web application abuses" only scan? I'm using OpenVas on Kali but I could reproduce the problem with a docker image of the current OpenVas version in an Ubuntu environment. So it doesn't seem related to my setup. I didn't find any help in the documentation, if I missed something, please point me to it. Thanks! Michael _______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
