Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
Hi, Since I want to communicate with Openvassd, I reckon I'll need to talk OTP, at least for now. I've found some docs [1], which I trust are up-to-date, correct? Also, is OTP also layered on top of TLS, or can I directly send the text commands down the wire? Replying to myself, since Hani has already answered these questions in a separate message: Basically the docs I mentioned may not be up-to-date, and the wire protocol is lot layered on top of TLS. Best regards, Dario Teixeira ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
Hi, openvassd still uses OTP. It is the ospd-* scanners that use the OSP protocol. If you're still interested in communicating directly with openvassd, here is a little example on how to do it: $ echo -en '< OTP/2.0 >\nCLIENT <|> NVT_INFO\n' | ncat -U /usr/var/run/openvassd.sock You can find some very outdated OTP documentation here [1]. [1] http://www.openvas.org/compendium/openvas-compendium.html Thanks for the info! This should be enough to get me started. Though it's a shame the docs are out of date, at least the source code is available... ;-) Best regards, Dario Teixeira ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
Hi, OSP is not the same as OTP. OSP is meant to replace OTP in some kind of future, but the current openvassd does only talk OTP as Hani said. Thanks for the clarification. I jumped the gun, because I assumed OTP was already a thing of the past... If you're looking for scanners that can talk the 'OSP' protocol, you can find various example under the trunk/osp-servers directory in svn: https://wald.intevation.org/scm/viewvc.php/trunk/osp-servers/?root=openvas At the moment, none of them is able to process nasl code. Since I want to communicate with Openvassd, I reckon I'll need to talk OTP, at least for now. I've found some docs [1], which I trust are up-to-date, correct? Also, is OTP also layered on top of TLS, or can I directly send the text commands down the wire? Thanks again for your time! Best regards, Dario Teixeira [1] http://www.openvas.org/compendium/general-aspects-of-otp.html ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
On 2017-06-21 11:50, Dario Teixeira wrote: Hi, You're trying to use the manager protocol, which is used by the openvasmd not openvassd. Communicating with openvassd directly (over OTP) is for internal usage and is not recommended for external clients as it may change at any time. Thanks for the reply. I'm trying to communicate directly with Openvassd using the OSP protocol (formerly known as OTP, if I understand correctly). According to the docs [1], "" is part of the OSP API, which is why I'm puzzled it doesn't work. Note that I'm writing a daemon that replaces Openvasmd, which is why using OMP or relying on Openvasmd is not an option. Best regards, Dario Teixeira [1] http://docs.greenbone.net/API/OSP/osp-1.0.html openvassd still uses OTP. It is the ospd-* scanners that use the OSP protocol. If you're still interested in communicating directly with openvassd, here is a little example on how to do it: $ echo -en '< OTP/2.0 >\nCLIENT <|> NVT_INFO\n' | ncat -U /usr/var/run/openvassd.sock You can find some very outdated OTP documentation here [1]. [1] http://www.openvas.org/compendium/openvas-compendium.html Best regards, Hani. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
On Wed, 21 Jun 2017 11:50:18 +0100 Dario Teixeirawrote: > Hi, > > > You're trying to use the manager protocol, which is used by the > > openvasmd not openvassd. Communicating with openvassd directly (over > > OTP) is for internal usage and is not recommended for external > > clients as it may change at any time. > > Thanks for the reply. I'm trying to communicate directly with > Openvassd using the OSP protocol (formerly known as OTP, if I > understand correctly). > According to the docs [1], "" is part of the OSP API, > which > is why I'm puzzled it doesn't work. OSP is not the same as OTP. OSP is meant to replace OTP in some kind of future, but the current openvassd does only talk OTP as Hani said. If you're looking for scanners that can talk the 'OSP' protocol, you can find various example under the trunk/osp-servers directory in svn: https://wald.intevation.org/scm/viewvc.php/trunk/osp-servers/?root=openvas At the moment, none of them is able to process nasl code. Regards, Ben. > Note that I'm writing a daemon > that replaces Openvasmd, which is why using OMP or relying on > Openvasmd is not > an option. > > Best regards, > Dario Teixeira > > [1] http://docs.greenbone.net/API/OSP/osp-1.0.html > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss pgpVttCA5rmlK.pgp Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss