Re: [Openvas-discuss] arachni, etc.
Am Mittwoch, 1. Oktober 2014, 15:51:43 schrieb Geoff Galitz: FWIW, openvas as a wrapper around other established tools/projects is half the point of openvas (to me anyways). It would be great if the project somehow identifies what needs to be done to get these to work again. There's no real reason the appropriate scripts/configs cannot be edited or added.. just lack of develpment resources. While I think it is very valuable to have various scan tools managed via OpenVAS I think it is the wrong appoach to wrap up other tools within a NASL NVT. Which is something that OpenVAS inherited. This approach causes several headaches. This topic was discussed at the last OpenVAS developer conferences and meanwhile we have started a prototype for the new OSP concept (OpenVAS Scanner Protocol). w3af serves as a reference for this. We are not yet where we want to be. But OpenVAS-8 will likely offer something usable. Please be patient with our limited development resources. We have a couple of open developer positions at Greenbone btw ;-) I also can offer to sponsor any OSP wrapper development for the various other scan tools. You need to be familiar with trunk and Python for this. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
I was just wondering about the version of nmap which I should use…6.x (delivered via repo) or 5.51. And one more question… I apologize in advance…If I clone a config (full very deep ultimate), edit that clone’s Web application abuses and uncheck wapiti, dirb and arachni, What happens when there are NVT updates? Will they get used (where appropriate) by the cloned config? Is that the appropriate place to permanently disable those 3 components? Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 From: Brandon Perry [mailto:bperry.volat...@gmail.com] Sent: Wednesday, October 01, 2014 10:53 AM To: Geoff Galitz Cc: Jack Harvey; openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery. Just my 2c. On Wed, Oct 1, 2014 at 8:51 AM, Geoff Galitz ge...@galitz.orgmailto:ge...@galitz.org wrote: FWIW, openvas as a wrapper around other established tools/projects is half the point of openvas (to me anyways). It would be great if the project somehow identifies what needs to be done to get these to work again. There's no real reason the appropriate scripts/configs cannot be edited or added.. just lack of develpment resources. It's not my intention to whine about technical debt and inefficiencies... but it's something to consider as the project continues to gain momentum and moves forward. We've stopped using openvas on some projects as a result of these not-really-supported and mostly broken plugins that cause more trouble than they're worth. -G I have (at least) one last question regarding components. The version of nmap which I end up with after the install is 6.47. It seems I had recently encountered something Indicating nmap (somewhere around) 5.51 as the preferred version. Could someone please elaborate on the appropriate version of nmap? Thanks in advance for your help! Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939tel:864-349-4939 -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.orgmailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.orgmailto:openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.orgmailto:Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Geoff Galitz http://www.galitz.org ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.orgmailto:Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
I have (at least) one last question regarding components. The version of nmap which I end up with after the install is 6.47. It seems I had recently encountered something Indicating nmap (somewhere around) 5.51 as the preferred version. Could someone please elaborate on the appropriate version of nmap? Thanks in advance for your help! Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery. Just my 2c. On Wed, Oct 1, 2014 at 8:51 AM, Geoff Galitz ge...@galitz.org wrote: FWIW, openvas as a wrapper around other established tools/projects is half the point of openvas (to me anyways). It would be great if the project somehow identifies what needs to be done to get these to work again. There's no real reason the appropriate scripts/configs cannot be edited or added.. just lack of develpment resources. It's not my intention to whine about technical debt and inefficiencies... but it's something to consider as the project continues to gain momentum and moves forward. We've stopped using openvas on some projects as a result of these not-really-supported and mostly broken plugins that cause more trouble than they're worth. -G I have (at least) one last question regarding components. The version of nmap which I end up with after the install is 6.47. It seems I had recently encountered something Indicating nmap (somewhere around) 5.51 as the preferred version. Could someone please elaborate on the appropriate version of nmap? Thanks in advance for your help! Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 -Original Message- From: Openvas-discuss [mailto: openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Geoff Galitz http://www.galitz.org ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
I will also admit however that I do not use OpenVAS as a pen-tester, as others might. My use cases could obviously differ from those of another OpenVAS user. :) On Wed, Oct 1, 2014 at 9:52 AM, Brandon Perry bperry.volat...@gmail.com wrote: I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery. Just my 2c. On Wed, Oct 1, 2014 at 8:51 AM, Geoff Galitz ge...@galitz.org wrote: FWIW, openvas as a wrapper around other established tools/projects is half the point of openvas (to me anyways). It would be great if the project somehow identifies what needs to be done to get these to work again. There's no real reason the appropriate scripts/configs cannot be edited or added.. just lack of develpment resources. It's not my intention to whine about technical debt and inefficiencies... but it's something to consider as the project continues to gain momentum and moves forward. We've stopped using openvas on some projects as a result of these not-really-supported and mostly broken plugins that cause more trouble than they're worth. -G I have (at least) one last question regarding components. The version of nmap which I end up with after the install is 6.47. It seems I had recently encountered something Indicating nmap (somewhere around) 5.51 as the preferred version. Could someone please elaborate on the appropriate version of nmap? Thanks in advance for your help! Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 -Original Message- From: Openvas-discuss [mailto: openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Geoff Galitz http://www.galitz.org ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Am 01.10.2014 um 16:52 schrieb Brandon Perry: I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery no - finding SQL injections and XSS is *by definition* the purpose of a security scan signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Am 01.10.2014 um 17:21 schrieb Reindl Harald: Am 01.10.2014 um 16:52 schrieb Brandon Perry: I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery no - finding SQL injections and XSS is *by definition* the purpose of a security scan but for that OpenVAS would need to learn basics like send the host-header correct to scan a specific vhost maybe with v7 that works now, in the past you always scanned the apache default vhost signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
If you want to perform possibly destructive web audit scans on production systems, that is fine. I think you are taking what I said and making an overly-general statement about any kind of security scanning. On Wed, Oct 1, 2014 at 10:21 AM, Reindl Harald h.rei...@thelounge.net wrote: Am 01.10.2014 um 16:52 schrieb Brandon Perry: I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery no - finding SQL injections and XSS is *by definition* the purpose of a security scan ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Am 01.10.2014 um 17:40 schrieb Brandon Perry: If you want to perform possibly destructive web audit scans on production systems, that is fine. surely because better i do at a scheduled point in time and with a recent backup or some bad guy unasked for what purpose do i need a security scan to apply updates which are already available - my OS can that alone frankly if you really fear that a security audit destructs your data then ask yourself if you should not shutdown the machine because you already suspect it to be vulnerable there where i work customers hire security specialists for penetration testing and you have to agree with that or lose the customer if they find something critical like SQL injections, XSS or bad SSL configurations you have 24 hours to fix it or shutdown the website without any but or if - the purpose of a own security scan is to find things *before* they do and avoid the complaints and stress from outside I think you are taking what I said and making an overly-general statement about any kind of security scanning. On Wed, Oct 1, 2014 at 10:21 AM, Reindl Harald h.rei...@thelounge.net mailto:h.rei...@thelounge.net wrote: Am 01.10.2014 um 16:52 schrieb Brandon Perry: I agree that utilities like dirb and nikto are useful as plugins for OpenVAS since these are generally applicable to any web server. Arachni and wapiti require such application specific configurations that I wouldn't want to give people using OpenVAS the idea that running arachni through OpenVAS is as good as running it independently. Both are very powerful (particularly arachni), but I do think they almost serve a different purpose than OpenVAS in that OpenVAS in my mind is about finding and remediating known vulnerabilities such as missing patches and a /backup folder on a web server. Finding SQL injections and XSS should be in the development lifecycle, not the patch management and insecure configuration discovery no - finding SQL injections and XSS is *by definition* the purpose of a security scan signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked…and asked…and…but enquiring minds want to know… OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using “Full and very deep ultimate” config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Thanks! I'll disable arachni. What about the wapiti-related messages? Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
So I just clone the desired config, edit and UN-select both wapiti and arachni. Are there any others? I ask because previously dirb and nikto gave similar “can’t be found, etc.’ messages. I believe this is not currently the case with them. Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 From: Brandon Perry [mailto:bperry.volat...@gmail.com] Sent: Tuesday, September 30, 2014 3:59 PM To: Jack Harvey Cc: Reindl Harald; openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Arachni and wapiti I would highly recommend running separately from OpenVAS. These tools can be highly customized to be as effective as possible for web applications, and any generic check that runs them will certainly not be the optimal settings for your web applications. In fact, archni just went through a major rewrite, most of the command line arguments have been changed. I would not be surprised if the arachni check were broken by this latest rewrite. These should be separate touch points in your environment scanning and not be embedded in a solution like OpenVAS. On Tue, Sep 30, 2014 at 2:54 PM, Jack Harvey ja...@synnex.commailto:ja...@synnex.com wrote: Thanks! I'll disable arachni. What about the wapiti-related messages? Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939tel:864-349-4939 -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.orgmailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.orgmailto:openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.orgmailto:Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Not sure about those at all. On Tue, Sep 30, 2014 at 3:06 PM, Jack Harvey ja...@synnex.com wrote: So I just clone the desired config, edit and UN-select both wapiti and arachni. Are there any others? I ask because previously dirb and nikto gave similar “can’t be found, etc.’ messages. I believe this is not currently the case with them. Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 *From:* Brandon Perry [mailto:bperry.volat...@gmail.com] *Sent:* Tuesday, September 30, 2014 3:59 PM *To:* Jack Harvey *Cc:* Reindl Harald; openvas-discuss@wald.intevation.org *Subject:* Re: [Openvas-discuss] arachni, etc. Arachni and wapiti I would highly recommend running separately from OpenVAS. These tools can be highly customized to be as effective as possible for web applications, and any generic check that runs them will certainly not be the optimal settings for your web applications. In fact, archni just went through a major rewrite, most of the command line arguments have been changed. I would not be surprised if the arachni check were broken by this latest rewrite. These should be separate touch points in your environment scanning and not be embedded in a solution like OpenVAS. On Tue, Sep 30, 2014 at 2:54 PM, Jack Harvey ja...@synnex.com wrote: Thanks! I'll disable arachni. What about the wapiti-related messages? Jack Harvey RHCE CISSP Synnex Corporation 864-349-4939 -Original Message- From: Openvas-discuss [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Reindl Harald Sent: Tuesday, September 30, 2014 3:45 PM To: openvas-discuss@wald.intevation.org Subject: Re: [Openvas-discuss] arachni, etc. Am 30.09.2014 um 21:39 schrieb Jack Harvey: I realize this has been asked...and asked...and...but enquiring minds want to know... OpenVAS v7 install via atomic repo includes in the pre-built scan configs components arachni and wapiti (and of course others) I am getting this when I run a scan using Full and very deep ultimate config: Vulnerability Detection Result: arachni report filename is empty. that could mean that wrong version of arachni is used or tmp dir is not accessible. In short: check installation of arachni and OpenVAS I found this which was posted 2/22/2013 by Tasos Laskos: I'm sorry, that OpenVAS plugin was written a long time ago by a third-party and has been incompatible with Arachni for a long time. It's not supported by the Arachni project nor OpenVAS and from what I remember it used to parse the text report using regular expressions (which is a really unreliable way to extract the necessary information) so you're actually better off being unable to use it. Should I disable the arachni NASL wrapper? * openvas should not ship it for years * atomic should not add it to deps for years ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] arachni, etc.
Am 30.09.2014 um 22:06 schrieb Jack Harvey: So I just clone the desired config, edit and UN-select both wapiti and arachni. Are there any others? I ask because previously dirb and nikto gave similar “can’t be found, etc.’ messages. I believe this is not currently the case with them disable dirb - this crap is started, running for hours long after any scan has finished and reports are generated - so it creates only load and the only thing you can analyze are your webservers logs - no idea why such crap behave that way is not just disabled with a NVT sync signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss