Re: [Openvas-discuss] openvas4 scanning vhosts
*** Juan José Pavlik Salles wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. See the Vhosts and Vhost IP option. Something like vhosts_ip = 192.168.1.2 vhosts = virtual1,virtual2 should work. See http://lists.wald.intevation.org/pipermail/openvas-devel/2010-June/002268.html. You don't need to edit the openvassd.conf as described there. Just edit a Scan Config. HTH Micha -- Michael MeyerOpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas4 scanning vhosts
I wanted double check, isn't there a patch or a workaround? I have 3 dtc servers hosting more than 150 vhosts, and i'd like to scan all of them, i don't have any problem in creating 150 openvas targets with each vhost. I know i am being a bit annoying, but im trying to use openvas as the main tool for getting my degree. Thanks guys! 2012/5/28 Scott Damron sdam...@gmail.com Well...you never mention anything about scanning vhosts in your first question. The more info you provide, the more accurate the answers will be. On May 28, 2012 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: what do you mean with host records are correct? if you mean matching PTR - no, no and again: no it is a bgu in openvas that if you configure a hostname as target the default vhost is accessed due missing host headers from the scanner Am 28.05.2012 22:31, schrieb Scott Damron: You need take sure the open as server can resolve DNS. If using internal DNS servers, make sure your host records are correct. On May 28, 2012 2:28 PM, Juan José Pavlik Salles jjpav...@gmail.commailto: jjpav...@gmail.com wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas4 scanning vhosts
This is a long standing issue, I know this was discussed several years back in one of the DEVCONs (3 years ago I believe). I thought at one point there was a CR written on this, but I can't seem to find it? Perhaps someone else that was involved at the time can refresh our collective memories? I know that the work involved to make this happen was non-trivial, and there was a certain level of discussion on how to handle common scenarios where there are many (sometimes 2,3, sometimes hundreds if not more) virtual hosts on a single IP. The issue there was that scans are IP based, so support for virtual hosts needed to decide how to handle the many (vhost) to one (IP) mapping, and what kinds of limits to put around it. As far as I know, no one ever had significant time/bandwidth to resolve this issue. Thomas On 28/05/12 04:54 PM, Reindl Harald wrote: what do you mean with host records are correct? if you mean matching PTR - no, no and again: no it is a bgu in openvas that if you configure a hostname as target the default vhost is accessed due missing host headers from the scanner Am 28.05.2012 22:31, schrieb Scott Damron: You need take sure the open as server can resolve DNS. If using internal DNS servers, make sure your host records are correct. On May 28, 2012 2:28 PM, Juan José Pavlik Sallesjjpav...@gmail.commailto:jjpav...@gmail.com wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas4 scanning vhosts
Bad news then. I will try to take a loot at the sources, hope i can remember some C or whatever it is written in. Thanks!!! 2012/5/29 Thomas Reinke li...@securityspace.com This is a long standing issue, I know this was discussed several years back in one of the DEVCONs (3 years ago I believe). I thought at one point there was a CR written on this, but I can't seem to find it? Perhaps someone else that was involved at the time can refresh our collective memories? I know that the work involved to make this happen was non-trivial, and there was a certain level of discussion on how to handle common scenarios where there are many (sometimes 2,3, sometimes hundreds if not more) virtual hosts on a single IP. The issue there was that scans are IP based, so support for virtual hosts needed to decide how to handle the many (vhost) to one (IP) mapping, and what kinds of limits to put around it. As far as I know, no one ever had significant time/bandwidth to resolve this issue. Thomas On 28/05/12 04:54 PM, Reindl Harald wrote: what do you mean with host records are correct? if you mean matching PTR - no, no and again: no it is a bgu in openvas that if you configure a hostname as target the default vhost is accessed due missing host headers from the scanner Am 28.05.2012 22:31, schrieb Scott Damron: You need take sure the open as server can resolve DNS. If using internal DNS servers, make sure your host records are correct. On May 28, 2012 2:28 PM, Juan José Pavlik Sallesjjpav...@gmail.com** mailto:jjpav...@gmail.com wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. __**_ Openvas-discuss mailing list Openvas-discuss@wald.**intevation.orgOpenvas-discuss@wald.intevation.org http://lists.wald.intevation.**org/cgi-bin/mailman/listinfo/** openvas-discusshttp://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss __**_ Openvas-discuss mailing list Openvas-discuss@wald.**intevation.orgOpenvas-discuss@wald.intevation.org http://lists.wald.intevation.**org/cgi-bin/mailman/listinfo/** openvas-discusshttp://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] openvas4 scanning vhosts
Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas4 scanning vhosts
You need take sure the open as server can resolve DNS. If using internal DNS servers, make sure your host records are correct. On May 28, 2012 2:28 PM, Juan José Pavlik Salles jjpav...@gmail.com wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas4 scanning vhosts
what do you mean with host records are correct? if you mean matching PTR - no, no and again: no it is a bgu in openvas that if you configure a hostname as target the default vhost is accessed due missing host headers from the scanner Am 28.05.2012 22:31, schrieb Scott Damron: You need take sure the open as server can resolve DNS. If using internal DNS servers, make sure your host records are correct. On May 28, 2012 2:28 PM, Juan José Pavlik Salles jjpav...@gmail.com mailto:jjpav...@gmail.com wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] openvas4 scanning vhosts
Well...you never mention anything about scanning vhosts in your first question. The more info you provide, the more accurate the answers will be. On May 28, 2012 3:54 PM, Reindl Harald h.rei...@thelounge.net wrote: what do you mean with host records are correct? if you mean matching PTR - no, no and again: no it is a bgu in openvas that if you configure a hostname as target the default vhost is accessed due missing host headers from the scanner Am 28.05.2012 22:31, schrieb Scott Damron: You need take sure the open as server can resolve DNS. If using internal DNS servers, make sure your host records are correct. On May 28, 2012 2:28 PM, Juan José Pavlik Salles jjpav...@gmail.commailto: jjpav...@gmail.com wrote: Hi, is it possible to make openvas scan a server with its hostname instead of its IP address? I've created a target with its hostname but it doesn't work. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss