Re: [Openvas-discuss] ospd-ssl error and creating a target
Am Montag, 2. März 2015, 11:45:59 schrieb Gerald Lorenz: Guess the target thing isn't a fault in the python code. Reckon the gsa accepts the backslash only for a netmask like 192.168.1.0/24. Creating a target like localhost/mywebsite for scanning a website results in an error. So the root of the issue is in the gsa, I think. The w3af-python wrapper gets the taget from gsa and it doesn't matter if the target looks like localhost/mywebsite. Only an assumption, maybe I'm wrong... the target object describes only a host or many of them. This is not where URLs are defined. The old NASL wrapper for w3af offered a parameter Seed URL. We should add such a seed parameter for w3af osp wrapper as well. -- Dr. Jan-Oliver Wagner | ++49-541-335084-0 | http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] ospd-ssl error and creating a target
Hi, as you can see, this is only debug information, nothing *wrong* with this. Indeed, for the moment, we rely on timeout conditions to make sure that the whole message as been received before processing it. It's strange. It creates the script file in /tmp/w3af-script... and the XML report in /tmp/w3af-report... But in the gsa no report is generated. The second issue is, can I create a target using the slash? For example: I wanna scan a website mywebsite/index, but it doesn't work, because the gsa doesn't accept the slash (/). In this case, I get the error message Error in host specification. This indeed looks more like an error. Do you think that you're proficient enough in python to try to find the root of the issue ? I'll be glad to integrate a patch from you ! Guess the target thing isn't a fault in the python code. Reckon the gsa accepts the backslash only for a netmask like 192.168.1.0/24. Creating a target like localhost/mywebsite for scanning a website results in an error. So the root of the issue is in the gsa, I think. The w3af-python wrapper gets the taget from gsa and it doesn't matter if the target looks like localhost/mywebsite. Only an assumption, maybe I'm wrong... Thanks. Profitieren Sie von der sicheren E-Mail-Übertragung Ihrer Daten mit einer kostenlosen E-Mail-Adresse der Telekom. www.t-online.de/email-kostenlos ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] ospd-ssl error and creating a target
Hi Gerard, On 02/28/2015 04:35 PM, Gerald Lorenz wrote: Hi, I'm still testing ospd-module. Now I'm getting the following message: ospd.ospd: INFO: Listening on 127.0.0.1:1234 ospd.ospd: DEBUG: New connection from 127.0.0.1:44294 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44294: Connection closed ospd.ospd: INFO: 1cfbf821-46c0-4eaa-8716-35bb6896af38: Scan started. ospd.ospd: INFO: 127.0.0.1: Scan started. ospd_w3af.wrapper: INFO: w3af scan using fast_scan profile. ospd.ospd: DEBUG: New connection from 127.0.0.1:44296 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44296: Connection closed ospd.ospd: DEBUG: New connection from 127.0.0.1:44311 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44311: Connection closed ospd.ospd: DEBUG: New connection from 127.0.0.1:44312 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: SSL close error: ospd.ospd: DEBUG: New connection from 127.0.0.1:44314 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44314: Connection closed ... ...and it's going on and on. W3af via console without ospd is working fine. as you can see, this is only debug information, nothing *wrong* with this. Indeed, for the moment, we rely on timeout conditions to make sure that the whole message as been received before processing it. The second issue is, can I create a target using the slash? For example: I wanna scan a website mywebsite/index, but it doesn't work, because the gsa doesn't accept the slash (/). In this case, I get the error message Error in host specification. This indeed looks more like an error. Do you think that you're proficient enough in python to try to find the root of the issue ? I'll be glad to integrate a patch from you ! Thank you very much for all the valuable tests ! Regards, Ben. -- Benoît Allard (B30A05B0)|Greenbone Networks GmbH|http://greenbone.net Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner signature.asc Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] ospd-ssl error and creating a target
Hi, I'm still testing ospd-module. Now I'm getting the following message: ospd.ospd: INFO: Listening on 127.0.0.1:1234 ospd.ospd: DEBUG: New connection from 127.0.0.1:44294 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44294: Connection closed ospd.ospd: INFO: 1cfbf821-46c0-4eaa-8716-35bb6896af38: Scan started. ospd.ospd: INFO: 127.0.0.1: Scan started. ospd_w3af.wrapper: INFO: w3af scan using fast_scan profile. ospd.ospd: DEBUG: New connection from 127.0.0.1:44296 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44296: Connection closed ospd.ospd: DEBUG: New connection from 127.0.0.1:44311 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44311: Connection closed ospd.ospd: DEBUG: New connection from 127.0.0.1:44312 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: SSL close error: ospd.ospd: DEBUG: New connection from 127.0.0.1:44314 ospd.ospd: DEBUG: SSL error: The read operation timed out ospd.ospd: DEBUG: 127.0.0.1:44314: Connection closed ... ...and it's going on and on. W3af via console without ospd is working fine. The second issue is, can I create a target using the slash? For example: I wanna scan a website mywebsite/index, but it doesn't work, because the gsa doesn't accept the slash (/). In this case, I get the error message Error in host specification. Thanks and best regards. Profitieren Sie von der sicheren E-Mail-Übertragung Ihrer Daten mit einer kostenlosen E-Mail-Adresse der Telekom. www.t-online.de/email-kostenlos ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
