Re: [Openvas-discuss] Reporting on delta's between scans on same host

2017-12-14 Thread ArkanoiD
(jumping in with a blatant ad) Try Seccubus! https://www.seccubus.com/ It specifically designed to handle vulnerability state changes over time. On Thu, Dec 14, 2017 at 11:31 AM, Joris wrote: > Hi Tatooin, > > Thanks for the detailed information, I will test it out. No

Re: [Openvas-discuss] Produce OVAL System Characteristics

2017-11-16 Thread ArkanoiD
Aaand, seems that I identified the root cause! from kb_2_sc.nasl: release = get_kb_item ("ssh/login/release"); if ("RH" >< release) { .. } if ("DEB" >< release) { .. } If your system is neither of those (yes, CentOS/Fedora/Ubuntu are not), the report is to be empty. There are more bugs, yet

Re: [Openvas-discuss] Web Application Vulnerability scanning with OpenVAS

2016-04-01 Thread ArkanoiD
Might be not a very good place to say something like that, but if you need web application scanning Acunetix *definitely* does the job better. There are strong sides of OpenVAS, but it cannot beat specialized tool like that. (my personal favorite for unattended scans is Netsparker, though. free

[Openvas-discuss] Sorry guys, I am leaving.

2011-11-08 Thread ArkanoiD
Just compared with nessus professional feed on the similar RHEL-dominated setup. OpenVAS: 20 high severity and 47 medium severity FPs on the report Nessus: ZERO. OpenVAS: No FPs were overriden by local checks, OpenVAS relies on banner info completely Nessus: All backported security fixes were

Re: [Openvas-discuss] Sorry guys, I am leaving.

2011-11-08 Thread ArkanoiD
On Tue, Nov 08, 2011 at 11:37:40AM +0100, Michael Meyer wrote: *** ArkanoiD a...@eltex.net wrote: OpenVAS: 20 high severity and 47 medium severity FPs on the report Do you have a list of these FPs? Please send it to this list. 1.3.6.1.4.1.25623.1.0.100458 1.3.6.1.4.1.25623.1.0.100362

Re: [Openvas-discuss] Sorry guys, I am leaving.

2011-11-08 Thread ArkanoiD
Really? I cannot believe I am the first to report it. Ok, then I will spend some time chasing NVT bugs. But are there any tricks to improve performance? If you don't tell us _all_ NVTs which are producing FPs, we can't fix them. ___

Re: [Openvas-discuss] Comparison

2011-10-11 Thread ArkanoiD
I am mostly interested in eliminating FPs caused by vendor backports and correct test correlation (say, if we indetify something better by a local test, override all unreliable remote test results) On Tue, Oct 11, 2011 at 10:00:48AM +0200, Sebastien Aucouturier wrote: Chandra, i am doing

[Openvas-discuss] false positives and version detection

2011-10-05 Thread ArkanoiD
I was really disappointed to see that even local checks on RHEL family do not remove false positives -- though requesting package patchlevel is trivial. Is there any effort to fix that ongoing? ___ Openvas-discuss mailing list

[Openvas-discuss] ..and still no SSL in gsad

2011-10-05 Thread ArkanoiD
$ rpm -q libmicrohttpd libmicrohttpd-0.9.7-1.el5.art ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] gsad won't start - MHD HTTPS problem

2011-09-23 Thread ArkanoiD
It is Atomic package. On Mon, Sep 19, 2011 at 08:25:05AM +0200, Michael Wiegand wrote: * Steve Fluegel [18. Sep 2011]: I???m trying to install openvas 4 on Centos 5 (32-bit). Everything seems to go fine, but the gsad service won???t start. It gives this message: