[Openvas-discuss] Sorry guys, I am leaving.
Just compared with nessus professional feed on the similar RHEL-dominated setup. OpenVAS: 20 high severity and 47 medium severity FPs on the report Nessus: ZERO. OpenVAS: No FPs were overriden by local checks, OpenVAS relies on banner info completely Nessus: All backported security fixes were identified both with remote and local checks, successfully overriding banner checks OpenVAS: Several failed heuristics led to incorrectly identifying software. None of those heuristics were overriden later (it is pretty stupid to assume if the web server has no vendor string it is some Mongoose and to report vulnerabilities associated to it?) Nessus: No failed heursitics, all software identified correctly. OpenVAS: 2Gb memory for scanning appliance was definitely not enough. Heavy tweaking was required to avoid out of memory problems. Nessus: memory usage never got above 512Mb for similar setup OpenVAS: Numerous UI glitches both in gsa and gsd, and both are ugly as hell Nessus: No glitches, UI is smooth OpenVAS: report generation errors, I was unable to get pdf report Nessus: you bet! OpenVAS: Installation problems, gsad does not support https from atomic distro Nessus: just works OpenVAS: 8 hours total scan time Nessus: 1.5 hours total scan time Sorry, I love opensource but not THAT much. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Disable all plugins with OMP
Hello How can I disable all plugins of a family where individual plugins are selected by not iterating over all plugins and disable them? For example when I copy the Full and fast scan config the Web application abuses family has one plugin not selected. My OMP command looks like this to disable the family modify_config config_id=254cd3ef-bbe1-4d58-859d-21b8d0c046c6 family_selection growing1/growing family nameWeb application abuses/name all0/all growing0/growing /family /family_selection /modify_config I am missing something? Greets Allon Moritz ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Disable all plugins with OMP
Never mind I found it modify_config config_id=254cd3ef-bbe1-4d58-859d-21b8d0c046c6nvt_selectionfamilyWeb application abuses/family/nvt_selection/modify_config Von: openvas-discuss-boun...@wald.intevation.org [mailto:openvas-discuss-boun...@wald.intevation.org] Im Auftrag von Allon Moritz - First Security Gesendet: Dienstag, 8. November 2011 11:21 An: openvas-discuss@wald.intevation.org Betreff: [Openvas-discuss] Disable all plugins with OMP Hello How can I disable all plugins of a family where individual plugins are selected by not iterating over all plugins and disable them? For example when I copy the Full and fast scan config the Web application abuses family has one plugin not selected. My OMP command looks like this to disable the family modify_config config_id=254cd3ef-bbe1-4d58-859d-21b8d0c046c6 family_selection growing1/growing family nameWeb application abuses/name all0/all growing0/growing /family /family_selection /modify_config I am missing something? Greets Allon Moritz ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sorry guys, I am leaving.
*** ArkanoiD a...@eltex.net wrote: OpenVAS: 20 high severity and 47 medium severity FPs on the report Do you have a list of these FPs? Please send it to this list. OpenVAS relies on banner info completely No... it is pretty stupid to assume if the web server has no vendor string it is some Mongoose and to report vulnerabilities associated to it? About which NVT you speak here (Name or OID)? OpenVAS: Numerous UI glitches both in gsa and gsd, and both are ugly as hell Thank you for your constructive criticism. :( OpenVAS: report generation errors, I was unable to get pdf report You didn't read the manual? OpenVAS: Installation problems, gsad does not support https from atomic distro And you was not able to fix that on your own? Sorry, I love opensource but not THAT much. Ok. Bye, bye. Have fun.. Micha -- Michael MeyerOpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sorry guys, I am leaving.
On Tue, Nov 08, 2011 at 11:37:40AM +0100, Michael Meyer wrote: *** ArkanoiD a...@eltex.net wrote: OpenVAS: 20 high severity and 47 medium severity FPs on the report Do you have a list of these FPs? Please send it to this list. 1.3.6.1.4.1.25623.1.0.100458 1.3.6.1.4.1.25623.1.0.100362 1.3.6.1.4.1.25623.1.0.900842 1.3.6.1.4.1.25623.1.0.900499 1.3.6.1.4.1.25623.1.0.900841 1.3.6.1.4.1.25623.1.0.900107 1.3.6.1.4.1.25623.1.0.800373 1.3.6.1.4.1.25623.1.0.100409 1.3.6.1.4.1.25623.1.0.800110 1.3.6.1.4.1.25623.1.0.900871 1.3.6.1.4.1.25623.1.0.900184 etc etc OpenVAS is just unusable in RHEL-dominated environment :-( OpenVAS: report generation errors, I was unable to get pdf report You didn't read the manual? Yes, and proposed fix did not work. OpenVAS: Installation problems, gsad does not support https from atomic distro And you was not able to fix that on your own? Actually I gave up chasing dependencies. .spec files from atomic are really scary: damn too much configuration tweaks! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sorry guys, I am leaving.
*** ArkanoiD a...@eltex.net wrote: On Tue, Nov 08, 2011 at 11:37:40AM +0100, Michael Meyer wrote: Do you have a list of these FPs? Please send it to this list. 1.3.6.1.4.1.25623.1.0.100458 1.3.6.1.4.1.25623.1.0.100362 1.3.6.1.4.1.25623.1.0.900842 1.3.6.1.4.1.25623.1.0.900499 1.3.6.1.4.1.25623.1.0.900841 1.3.6.1.4.1.25623.1.0.900107 1.3.6.1.4.1.25623.1.0.800373 1.3.6.1.4.1.25623.1.0.100409 1.3.6.1.4.1.25623.1.0.800110 1.3.6.1.4.1.25623.1.0.900871 1.3.6.1.4.1.25623.1.0.900184 I'll fix these NVTs... etc etc If you don't tell us _all_ NVTs which are producing FPs, we can't fix them. Micha -- Michael MeyerOpenPGP Key: 52A6EFA6 http://www.greenbone.net/ Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460 Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sorry guys, I am leaving.
Really? I cannot believe I am the first to report it. Ok, then I will spend some time chasing NVT bugs. But are there any tricks to improve performance? If you don't tell us _all_ NVTs which are producing FPs, we can't fix them. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Sorry guys, I am leaving.
Hello, 2011/11/8 ArkanoiD a...@eltex.net: But are there any tricks to improve performance? There are several ones, depending on you environment and scan profile. If you are scanning a large IP range, you can for instance use the network_scan setting and the nmap_net NVT family. It is still experimental but designed to scale against large networks and considerably improve performances. You can also, of course, disable some NVT families that you don't need or adjust port ranges... Regards. -- Henri Doreau | Greenbone Networks GmbH | http://www.greenbone.net Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] (no subject)
openvas-glib2-2.22.5-1.el5.art Oh you're using the Atomic repository. That should work. Could you post to openvas-distro so the maintainer can see? Else you can ask on IRC, he's normally around. http://openvas.org/online-chat.html -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Openvas-check-setup
This is in regards to the openvas-check-setup tool. The instructions say: to use this tool simply follow these three steps: 1. Download the latest version of openvas-check-setup http://wald.intevation.org/plugins/scmsvn/viewcvs.php/*checkout*/trunk/ tools/openvas-check-setup?root=openvas . 2. Ensure that the script is executable: 3. chmod +x openvas-check-setup 4. Execute the script: 5. ./openvas-check-setup How can I download the tool? I have an OpenSUSE 11.4 minimal (command line only) install Thanks, Randy Dover ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Openvas-check-setup
You could download the tool using wget, with a command line like wget http://wald.intevation.org/plugins/scmsvn/viewcvs.php/*checkout*/trunk/tools /openvas-check-setup?root=openvas Or you could download it to your desktop and SFTP it over to your OpenSUSE server. Brian From: openvas-discuss-boun...@wald.intevation.org [mailto:openvas-discuss-boun...@wald.intevation.org] On Behalf Of Randy Dover Sent: Tuesday, November 08, 2011 10:26 AM To: openvas-discuss@wald.intevation.org Subject: [Openvas-discuss] Openvas-check-setup This is in regards to the openvas-check-setup tool. The instructions say: to use this tool simply follow these three steps: 1. Download the latest version of openvas-check-setup http://wald.intevation.org/plugins/scmsvn/viewcvs.php/*checkout*/trunk/tool s/openvas-check-setup?root=openvas . 2. Ensure that the script is executable: 1. chmod +x openvas-check-setup 3. Execute the script: 1. ./openvas-check-setup How can I download the tool? I have an OpenSUSE 11.4 minimal (command line only) install Thanks, Randy Dover smime.p7s Description: S/MIME cryptographic signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
[Openvas-discuss] Openvas-check-setup results
OK, thanks to Pete, I have run the openvas-check-setup I got an error that xsltproc is not installed. I got an error that pdflatex is not installed. I got an error that makensis is not installed. I also got errors that OpenVAS Scanner, OpenVAS Manager, OpenVAS Administrator and Greenbone Security Assistant are not running. How can I make those run at startup? Randy Dover ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Creating a lot of targets
I guess i am. I also tried passing the user and password parameters in the script with -u and -w, but there's no difference, still getting Failed to read response. El 8 de noviembre de 2011 22:27, Brandon Perry bperry.volat...@gmail.comescribió: Are you authenticating properly with openvassmd? 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: Hi! it's me again. I tried creating targets with omp -X 'create_targetnamexxx/namehostspaste hosts here/hosts/create_target' -u username -w password and i worked great, but... i have 203 web servers to create... so this is not a good way. I thought about repeating that line in a bash script for all my servers, like this: #!/bin/bash TARGETS=/root/pruebas/web_limpio CONFIG=/root/pruebas/config if [ ! -e $TARGETS ]; then echo $TARGETS doesn't exist exit -1 fi counter=0 for i in `cat $TARGETS`;do cadena='create_targetnameWebserver $counter/namehosts$i/hosts/create_target' omp -X $cadena --config-file=$CONFIG counter=$(($counter+1)) done But it does not work, i get Failed to read response. for every webserver. Any clue??? -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Creating a lot of targets
is openvasmd listening on the correct IP Address/Port? (using the -a argument) 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: I guess i am. I also tried passing the user and password parameters in the script with -u and -w, but there's no difference, still getting Failed to read response. El 8 de noviembre de 2011 22:27, Brandon Perry bperry.volat...@gmail.com escribió: Are you authenticating properly with openvassmd? 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: Hi! it's me again. I tried creating targets with omp -X 'create_targetnamexxx/namehostspaste hosts here/hosts/create_target' -u username -w password and i worked great, but... i have 203 web servers to create... so this is not a good way. I thought about repeating that line in a bash script for all my servers, like this: #!/bin/bash TARGETS=/root/pruebas/web_limpio CONFIG=/root/pruebas/config if [ ! -e $TARGETS ]; then echo $TARGETS doesn't exist exit -1 fi counter=0 for i in `cat $TARGETS`;do cadena='create_targetnameWebserver $counter/namehosts$i/hosts/create_target' omp -X $cadena --config-file=$CONFIG counter=$(($counter+1)) done But it does not work, i get Failed to read response. for every webserver. Any clue??? -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- Pavlik Juan José -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Creating a lot of targets
This is the context: * root@openvas:~/pruebas# netstat -natp|grep openvas tcp0 0 127.0.0.1:9390 0.0.0.0:* ESCUCHAR1665/openvasmd tcp0 0 127.0.0.1:9391 0.0.0.0:* ESCUCHAR12661/openvassd: wa tcp0 0 127.0.0.1:9393 0.0.0.0:* ESCUCHAR16805/openvasad root@openvas:~/pruebas# cat config [Connection] host=localhost port=9390 username=admin password=admin root@openvas:~/pruebas# omp -X 'create_targetnameWebserver 0/namehosts200.16.30.227/hosts/create_target' --config-file=config create_target_response status=201 id=3e7e1451-979a-4f4e-b57a-1b7b21197f8f status_text=OK, resource created/create_target_response root@openvas:~/pruebas# ./crear_targets.sh Failed to read response. ^C root@openvas:~/pruebas# ** * crear_targets.sh is the file script i pasted in the first mail. I have no clue... must be some stupid mistake, but it's killing me. El 8 de noviembre de 2011 22:56, Brandon Perry bperry.volat...@gmail.comescribió: is openvasmd listening on the correct IP Address/Port? (using the -a argument) 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: I guess i am. I also tried passing the user and password parameters in the script with -u and -w, but there's no difference, still getting Failed to read response. El 8 de noviembre de 2011 22:27, Brandon Perry bperry.volat...@gmail.com escribió: Are you authenticating properly with openvassmd? 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: Hi! it's me again. I tried creating targets with omp -X 'create_targetnamexxx/namehostspaste hosts here/hosts/create_target' -u username -w password and i worked great, but... i have 203 web servers to create... so this is not a good way. I thought about repeating that line in a bash script for all my servers, like this: #!/bin/bash TARGETS=/root/pruebas/web_limpio CONFIG=/root/pruebas/config if [ ! -e $TARGETS ]; then echo $TARGETS doesn't exist exit -1 fi counter=0 for i in `cat $TARGETS`;do cadena='create_targetnameWebserver $counter/namehosts$i/hosts/create_target' omp -X $cadena --config-file=$CONFIG counter=$(($counter+1)) done But it does not work, i get Failed to read response. for every webserver. Any clue??? -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- Pavlik Juan José -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Creating a lot of targets
Also, omp -X $cadena 2011/11/8 Brandon Perry bperry.volat...@gmail.com: cadena='create_targetnameWebserver $counter/namehosts$i/hosts/create_target' should be (I think) cadena=create_targetnameWebserver $counter/namehosts$i/hosts/create_target Here is some (albeit C#) code that may help you. string command = create_target; command = command + name + name + /name; command = command + comment + comment + /comment; command = command + hosts + hosts + /hosts; if (!string.IsNullOrEmpty(smbCredentialsID)) command = command + smb_lsc_credential + smbCredentialsID+ /smb_lsc_credential; if (!string.IsNullOrEmpty(sshCredentialsID)) command = command + ssh_lsc_credential + sshCredentialsID + /ssh_lsc_credential; command = command + port_range + portRange + /port_range; command = command + /create_target; XmlDocument doc = new XmlDocument(); doc.LoadXml(command); XmlDocument response = _session.ExecuteCommand(doc); return response; 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: This is the context: root@openvas:~/pruebas# netstat -natp|grep openvas tcp 0 0 127.0.0.1:9390 0.0.0.0:* ESCUCHAR 1665/openvasmd tcp 0 0 127.0.0.1:9391 0.0.0.0:* ESCUCHAR 12661/openvassd: wa tcp 0 0 127.0.0.1:9393 0.0.0.0:* ESCUCHAR 16805/openvasad root@openvas:~/pruebas# cat config [Connection] host=localhost port=9390 username=admin password=admin root@openvas:~/pruebas# omp -X 'create_targetnameWebserver 0/namehosts200.16.30.227/hosts/create_target' --config-file=config create_target_response status=201 id=3e7e1451-979a-4f4e-b57a-1b7b21197f8f status_text=OK, resource created/create_target_response root@openvas:~/pruebas# ./crear_targets.sh Failed to read response. ^C root@openvas:~/pruebas# crear_targets.sh is the file script i pasted in the first mail. I have no clue... must be some stupid mistake, but it's killing me. El 8 de noviembre de 2011 22:56, Brandon Perry bperry.volat...@gmail.com escribió: is openvasmd listening on the correct IP Address/Port? (using the -a argument) 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: I guess i am. I also tried passing the user and password parameters in the script with -u and -w, but there's no difference, still getting Failed to read response. El 8 de noviembre de 2011 22:27, Brandon Perry bperry.volat...@gmail.com escribió: Are you authenticating properly with openvassmd? 2011/11/8 Juan José Pavlik Salles jjpav...@gmail.com: Hi! it's me again. I tried creating targets with omp -X 'create_targetnamexxx/namehostspaste hosts here/hosts/create_target' -u username -w password and i worked great, but... i have 203 web servers to create... so this is not a good way. I thought about repeating that line in a bash script for all my servers, like this: #!/bin/bash TARGETS=/root/pruebas/web_limpio CONFIG=/root/pruebas/config if [ ! -e $TARGETS ]; then echo $TARGETS doesn't exist exit -1 fi counter=0 for i in `cat $TARGETS`;do cadena='create_targetnameWebserver $counter/namehosts$i/hosts/create_target' omp -X $cadena --config-file=$CONFIG counter=$(($counter+1)) done But it does not work, i get Failed to read response. for every webserver. Any clue??? -- Pavlik Juan José ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- Pavlik Juan José -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- Pavlik Juan José -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss