[Openvas-discuss] openvas not sending any data
I'm running openvas9 on ubuntu that I installed from packages based on instructions here https://launchpad.net/~mrazavi/+archive/ubuntu/openvas I ran fast-and-full scan against a single host and I watched the status move slowly towards 100% and at last marked as Done. After a while, say when it was around 12%, I started a tcpdump to see what it was sending but didn't see any packets destined for the host I was testing. Oddly, I can see ssh and other connections from this computer to the scanned host, but openvas just seems not to be doing anything! At the end of the scan, I click on the task and see there is one report. I click on the 1 and it tells me; The report is empty. *The filter does not match any of 1 results.* It's the same if I go to the Reports, there's no report! Now I know it must have started sending data because the host knew it was being port scanned but after a while, openvas just seemed to send nothing at all. I got a message from bitdefender blocking the port scan. So it must have done something early on. So this is odd. It seemed to start to scan but then I had no evidence of it scanning, and at the end, I see no evidence of a report. And no error message either. So it seems like it didn't work... In the openvasmd log: event task:MESSAGE:2017-06-21 22h22.44 UTC:12146: Status of task Immediate scan of IP 10.89.1.1 (57016984-1f4a-497b-a2d2-794934868fbc) has changed to Done and the openvassd.messages [Wed Jun 21 17:03:56 2017][8974] openvassd 5.1.1 started [Wed Jun 21 17:13:10 2017][9320] Client not present [Wed Jun 21 17:14:18 2017][8974] Reloading the scanner. [Wed Jun 21 17:17:25 2017][8974] Finished reloading the scanner. [Wed Jun 21 17:18:13 2017][10635] Client closed the communication [Wed Jun 21 17:39:21 2017][8974] Received the Terminated signal [Wed Jun 21 17:40:04 2017][11949] openvassd 5.1.1 started [Wed Jun 21 17:41:07 2017][12044] Client closed the communication [Wed Jun 21 17:55:46 2017][12145] Starts a new scan. Target(s) : 10.89.1.1, with max_hosts = 30 and max_checks = 10 [Wed Jun 21 17:55:46 2017][12145] exclude_hosts: Skipped 0 host(s). [Wed Jun 21 17:55:46 2017][12145] Testing 10.89.1.1 (10.89.1.1) [12158] [Wed Jun 21 22:22:42 2017][12158] Finished testing 10.89.1.1. Time : 16015.78 secs [Wed Jun 21 22:22:42 2017][12145] Test complete [Wed Jun 21 22:22:42 2017][12145] Total time to scan all hosts : 16026 seconds It did take 4 hours to complete, is this normal for a fast-and-full scan? Suggestions? Was it a mistake to try openvas 9? ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
Hi, Since I want to communicate with Openvassd, I reckon I'll need to talk OTP, at least for now. I've found some docs [1], which I trust are up-to-date, correct? Also, is OTP also layered on top of TLS, or can I directly send the text commands down the wire? Replying to myself, since Hani has already answered these questions in a separate message: Basically the docs I mentioned may not be up-to-date, and the wire protocol is lot layered on top of TLS. Best regards, Dario Teixeira ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
Hi, openvassd still uses OTP. It is the ospd-* scanners that use the OSP protocol. If you're still interested in communicating directly with openvassd, here is a little example on how to do it: $ echo -en '< OTP/2.0 >\nCLIENT <|> NVT_INFO\n' | ncat -U /usr/var/run/openvassd.sock You can find some very outdated OTP documentation here [1]. [1] http://www.openvas.org/compendium/openvas-compendium.html Thanks for the info! This should be enough to get me started. Though it's a shame the docs are out of date, at least the source code is available... ;-) Best regards, Dario Teixeira ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
Hi, OSP is not the same as OTP. OSP is meant to replace OTP in some kind of future, but the current openvassd does only talk OTP as Hani said. Thanks for the clarification. I jumped the gun, because I assumed OTP was already a thing of the past... If you're looking for scanners that can talk the 'OSP' protocol, you can find various example under the trunk/osp-servers directory in svn: https://wald.intevation.org/scm/viewvc.php/trunk/osp-servers/?root=openvas At the moment, none of them is able to process nasl code. Since I want to communicate with Openvassd, I reckon I'll need to talk OTP, at least for now. I've found some docs [1], which I trust are up-to-date, correct? Also, is OTP also layered on top of TLS, or can I directly send the text commands down the wire? Thanks again for your time! Best regards, Dario Teixeira [1] http://www.openvas.org/compendium/general-aspects-of-otp.html ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
On 2017-06-21 11:50, Dario Teixeira wrote: Hi, You're trying to use the manager protocol, which is used by the openvasmd not openvassd. Communicating with openvassd directly (over OTP) is for internal usage and is not recommended for external clients as it may change at any time. Thanks for the reply. I'm trying to communicate directly with Openvassd using the OSP protocol (formerly known as OTP, if I understand correctly). According to the docs [1], "" is part of the OSP API, which is why I'm puzzled it doesn't work. Note that I'm writing a daemon that replaces Openvasmd, which is why using OMP or relying on Openvasmd is not an option. Best regards, Dario Teixeira [1] http://docs.greenbone.net/API/OSP/osp-1.0.html openvassd still uses OTP. It is the ospd-* scanners that use the OSP protocol. If you're still interested in communicating directly with openvassd, here is a little example on how to do it: $ echo -en '< OTP/2.0 >\nCLIENT <|> NVT_INFO\n' | ncat -U /usr/var/run/openvassd.sock You can find some very outdated OTP documentation here [1]. [1] http://www.openvas.org/compendium/openvas-compendium.html Best regards, Hani. ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] OpenVAS not scanning when check setup appears
I am having the same issue. How long does a scan take? In my case I am stuck at "requested" for 1278 hosts, using a task with Scanner = "OpenVas Default" and scan config = "full and fast" root@openvas:~# ps aux |grep -i openvas root 1117 0.0 0.4 137000 9188 ?SL 13:31 0:00 /usr/sbin/openvassd root 1132 0.0 4.2 271284 86728 ?SL 13:31 0:05 openvasmd root 1306 0.1 4.6 274840 94620 ?S14:50 0:02 openvasmd: OTP: Handling scan 77dc447e-243e-404f-950b-e514cf8f46fa root 1311 0.0 0.0 168588 1368 ?Ss 14:50 0:00 gpg-agent --homedir /var/lib/openvas/openvasmd/gnupg --use-standard-socket --daemon root 1521 0.0 0.0 16272 936 pts/0S+ 15:28 0:00 grep --color=auto -i openvas root@openvas:~# ps aux |grep -i nmap root 1523 0.0 0.0 16272 932 pts/0S+ 15:28 0:00 grep --color=auto -i nmap ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner
On Wed, 21 Jun 2017 11:50:18 +0100 Dario Teixeirawrote: > Hi, > > > You're trying to use the manager protocol, which is used by the > > openvasmd not openvassd. Communicating with openvassd directly (over > > OTP) is for internal usage and is not recommended for external > > clients as it may change at any time. > > Thanks for the reply. I'm trying to communicate directly with > Openvassd using the OSP protocol (formerly known as OTP, if I > understand correctly). > According to the docs [1], "" is part of the OSP API, > which > is why I'm puzzled it doesn't work. OSP is not the same as OTP. OSP is meant to replace OTP in some kind of future, but the current openvassd does only talk OTP as Hani said. If you're looking for scanners that can talk the 'OSP' protocol, you can find various example under the trunk/osp-servers directory in svn: https://wald.intevation.org/scm/viewvc.php/trunk/osp-servers/?root=openvas At the moment, none of them is able to process nasl code. Regards, Ben. > Note that I'm writing a daemon > that replaces Openvasmd, which is why using OMP or relying on > Openvasmd is not > an option. > > Best regards, > Dario Teixeira > > [1] http://docs.greenbone.net/API/OSP/osp-1.0.html > > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss pgpVttCA5rmlK.pgp Description: OpenPGP digital signature ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss