[Openvas-discuss] openvas not sending any data

2017-06-21 Thread Michael Grant 
I'm running openvas9 on ubuntu that I installed from packages based on
instructions here https://launchpad.net/~mrazavi/+archive/ubuntu/openvas

I ran fast-and-full scan against a single host and I watched the status
move slowly towards 100% and at last marked as Done.

After a while, say when it was around 12%, I started a tcpdump to see what
it was sending but didn't see any packets destined for the host I was
testing.  Oddly, I can see ssh and other connections from this computer to
the scanned host, but openvas just seems not to be doing anything!

At the end of the scan, I click on the task and see there is one report.  I
click on the 1 and it tells me;
The report is empty. *The filter does not match any of 1 results.*

It's the same if I go to the Reports, there's no report!

Now I know it must have started sending data because the host knew it was
being port scanned but after a while, openvas just seemed to send nothing
at all.  I got a message from bitdefender blocking the port scan.  So it
must have done something early on.

So this is odd.  It seemed to start to scan but then I had no evidence of
it scanning, and at the end, I see no evidence of a report.  And no error
message either.  So it seems like it didn't work...

In the openvasmd log:

event task:MESSAGE:2017-06-21 22h22.44 UTC:12146: Status of task Immediate
scan of IP 10.89.1.1 (57016984-1f4a-497b-a2d2-794934868fbc) has changed to
Done

and the openvassd.messages
[Wed Jun 21 17:03:56 2017][8974] openvassd 5.1.1 started
[Wed Jun 21 17:13:10 2017][9320] Client not present
[Wed Jun 21 17:14:18 2017][8974] Reloading the scanner.
[Wed Jun 21 17:17:25 2017][8974] Finished reloading the scanner.
[Wed Jun 21 17:18:13 2017][10635] Client closed the communication
[Wed Jun 21 17:39:21 2017][8974] Received the Terminated signal
[Wed Jun 21 17:40:04 2017][11949] openvassd 5.1.1 started
[Wed Jun 21 17:41:07 2017][12044] Client closed the communication
[Wed Jun 21 17:55:46 2017][12145] Starts a new scan. Target(s) : 10.89.1.1,
with max_hosts = 30 and max_checks = 10
[Wed Jun 21 17:55:46 2017][12145] exclude_hosts: Skipped 0 host(s).
[Wed Jun 21 17:55:46 2017][12145] Testing 10.89.1.1 (10.89.1.1) [12158]
[Wed Jun 21 22:22:42 2017][12158] Finished testing 10.89.1.1. Time :
16015.78 secs
[Wed Jun 21 22:22:42 2017][12145] Test complete
[Wed Jun 21 22:22:42 2017][12145] Total time to scan all hosts : 16026
seconds

It did take 4 hours to complete, is this normal for a fast-and-full scan?

Suggestions?  Was it a mistake to try openvas 9?
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner

2017-06-21 Thread Dario Teixeira 

Hi,

Since I want to communicate with Openvassd, I reckon I'll need to talk 
OTP,
at least for now.  I've found some docs [1], which I trust are 
up-to-date,
correct?  Also, is OTP also layered on top of TLS, or can I directly 
send

the text commands down the wire?


Replying to myself, since Hani has already answered these questions in a
separate message:  Basically the docs I mentioned may not be up-to-date,
and the wire protocol is lot layered on top of TLS.

Best regards,
Dario Teixeira

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner

2017-06-21 Thread Dario Teixeira 

Hi,


openvassd still uses OTP. It is the ospd-* scanners that use the OSP
protocol. If you're still interested in communicating directly with
openvassd, here is a little example on how to do it:

$ echo -en '< OTP/2.0 >\nCLIENT <|> NVT_INFO\n' | ncat -U
/usr/var/run/openvassd.sock

You can find some very outdated OTP documentation here [1].

[1] http://www.openvas.org/compendium/openvas-compendium.html


Thanks for the info!  This should be enough to get me started.
Though it's a shame the docs are out of date, at least the source
code is available... ;-)

Best regards,
Dario Teixeira


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner

2017-06-21 Thread Dario Teixeira 

Hi,


OSP is not the same as OTP. OSP is meant to replace OTP in some kind of
future, but the current openvassd does only talk OTP as Hani said.


Thanks for the clarification.  I jumped the gun, because I assumed OTP
was already a thing of the past...



If you're looking for scanners that can talk the 'OSP' protocol, you
can find various example under the trunk/osp-servers directory in svn:

https://wald.intevation.org/scm/viewvc.php/trunk/osp-servers/?root=openvas

At the moment, none of them is able to process nasl code.


Since I want to communicate with Openvassd, I reckon I'll need to talk 
OTP,
at least for now.  I've found some docs [1], which I trust are 
up-to-date,
correct?  Also, is OTP also layered on top of TLS, or can I directly 
send

the text commands down the wire?

Thanks again for your time!
Best regards,
Dario Teixeira

[1] http://www.openvas.org/compendium/general-aspects-of-otp.html

___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner

2017-06-21 Thread Hani Benhabiles 

On 2017-06-21 11:50, Dario Teixeira wrote:

Hi,


You're trying to use the manager protocol, which is used by the
openvasmd not openvassd. Communicating with openvassd directly (over
OTP) is for internal usage and is not recommended for external clients
as it may change at any time.


Thanks for the reply.  I'm trying to communicate directly with 
Openvassd
using the OSP protocol (formerly known as OTP, if I understand 
correctly).
According to the docs [1], "" is part of the OSP API, 
which
is why I'm puzzled it doesn't work.  Note that I'm writing a daemon 
that
replaces Openvasmd, which is why using OMP or relying on Openvasmd is 
not

an option.

Best regards,
Dario Teixeira

[1] http://docs.greenbone.net/API/OSP/osp-1.0.html



openvassd still uses OTP. It is the ospd-* scanners that use the OSP 
protocol. If you're still interested in communicating directly with 
openvassd, here is a little example on how to do it:


$ echo -en '< OTP/2.0 >\nCLIENT <|> NVT_INFO\n' | ncat -U 
/usr/var/run/openvassd.sock


You can find some very outdated OTP documentation here [1].

[1] http://www.openvas.org/compendium/openvas-compendium.html

Best regards,

Hani.



___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] OpenVAS not scanning when check setup appears

2017-06-21 Thread GMF 
I am having the same issue. How long does a scan take? In my case I am stuck
at "requested" for 1278 hosts, using a task with Scanner = "OpenVas Default"
and scan config = "full and fast"

root@openvas:~# ps aux |grep -i openvas
root  1117  0.0  0.4 137000  9188 ?SL   13:31   0:00
/usr/sbin/openvassd
root  1132  0.0  4.2 271284 86728 ?SL   13:31   0:05 openvasmd
root  1306  0.1  4.6 274840 94620 ?S14:50   0:02 openvasmd:
OTP: Handling scan 77dc447e-243e-404f-950b-e514cf8f46fa
root  1311  0.0  0.0 168588  1368 ?Ss   14:50   0:00 gpg-agent
--homedir /var/lib/openvas/openvasmd/gnupg --use-standard-socket --daemon
root  1521  0.0  0.0  16272   936 pts/0S+   15:28   0:00 grep
--color=auto -i openvas
root@openvas:~# ps aux |grep -i nmap
root  1523  0.0  0.0  16272   932 pts/0S+   15:28   0:00 grep
--color=auto -i nmap


___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss

Re: [Openvas-discuss] Communicating directly with the OpenVAS scanner

2017-06-21 Thread BenoƮt Allard 
On Wed, 21 Jun 2017 11:50:18 +0100
Dario Teixeira  wrote:

> Hi,
> 
> > You're trying to use the manager protocol, which is used by the
> > openvasmd not openvassd. Communicating with openvassd directly (over
> > OTP) is for internal usage and is not recommended for external
> > clients as it may change at any time.
> 
> Thanks for the reply.  I'm trying to communicate directly with
> Openvassd using the OSP protocol (formerly known as OTP, if I
> understand correctly).
> According to the docs [1], "" is part of the OSP API, 
> which
> is why I'm puzzled it doesn't work.

OSP is not the same as OTP. OSP is meant to replace OTP in some kind of
future, but the current openvassd does only talk OTP as Hani said.

If you're looking for scanners that can talk the 'OSP' protocol, you
can find various example under the trunk/osp-servers directory in svn:

https://wald.intevation.org/scm/viewvc.php/trunk/osp-servers/?root=openvas

At the moment, none of them is able to process nasl code.

Regards,
Ben.

>  Note that I'm writing a daemon
> that replaces Openvasmd, which is why using OMP or relying on
> Openvasmd is not
> an option.
> 
> Best regards,
> Dario Teixeira
> 
> [1] http://docs.greenbone.net/API/OSP/osp-1.0.html
> 
> ___
> Openvas-discuss mailing list
> Openvas-discuss@wald.intevation.org
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



pgpVttCA5rmlK.pgp
Description: OpenPGP digital signature
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss