Re: [Openvas-discuss] Making Web Credentials available to normal users
Hi Micha, Thanks for the prompt response. The reason I'd like to have this feature is that if a site is password protected from the homepage, the scanner cannot scan the entire site/pages beyond the login page if authentication credentials are not provided. Thanks - T On 27 April 2016 at 03:09, Michael Meyerwrote: > *** TN TN wrote: > > > Is it possible to allow a user to enter website credentials to a password > > protected site. > > Out of curiosity, why exactly will you do that? > > > If this doesnt currently exist is it on the roadmap? > > Yes, it is. > > Micha > > -- > Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 > http://www.greenbone.net/ > Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG > Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] Argh!!!
I am pulling my hair out getting this setup. Distributor ID: Ubuntu Description: Ubuntu 14.04.4 LTS Release: 14.04 Codename: trusty root@monkeyhill:~# apt-cache search openvas libopenvas2 - remote network security auditor - shared libraries libopenvas2-dev - remote network security auditor - static libraries and headers libopenvasnasl2 - OpenVAS shared libraries libopenvasnasl2-dev - OpenVAS static libraries and headers openvas-client - Remote network security auditor, the client openvas-plugins-base - remote network security auditor - basic plugins openvas-plugins-dfsg - remote network security auditor - plugins openvas-server - remote network security auditor - server openvas-server-dev - remote network security auditor - static libraries and headers openvas-scanner - remote network security auditor - scanner openvas-cli - remote network security auditor - cli openvas-manager - remote network security auditor - manager openvas - remote network security auditor - metapackage libopenvas8-dev - remote network security auditor - static libraries and headers libopenvas8 - remote network security auditor - shared libraries openvas-gsa - remote network security auditor - web interface libopenvas9-dev - remote network security auditor - static libraries and headers libopenvas9 - remote network security auditor - shared libraries openvas9-scanner - remote network security auditor - scanner openvas9-manager - remote network security auditor - manager openvas9 - remote network security auditor - metapackage openvas9-cli - remote network security auditor - cli openvas9-gsa - remote network security auditor - web interface root@monkeyhill:~# apt-get install openvas9 Reading package lists... Done Building dependency tree Reading state information... Done openvas9 is already the newest version. 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. root@monkeyhill:~# service openvas-scanner restart * Restarting openvas-scanner openvassd [ OK ] root@monkeyhill:~# service openvas-manager restart * Restarting openvas-manager openvasmd [ OK ] root@monkeyhill:~# service openvas-server restart root@monkeyhill:~# open open openvas-manage-certs openvas-migrate-to-postgres openvas-scapdata-sync openssl openvasmdopenvas-nvt-sync openvassd openvas-certdata-syncopenvasmd-sqlite openvas-portnames-update openvt root@monkeyhill:~# openvas-nvt-sync [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. [i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'. [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'. [i] NVT dir: /var/lib/openvas/plugins OpenVAS feed server - http://www.openvas.org/ This service is hosted by Intevation GmbH - http://intevation.de/ All transactions are logged. Please report synchronization problems to openvas-f...@intevation.de. If you have any other questions, please use the OpenVAS mailing lists or the OpenVAS IRC chat. See http://www.openvas.org/ for details. [i] Feed is already current, no synchronization necessary. root@monkeyhill:~# ./openvas-check-setup openvas-check-setup 2.3.3 Test completeness and readiness of OpenVAS-8 (add '--v6' or '--v7' or '--v9' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... ERROR: OpenVAS Scanner too old or too new: 5.1+beta2 FIX: Please install OpenVAS Scanner 5.0. HINT: Please see the --v6/7/8/9 command line options to check other major versions. ERROR: Your OpenVAS-8 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. root@monkeyhill:~# ./openvas-check-setup --v9 openvas-check-setup 2.3.3 Test completeness and readiness of OpenVAS-9 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and
[Openvas-discuss] ERROR: The number of NVTs in the OpenVAS Manager database is too low.
I am pulling my hair out getting this setup. root@monkeyhill:~# openvas-nvt-sync [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. [i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'. [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'. [i] NVT dir: /var/lib/openvas/plugins OpenVAS feed server - http://www.openvas.org/ This service is hosted by Intevation GmbH - http://intevation.de/ All transactions are logged. Please report synchronization problems to openvas-f...@intevation.de. If you have any other questions, please use the OpenVAS mailing lists or the OpenVAS IRC chat. See http://www.openvas.org/ for details. [i] Feed is already current, no synchronization necessary. root@monkeyhill:~# ./openvas-check-setup --v9 openvas-check-setup 2.3.3 Test completeness and readiness of OpenVAS-9 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.1+beta2. OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pem. OK: redis-server is present in version v=2.8.4. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis/redis.sock OK: redis-server is running and listening on socket: /var/run/redis/redis.sock. OK: redis-server configuration is OK and redis-server is running. OK: NVT collection in /var/lib/openvas/plugins contains 46769 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). OK: The NVT cache in /var/cache/openvas contains 46769 files for 46769 NVTs. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 6.1+beta2. OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clientcert.pem. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 155. OK: OpenVAS Manager expects database at revision 155. OK: Database schema is up to date. ERROR: The number of NVTs in the OpenVAS Manager database is too low. FIX: Make sure OpenVAS Scanner is running with an up-to-date NVT collection and run 'openvasmd --rebuild'. ERROR: Your OpenVAS-9 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. root@monkeyhill:~# openvasmd --rebuild --progress Rebuilding NVT cache... failed. root@monkeyhill:~# cat /tmp/openvas-check-setup.log openvas-check-setup 2.3.3 Mode: desktop Date: Wed, 27 Apr 2016 15:38:07 -0400 Checking for old OpenVAS Scanner <= 2.0 ... ./openvas-check-setup: 163: ./openvas-check-setup: openvasd: not found Checking presence of OpenVAS Scanner ... OpenVAS Scanner 5.1+beta2 Most new code since 2005: (C) 2015 Greenbone Networks GmbH Nessus origin: (C) 2004 Renaud Deraison License GPLv2: GNU GPL version 2 This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Checking OpenVAS Scanner version ... OK: OpenVAS Scanner is present in version 5.1+beta2. plugins_folder = /var/lib/openvas/plugins cache_folder = /var/cache/openvas include_folders = /var/lib/openvas/plugins max_hosts = 30 max_checks = 10 be_nice = no logfile = /var/log/openvas/openvassd.messages log_whole_attack = no log_plugins_name_at_load = no dumpfile = /var/log/openvas/openvassd.dump cgi_path = /cgi-bin:/scripts optimize_test = yes checks_read_timeout = 5 network_scan = no non_simult_ports = 139, 445 plugins_timeout = 320 safe_checks = yes auto_enable_dependencies = yes use_mac_addr = no nasl_no_signature_check = yes drop_privileges = no unscanned_closed = yes unscanned_closed_udp = yes vhosts = vhosts_ip = report_host_details = yes cert_file = /var/lib/openvas/CA/servercert.pem key_file = /var/lib/openvas/private/CA/serverkey.pem ca_file = /var/lib/openvas/CA/cacert.pem kb_location = /var/run/redis/redis.sock config_file = /etc/openvas/openvassd.conf Checking OpenVAS Scanner CA cert ... OK: OpenVAS Scanner CA Certificate
Re: [Openvas-discuss] tasks creation with OMP question
It could be because your last "" tag should read "". On Wed, Apr 27, 2016 at 1:10 PMwrote: > OK Thanks, So I did this: > > omp -h 127.0.0.1 -u admin -w my_password --xml=' > > Site Name > Site VLAN > > > > > max_checks > 6 > > > max_hosts > 25 > > > ' > > Now the command works, but the values are not changed accordingly. It's > still the default value (10 and 30 in my case). > I am confused by the being a "Compact name of preference, > from scanner." > > Any clarification there would be nice. > > Thanks ! > > - Mail original - > De: "mattm" > À: tato...@free.fr > Cc: "Eero Volotinen" , > openvas-discuss@wald.intevation.org > Envoyé: Mercredi 27 Avril 2016 18:48:19 > Objet: Re: [Openvas-discuss] tasks creation with OMP question > > > I alrady did, otherwise I wouldn't seek the mailing list for help... > > I looked at http://www.openvas.org/omp-6-0.html#command_create_task but > I still don't understand how I am suppose to achieve this. > > There's no NAME in PREFERENCES/PREFERENCE, just SCANNER_NAME. > > -- > Greenbone Networks GmbH > Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 > Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] tasks creation with OMP question
> I alrady did, otherwise I wouldn't seek the mailing list for help... > I looked at http://www.openvas.org/omp-6-0.html#command_create_task but I > still don't understand how I am suppose to achieve this. There's no NAME in PREFERENCES/PREFERENCE, just SCANNER_NAME. -- Greenbone Networks GmbH Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] tasks creation with OMP question
Take look of protocol specs.. 27.4.2016 7.22 ip.kirjoitti: > Thank you for your answer, but then how am I suppose to do this ? > > - Mail original - > De: "Eero Volotinen" > À: tato...@free.fr > Cc: openvas-discuss@wald.intevation.org > Envoyé: Mercredi 27 Avril 2016 18:17:35 > Objet: Re: [Openvas-discuss] tasks creation with OMP question > > > > Your are using non existent elemwnt > 27.4.2016 7.13 ip. < tato...@free.fr > kirjoitti: > > > Hello ! > > I am currently setting up an openvas dedicated machine to scan some of my > company's lab networks. Since the number of networks are quiet significant > I am using OMP to create tasks to openvas-manager. > > However, I have some problems creating the tasks I need. Currently, I > create simple tasks with the following command: > > omp -h 127.0.0.1 -u admin -w my_password --xml=' > > Site Name > Site VLAN > > > ' > > This works fine. Now, I would like to tune this a little bit, like > specifying the number of concurrent scans and number of simultaneous NVTs, > so I do the following: > > omp -h 127.0.0.1 -u admin -w my_password --xml=' > > Site Name > Site VLAN > > > > > Maximum concurrently executed NVTs per host > max_checks > 4 > > > Maximum concurrently scanned hosts > max_hosts > 20 > > > ' > > The command fails with the following error: > > status="400"> > > What exactly am I doing wrong here ? > > thanks a lot !! > ___ > Openvas-discuss mailing list > Openvas-discuss@wald.intevation.org > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss > ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
Re: [Openvas-discuss] tasks creation with OMP question
Thank you for your answer, but then how am I suppose to do this ? - Mail original - De: "Eero Volotinen"À: tato...@free.fr Cc: openvas-discuss@wald.intevation.org Envoyé: Mercredi 27 Avril 2016 18:17:35 Objet: Re: [Openvas-discuss] tasks creation with OMP question Your are using non existent elemwnt 27.4.2016 7.13 ip. < tato...@free.fr > kirjoitti: Hello ! I am currently setting up an openvas dedicated machine to scan some of my company's lab networks. Since the number of networks are quiet significant I am using OMP to create tasks to openvas-manager. However, I have some problems creating the tasks I need. Currently, I create simple tasks with the following command: omp -h 127.0.0.1 -u admin -w my_password --xml=' Site Name Site VLAN ' This works fine. Now, I would like to tune this a little bit, like specifying the number of concurrent scans and number of simultaneous NVTs, so I do the following: omp -h 127.0.0.1 -u admin -w my_password --xml=' Site Name Site VLAN Maximum concurrently executed NVTs per host max_checks 4 Maximum concurrently scanned hosts max_hosts 20 ' The command fails with the following error: What exactly am I doing wrong here ? thanks a lot !! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
[Openvas-discuss] tasks creation with OMP question
Hello ! I am currently setting up an openvas dedicated machine to scan some of my company's lab networks. Since the number of networks are quiet significant I am using OMP to create tasks to openvas-manager. However, I have some problems creating the tasks I need. Currently, I create simple tasks with the following command: omp -h 127.0.0.1 -u admin -w my_password --xml=' Site Name Site VLAN ' This works fine. Now, I would like to tune this a little bit, like specifying the number of concurrent scans and number of simultaneous NVTs, so I do the following: omp -h 127.0.0.1 -u admin -w my_password --xml=' Site Name Site VLAN Maximum concurrently executed NVTs per host max_checks 4 Maximum concurrently scanned hosts max_hosts 20 ' The command fails with the following error: What exactly am I doing wrong here ? thanks a lot !! ___ Openvas-discuss mailing list Openvas-discuss@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss