1N3 / Sn1per

Attack Surface Management Platform
https://sn1persecurity.com
Other
8.06k stars 1.85k forks source link

Openvas not working #257

Closed researchlab17 closed 4 years ago

researchlab17 commented 4 years ago

tried both ports 9390 which is default and port 9392 which is what works for the web console on my setup, niether one works. Any reccomendations, proper password is also set.

====================================================================================•x2020-03-17x• RUNNING OPENVAS VULNERABILITY SCAN ====================================================================================•x2020-03-17x• One command option must be present. -:1.1: Document is empty

^ One command option must be present. -:1.1: Document is empty

^ One command option must be present. REPORT_ID: No report ID found. Listing scan tasks: One command option must be present. ====================================================================================•x2020-03-17x• DONE ====================================================================================•x2020-03-17x•

1N3 commented 4 years ago

hey, apologies for the delay. Make sure you are editing your ~/.sniper.conf file where ~ is your home directory (typically /root/.sniper.conf). The default port is 9390. If that still doesn't work, let me know.

researchlab17 commented 4 years ago

Confirmed both conf files are configured correctly, as is Openvas, running basic tests itself without issue. What else can we try? We've tried using it in a vanilla and production environment now and it would be really nice to automate Openvas in this way.

====================================================================================•x2020-03-24x• RUNNING OPENVAS VULNERABILITY SCAN ====================================================================================•x2020-03-24x• REPORT_ID: No report ID found. Listing scan tasks: ====================================================================================•x2020-03-24x• DONE ====================================================================================•x2020-03-24x•


___ / _/__ __ / / \ / // \/ _ \/ _/ (_ ) / / // // // / / / /_// /_/__/ ./__// /_/

researchlab17 commented 4 years ago

We just by chance updated the password in the original git folder and we are getting a new result, but still no scan, same issue no report id found?

====================================================================================•x2020-03-24x• RUNNING OPENVAS VULNERABILITY SCAN ====================================================================================•x2020-03-24x• Scanning target: [REDACTED URL]


Listing OpenVAS version...

Listing OpenVAS targets...

Listing OpenVAS tasks...

Creating scan task...

REPORT_ID:

No report ID found. Listing scan tasks: ====================================================================================•x2020-03-24x• DONE ====================================================================================•x2020-03-24x•

researchlab17 commented 4 years ago

Seems the vulnscan and massvulnscan scripts are still kitted for the older versions of OpenVAS

researchlab17 commented 4 years ago

Upon further modification to vulnscan I've noticed that the "config id" was set for original builders setup working on modification set for my build, will report back more tomorrow when I return to this machine. Hopefully we can all figure this out and use it for ourselves!

1N3 commented 4 years ago

Yeah, keep me posted... I've only tested this from Kali Linux 2019.4 and 2020.1 with OpenVAS 9.0.3 so far and both work fine for me.

researchlab17 commented 4 years ago

Yeah no luck, can you try setting up a new VM and see if you're having the same issue?

lubosm commented 4 years ago

I have tested this with Snlper v8.2 and OpenVAS 9.0.3kali1 and the result is the same :( ===================================================================================•x2020-04-13x• RUNNING OPENVAS VULNERABILITY SCAN ====================================================================================•x2020-04-13x• One command option must be present. -:1.1: Document is empty

^ One command option must be present. -:1.1: Document is empty

^ One command option must be present. REPORT_ID: No report ID found. Listing scan tasks: One command option must be present. ====================================================================================•x2020-04-13x• DONE ====================================================================================•x2020-04-13x•

1N3 commented 4 years ago

If OpenVAS isn't working, please try running the following command to verify that the omp client can communicate with OpenVAS. You will need to replace the variables with the appropriate host, port, user/pass to work:

omp -h $OPENVAS_HOST -p $OPENVAS_PORT -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -O

If this works, it should output the OpenVAS version.