Sniper dependencies and OpenVas/GVM-11

[digitizeddude]

I'm trying to build a standard build for sniper and Xerosecurity pro but i keep running in to inconsistent results. For example, arachni is no longer supported and therefore breaks and doesn't run if you do an upgrade to 2020.3 or 2020.4. Is the best version of Kali 2020.2 at the moment for it to run all aspects of sniper with no issues? IE: upgraded to 2020.4 using apt-get update -y && apt-get ugprade -y and Nessus stopped working and there were no results for the sniper vuln scan. I'm just looking for more consistency out of sniper. I'm assuming that at some point in time that there will be package changes but i keep running in to a lot of time wasted on just getting things to work. sniper and xerosecurity pro is great but i'm just asking for some guidance on how to get a more consistent result to expect when i run the tools. I've so far changed my routine to not run apt-get upgrade for now but any other suggestions would be great.

Also, any word on running GVM-11 integration with sniper? Out of curiousity, what version of Kali 2020 still runs openvas 9 do i need to run kali 2019?

I'm now running kali 2020.4 with sniper 8.9 and xerosecurity pro 8 but i'm doing a new Kali build that will hopefully bring me back to normal.

The software is great and it's very helpful. Thanks in advance for your help.

[1N3]

This is a problem for everyone (including myself...) unfortunately. The issue is Arachni is no longer maintained and uses older dependencies that were removed from newer Kali builds. However, if you have an older Kali image (ie. Kali 2020.2) and choose not to upgrade/update it, Arachni should still work. Same goes for the older OpenVAS integration (Greenbone Security Assistant v7.0). I still have both running successfully on a Kali 2019.4 image. The issue then is that the latest Nessus version/integration won't work on the old image. For this, I have a separate Kali 2020.4 image with all the latest code/integrations working successfully.

Long story short, there's not a great way around this without having separate images. You could however have a separate server/instance running for Nessus only and point your existing Sn1per conf at the Nessus server to launch vuln scans and keep your older Kali integrations in tact. Outside of this, we're working on adding and releasing GVM 11 add-on to Sn1per Professional v9.0 in the coming months which should help. Arachni however is a dead project and no longer maintained, so I don't see any solutions there aside from using Burpsuite Pro and OWASP Zap which are probably better anyways.

Hope that helps.

[digitizeddude]

Sorry, i didn't get to respond in time. I saw that you mentioned you are using Kali 2020.4 to use Nessus with it. Can you tell me what software from the architectural diagram from here (https://xerosecurity.com/wordpress/documentation/#system-requirements) doesn't work on Kali 2020.4? I tried to rebuild my older kali boxes cause i made the mistake to update so i'm stuck with a machine that is running 2020.4. The issue i'm finding however is that the conf files after the upgrade are no longer working for some reason. For example, vuln scans no longer pull up nessus and for some reason OWASP Zap doesn't launch. Was that an expected change or a bug whereby i would need to recreate the conf files? Thanks for the help and clarity.