Closed pretech86 closed 3 years ago
Mixeway is just an orchestration tool, You need to have somewhere installed scanner (of specific type) for example when You run OpenVAS in docker API url is: https://localist:
i run openvas on https://127.0.0.1:9392 and i put it in admin setting in Mixeway but still in acvtive i didnt run openvas on docker , i must do this ?
You must be sure to enable openvas manager listening on 9392 port, enter proper auth data and select “openVAS Socket” scanner if still test will fail please provide MixewayBackend docker logs
I will update docs on Mixeway.github.io to make it as easy as it is possible
still the same
root@kali:~/tools/vulnrbilities_scanners/MixewayHub# docker-compose up
Starting MixerDB ... done
Starting MixerBackend ... done
Starting MixerFrontend ... done
Attaching to MixerDB, MixerBackend, MixerFrontend
MixerDB |
MixerDB | PostgreSQL Database directory appears to contain a database; Skipping initialization
MixerDB |
MixerDB | 2020-05-21 14:08:35.944 UTC [1] LOG: starting PostgreSQL 12.3 (Debian 12.3-1.pgdg100+1) on x8664-pc-linux-gnu, compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
MixerDB | 2020-05-21 14:08:35.959 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
MixerDB | 2020-05-21 14:08:35.959 UTC [1] LOG: listening on IPv6 address "::", port 5432
MixerDB | 2020-05-21 14:08:36.021 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
MixerDB | 2020-05-21 14:08:36.158 UTC [25] LOG: database system was shut down at 2020-05-21 14:02:33 UTC
MixerDB | 2020-05-21 14:08:36.392 UTC [1] LOG: database system is ready to accept connections
MixerBackend | 2020-05-21 14:08:47.747 INFO 1 --- [ main] trationDelegate$BeanPostProcessorChecker : Bean 'org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration' of type [org.springframework.cloud.autoconfigure.ConfigurationPropertiesRebinderAutoConfiguration] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
MixerBackend | 2020-05-21 14:08:51.301 INFO 1 --- [ main] o.s.s.c.ThreadPoolTaskScheduler : Initializing ExecutorService
MixerBackend |
MixerBackend | . ____
MixerBackend | /\ / __' () _ \ \ \ \
MixerBackend | ( ( )__ | ' | '| | ' \/ _` | \ \ \ \
MixerBackend | \/ _)| |)| | | | | || (| | ) ) ) )
MixerBackend | ' |__| ._|| ||| |_, | / / / /
MixerBackend | =========|_|==============|__/=////
MixerBackend | :: Spring Boot :: (v2.2.1.RELEASE)
MixerBackend |
MixerBackend | 2020-05-21 14:08:58.181 WARN 1 --- [ main] o.s.v.a.LifecycleAwareSessionManager : Cannot enhance VaultToken to a LoginToken: Token self-lookup failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://default:8200/v1/auth/token/lookup-self": default: Name does not resolve; nested exception is java.net.UnknownHostException: default: Name does not resolve
MixerBackend | 2020-05-21 14:08:58.205 WARN 1 --- [ main] LeaseEventPublisher$LoggingErrorListener : [RequestedSecret [path='secret/default/prod', mode=ROTATE]] Lease [leaseId='null', leaseDuration=PT0S, renewable=false] I/O error on GET request for "http://default:8200/v1/secret/default/prod": default; nested exception is java.net.UnknownHostException: default
MixerBackend |
MixerBackend | org.springframework.web.client.ResourceAccessException: I/O error on GET request for "http://default:8200/v1/secret/default/prod": default; nested exception is java.net.UnknownHostException: default
MixerBackend | at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:751) ~[spring-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
MixerBackend | at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:677) ~[spring-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
MixerBackend | at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:318) ~[spring-web-5.2.1.RELEASE.jar!/:5.2.1.RELEASE]
MixerBackend | at org.springframework.vault.core.VaultTemplate.lambda$doRead$5(VaultTemplate.java:401) ~[spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.VaultTemplate.doWithSession(VaultTemplate.java:388) ~[spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.VaultTemplate.doRead(VaultTemplate.java:398) ~[spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.VaultTemplate.read(VaultTemplate.java:290) ~[spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.lease.SecretLeaseContainer.doGetSecrets(SecretLeaseContainer.java:662) [spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.lease.SecretLeaseContainer.start(SecretLeaseContainer.java:396) [spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.lease.SecretLeaseContainer.addRequestedSecret(SecretLeaseContainer.java:355) [spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.loadProperties(LeaseAwareVaultPropertySource.java:184) [spring-vault-core-2.2.0.RELEASE.jar!/:2.2.0.RELEASE]
MixerBackend | at org.springframework.vault.core.env.LeaseAwareVaultPropertySource.
Just briefly looking at the logs I cannnkt see you “clicking” test button. After adding scanner at the right You have three buttons, the middle one is to test the data provided, if everything is ok scanner is activated. I will intoroduce PR in few hours where test will be triggered automatically after scanner save
Please provide version of openvas I will try to reproduce the error
OpenVAS Scanner 5.1.3
and this is the log after failed to active open vas
MixerBackend | 2020-05-22 14:00:20.220 INFO 1 --- [nio-8443-exec-8] i.m.r.a.service.AdminScannerRestService : admin - Created new scanner of OpenVAS with apiurl https://127.0.0.1:9392 MixerFrontend | 172.18.0.1 - - [22/May/2020:14:00:20 +0000] "PUT /v2/api/admin/scanner/add HTTP/1.1" 201 47 "https://localhost/pages/admin" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" MixerFrontend | 172.18.0.1 - - [22/May/2020:14:00:20 +0000] "GET /v2/api/admin/scanners HTTP/1.1" 200 253 "https://localhost/pages/admin" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"
I am afraid that it won’t work. Current integration was tested using OpenVAS 9(it has updated API for openvasmd socket).
It is really easy to give it a shot as there is docker available - https://hub.docker.com/r/mikesplain/openvas/
i installed openvas by docker and run it
==> /var/log/openvas/openvassd.messages <== [Thu Apr 4 14:03:34 2019][843] openvassd 5.1.3 started [Thu Apr 4 14:06:02 2019][973] Client not present [Thu Apr 4 14:06:05 2019][843] Received the Terminated signal [Sat May 23 13:32:21 2020][36] openvassd 5.1.3 started [Sat May 23 13:40:00 2020][95] Client not present
and changed port in docker-compose.yaml file in mixwwayhub folder and run it and it run but i cant run it on browser
MixerBackend | 2020-05-23 14:14:42.106 INFO 1 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8443 (https) with context path '' MixerBackend | 2020-05-23 14:14:42.299 INFO 1 --- [ main] io.mixeway.MixeWayApp : Started MixeWayApp in 177.043 seconds (JVM running for 192.095) MixerBackend | 2020-05-23 14:24:16.134 INFO 1 --- [nio-8443-exec-6] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' MixerBackend | 2020-05-23 14:24:16.148 INFO 1 --- [nio-8443-exec-6] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' MixerBackend | 2020-05-23 14:24:18.387 INFO 1 --- [nio-8443-exec-6] o.s.web.servlet.DispatcherServlet : Completed initialization in 2239 ms MixerBackend | 2020-05-23 14:24:19.510 ERROR 1 --- [nio-8443-exec-6] io.mixeway.rest.utils.LoginUtil : Request with no credentials MixerBackend | 2020-05-23 14:24:19.878 ERROR 1 --- [nio-8443-exec-9] io.mixeway.rest.utils.LoginUtil : Request with no credentials
Appologies for late anwser.
Using provided OpenVAS docker configuration in Mixeway should be as follow: Scanner Type: OpenVAS API URL: https://localhost:9390 username: admin password: admin
after scanner is saved You should be able to successfully test the configuration. In provided docker of OpenVAS openvas-manager which is responsible for handling API calls is listening on 9390 port so be sure to include it in docker run command (-p 9390:9390)
thanks for the tool but what you mean by api url because i try to add scanner but still inactive