Closed c0y0te-git closed 3 years ago
There are a number of reasons this can happen. What kind of machine are you scanning? Is the scanner authenticating with the machine you are scanning? If you are getting logs, then it should be at a minimum connecting to the machine. Clear all the filters on the scan (The button with the 'X' on the top right.) and see if anything else whos up. Look in the hosts, and make sure you are not getting an 'x' in the "authenticated' column. ( It should have a shield with a check mark).
It sounds like the container bits are working well though. If you still have issues getting good results, you might want to check on the community forum to see if you can get some other ideas.
Same here. I'm scanning a whole /24 network and finding logs only. Tested with (really) older image (mikesplain/openvas) and lots of vulns found.
I had the same results. Ultimately the scan is saying terminated early. I did not see any logs that indicated what error message was thrown in any of the /var/local/gvm directory that indicated anything beyond a simple error message and that the task quit.
Just confirmed detection works as expected when using image tag 20.08.04.6.
That is odd... It's working fine for me in test and my production.
I am using the latest version. Could it be something to do with network config?
Sorry, that went early. I was going to ask if you were certain you are using the latest image. (It was updated 19 days ago.) Can you tell me how you are starting it? If you are using the docker-compose.yml from the github repo, it had a bug I fixed last week, so make sure you have the most recent.
There are a number of reasons this can happen. What kind of machine are you scanning? Is the scanner authenticating with the machine you are scanning? If you are getting logs, then it should be at a minimum connecting to the machine. Clear all the filters on the scan (The button with the 'X' on the top right.) and see if anything else whos up. Look in the hosts, and make sure you are not getting an 'x' in the "authenticated' column. ( It should have a shield with a check mark).
It sounds like the container bits are working well though. If you still have issues getting good results, you might want to check on the community forum to see if you can get some other ideas.
Turns out it was the default Fast and Full scan config that was made by the OpenVAS developers. I confirmed it effects more than just this docker image, it also effects the standalone OpenVAS that I built in a VM.
I recommend cloning the Fast and Full scan config and then looking through the settings and finding the "Port Scanner" option, and ensuring its on and set to nmap.
Let me know if anyone else discovers the same issue with the default Fast and Full scan config, and fixes it by cloning and editing in nmap for port scan.
Same here. I'm scanning a whole /24 network and finding logs only. Tested with (really) older image (mikesplain/openvas) and lots of vulns found.
I had the same results. Ultimately the scan is saying terminated early. I did not see any logs that indicated what error message was thrown in any of the /var/local/gvm directory that indicated anything beyond a simple error message and that the task quit.
Check out the settings on default Full and Fast scan config. Clone it, and then click "Edit" to look through them, see if Port Scanner is unchecked.
That is weird ...... Those default scan configs 'should' work. Those are pulled from Greenbne though, I have no control over them. I wonder if there was bungled-up set. Thank for the follow up. I'm going to close this out.
Confirmed. This worked! Thanks!
I'd like to re-open this as this shoudn't be the default.
(Installed the docker image yesterday and it's still the case)
First ... this is a REALLY old issue. Best to open a new one if you have a problem and reference this one. Second, the problem from this issue was actually with the Greenbone scanning config, unfortunately nothing I can do about that. The latest image is being used in multiple places, so i know it's good. I haven't tweaked it in weeks. If you still see an issue though, please open a new issue.
Thanks, Scott
Running a Full and Fast default scan on targets only produces logs, no actual vulnerabilities. Tested on VM with known vulnerabilities, and none were even able to be detected besides 0.0 (Log) severity ones.