search

immauss / openvas

Containers for running the Greenbone Vulnerability Manager. Run as a single container with all services or separate single applications containers via docker-compose.
GNU Affero General Public License v3.0
354 stars 102 forks source link

Not finding any vulnerabilities but logs. #69

Closed c0y0te-git closed 2 years ago

c0y0te-git commented 2 years ago

Running a Full and Fast default scan on targets only produces logs, no actual vulnerabilities. Tested on VM with known vulnerabilities, and none were even able to be detected besides 0.0 (Log) severity ones.

immauss commented 2 years ago

There are a number of reasons this can happen. What kind of machine are you scanning? Is the scanner authenticating with the machine you are scanning? If you are getting logs, then it should be at a minimum connecting to the machine. Clear all the filters on the scan (The button with the 'X' on the top right.) and see if anything else whos up. Look in the hosts, and make sure you are not getting an 'x' in the "authenticated' column. ( It should have a shield with a check mark).

It sounds like the container bits are working well though. If you still have issues getting good results, you might want to check on the community forum to see if you can get some other ideas.

https://community.greenbone.net/

juradoz commented 2 years ago

Same here. I'm scanning a whole /24 network and finding logs only. Tested with (really) older image (mikesplain/openvas) and lots of vulns found. image

lpingree commented 2 years ago

I had the same results. Ultimately the scan is saying terminated early. I did not see any logs that indicated what error message was thrown in any of the /var/local/gvm directory that indicated anything beyond a simple error message and that the task quit.

juradoz commented 2 years ago

Just confirmed detection works as expected when using image tag 20.08.04.6.

image

immauss commented 2 years ago

That is odd... It's working fine for me in test and my production. image

lpingree commented 2 years ago

I am using the latest version. Could it be something to do with network config?

immauss commented 2 years ago

Sorry, that went early. I was going to ask if you were certain you are using the latest image. (It was updated 19 days ago.) Can you tell me how you are starting it? If you are using the docker-compose.yml from the github repo, it had a bug I fixed last week, so make sure you have the most recent.

c0y0te-git commented 2 years ago

There are a number of reasons this can happen. What kind of machine are you scanning? Is the scanner authenticating with the machine you are scanning? If you are getting logs, then it should be at a minimum connecting to the machine. Clear all the filters on the scan (The button with the 'X' on the top right.) and see if anything else whos up. Look in the hosts, and make sure you are not getting an 'x' in the "authenticated' column. ( It should have a shield with a check mark).

It sounds like the container bits are working well though. If you still have issues getting good results, you might want to check on the community forum to see if you can get some other ideas.

https://community.greenbone.net/

Turns out it was the default Fast and Full scan config that was made by the OpenVAS developers. I confirmed it effects more than just this docker image, it also effects the standalone OpenVAS that I built in a VM.

I recommend cloning the Fast and Full scan config and then looking through the settings and finding the "Port Scanner" option, and ensuring its on and set to nmap.

Let me know if anyone else discovers the same issue with the default Fast and Full scan config, and fixes it by cloning and editing in nmap for port scan.

c0y0te-git commented 2 years ago

Same here. I'm scanning a whole /24 network and finding logs only. Tested with (really) older image (mikesplain/openvas) and lots of vulns found. image

I had the same results. Ultimately the scan is saying terminated early. I did not see any logs that indicated what error message was thrown in any of the /var/local/gvm directory that indicated anything beyond a simple error message and that the task quit.

Check out the settings on default Full and Fast scan config. Clone it, and then click "Edit" to look through them, see if Port Scanner is unchecked.

immauss commented 2 years ago

That is weird ...... Those default scan configs 'should' work. Those are pulled from Greenbne though, I have no control over them. I wonder if there was bungled-up set. Thank for the follow up. I'm going to close this out.

lpingree commented 2 years ago

Confirmed. This worked! Thanks!

jsuelwald commented 2 years ago

I'd like to re-open this as this shoudn't be the default.

(Installed the docker image yesterday and it's still the case)

immauss commented 2 years ago

First ... this is a REALLY old issue. Best to open a new one if you have a problem and reference this one. Second, the problem from this issue was actually with the Greenbone scanning config, unfortunately nothing I can do about that. The latest image is being used in multiple places, so i know it's good. I haven't tweaked it in weeks. If you still see an issue though, please open a new issue.

Thanks, Scott