Error while running command openvas_connect: uninitialized constant OpenVASOMP::OMPConnectionError

[Isodoro]

Steps to reproduce

Sorry... me again! :-)

I might be being a muppet but I can't get Metasploit to connect to OpenVAS. All the forum stuff I've searched for has been older versions etc.

This is a fresh 2024 build with spec as follows:

Linux kali 6.6.9-amd64 #1 SMP PREEMPT_DYNAMIC Kali 6.6.9-1kali1 (2024-01-08) x86_64 GNU/Linux ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu] OpenVAS 22.7.9 gvm-libs 22.7.3

How'd you do it?

1. Latest build of Kali, Metasploit & OpenVAS installed
2. Loading msf and the openvas module (all good)
3. Using the openvas_connect however is failing

Were you following a specific guide/tutorial or reading documentation?

The OpenVAS build was followed from: https://www.kali.org/tools/gvm/ Both products work fine independently.

If yes link the guide/tutorial or documentation you were following here, otherwise you may omit this section.

Expected behavior

What should happen?

msf should connect to the OpenVAS app

Current behavior

What happens instead?

msf6 > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS

Now when I try to connect to 9392 with an admin account I created (tried admin as well) I get the following:

msf6 > **openvas_connect msfconsole msfconsole 127.0.0.1 9392 ok**
[*] Connecting to OpenVAS instance at 127.0.0.1:9392 with username msfconsole...
[-] Error while running command openvas_connect: uninitialized constant OpenVASOMP::OMPConnectionError

I also tried the local IP (192.168.x.x)

Call stack:
/usr/share/metasploit-framework/plugins/openvas.rb:189:in `rescue in cmd_openvas_connect'
/usr/share/metasploit-framework/plugins/openvas.rb:183:in `cmd_openvas_connect'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:in `run_command'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in `block in run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `each'
/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in `run_single'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:165:in `block in run'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:309:in `block in with_history_manager_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:35:in `with_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:306:in `with_history_manager_context'
/usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:133:in `run'
/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in `start'
/usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
/usr/bin/msfconsole:23:in `<main>'
msf6 > 

Metasploit version

msf6 > version Framework: 6.3.55-dev Console : 6.3.55-dev

Additional Information

In terms of ports LISTENING on the host:

└─$ sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name    
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN      133        19786      3467/gsad           
tcp        0      0 127.0.0.1:5432          0.0.0.0:*               LISTEN      130        13907      3330/postgres       
tcp        0      0 127.0.0.1:1883          0.0.0.0:*               LISTEN      131        12892      3318/mosquitto      
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      133        20530      3469/gsad           
tcp6       0      0 ::1:5432                :::*                    LISTEN      130        13906      3330/postgres       
tcp6       0      0 ::1:1883                :::*                    LISTEN      131        12893      3318/mosquitto

For awareness on what is installed on the host:

└─$ sudo apt search openvas          
Sorting... Done
Full Text Search... Done
greenbone-security-assistant/kali-rolling,kali-rolling,now 22.9.1-1 all [installed,automatic]
gvm/kali-rolling,kali-rolling,now 23.11.1 all [installed]
gvmd/kali-rolling,now 23.1.0-1 amd64 [installed,automatic]
gvmd-common/kali-rolling,kali-rolling,now 23.1.0-1 all [installed,automatic]
openvas-scanner/kali-rolling,now 22.7.9-1 amd64 [installed,automatic]
ospd-openvas/kali-rolling,kali-rolling,now 22.6.2-1 all [installed,automatic]
postgresql-16-pg-gvm/kali-rolling 22.6.4-0kali1 amd64 [upgradable from: 22.6.2-1kali1]

The openvas settings:

└─$ sudo openvas -s                  
mqtt_server_uri = localhost:1883
timeout_retry = 3
max_checks = 10
optimize_test = yes
auto_enable_dependencies = yes
checks_read_timeout = 5
time_between_request = 0
allow_simultaneous_ips = yes
non_simult_ports = 139, 445, 3389, Services/irc
drop_privileges = no
log_whole_attack = no
nasl_no_signature_check = yes
cgi_path = /cgi-bin:/scripts
max_hosts = 30
debug_tls = 0
open_sock_max_attempts = 5
config_file = /etc/openvas/openvas.conf
test_alive_wait_timeout = 3
vendor_version = 
safe_checks = yes
scanner_plugins_timeout = 36000
include_folders = /var/lib/openvas/plugins
plugins_timeout = 320
log_plugins_name_at_load = no
plugins_folder = /var/lib/openvas/plugins
unscanned_closed = yes
test_empty_vhost = no
report_host_details = yes
expand_vhosts = yes
test_alive_hosts_only = yes
db_address = /var/run/redis-openvas/redis-server.sock
unscanned_closed_udp = yes

Framework: 6.3.55-dev
Ruby: ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux-gnu]
OpenSSL: OpenSSL 3.1.4 24 Oct 2023
Install Root: /usr/share/metasploit-framework
Session Type: Connected to msf. Connection type: postgresql.
Install Method: Other - Please specify

[dwelch-r7]

I think this PR here should resolve your issue if you wanted to give it a quick test https://github.com/rapid7/metasploit-framework/pull/18959

[Isodoro]

Hi,

Thanks for the response :-)

I manually edited my openvas.rb file with your line 189 change from #18959 The result as follows:

msf6 > openvas_connect msfconsole msfconsole 127.0.0.1 9392 [*] Connecting to OpenVAS instance at 127.0.0.1:9392 with username msfconsole... [-] Error while running command openvas_connect: undefined method `timeout' for #<OpenVASOMP::OpenVASOMP:0x00007f2ef9ee01b8 @host="127.0.0.1", @port="9392", @user="msfconsole", @password="msfconsole", @bufsize=16384, @debug=0, @areq="", @read_timeout=3, @plain_socket=#<TCPSocket:fd 11, AF_INET, 127.0.0.1, 45912>, @socket=#<OpenSSL::SSL::SSLSocket:0x00007f2ef9ee4c40 @context=#<OpenSSL::SSL::SSLContext:0x00007f2ef9ee59b0 @verify_mode=0, @verify_hostname=false>, @io=#<TCPSocket:fd 11, AF_INET, 127.0.0.1, 45912>, @eof=false, @rbuffer="", @sync=true, @sync_close=true, @wbuffer="">, @rbuf="">

Call stack: /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in sendrecv' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:303:inlogin' /usr/share/metasploit-framework/vendor/bundle/ruby/3.1.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:138:in initialize' /usr/share/metasploit-framework/plugins/openvas.rb:185:innew' /usr/share/metasploit-framework/plugins/openvas.rb:185:in cmd_openvas_connect' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:581:inrun_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:530:in block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:ineach' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:524:in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:165:inblock in run' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:309:in block in with_history_manager_context' /usr/share/metasploit-framework/lib/rex/ui/text/shell/history_manager.rb:35:inwith_context' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:306:in with_history_manager_context' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:133:inrun' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:54:in start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:instart' /usr/bin/msfconsole:23:in `

'

[dwelch-r7]

ah, damn alright, thanks for dropping the stacktrace, was hoping I could get away without setting it up, I'll have a crack at fixing it when I get but feel free to throw up a PR if you wanna have a crack at fixing it yourself

[Isodoro]

no worries - I'm learning to code currently (very much a beginner)... this is all a bit new to me I'm going to have a stab at working it out. If I manage to pull it off I'll post for sure. Don't hold your breath though! :-)

[dwelch-r7]

Ah ok so @Isodoro I did a little more digging and it looks like that's a pretty old unmaintained gem we're using https://rubygems.org/gems/openvas-omp

the issue seems to lie in the gem itself rather than in framework itself so I'm afraid getting this working would be more effort than I would have expected

[Isodoro]

Hi - Thanks for looking! Appreciated.

Completely understand - I tried a few things but nowhere near your level of expertise. I'd probably pull the "load openvas" option away from the next release btw.

Appears that the gvm-cli tools would be the way to move forward with this, however time consuming just for the sake of this automation. REF: https://github.com/greenbone/gvm-tools

Quick question: Do you know if the Nessus integration works?

if you want to close this ticket off feel free :-)

[adfoster-r7]

I think this partial pull request was making things better for openvas, but there was some more fixes to make: https://github.com/rapid7/metasploit-framework/pull/13944

Although it wasn't finished work, maybe that pull request would fix whatever issues are currently being hit

Edit: Also this thread: https://github.com/rapid7/metasploit-framework/issues/13797