Closed R3nPi2 closed 8 years ago
Verified the plugin now uses/displays/accepts the openvas ID values.
Hello - where is this FIX? I am having this issue and trying to resolve. I have re-installed open-vas and metasploit with no avail.
Hi, how did you install Metasploit? I'd suggest verifying that you are using a version of Metasploit newer than this PR.
It is just installed with Kali - version 4.14.0-dev.
ok @eraddatz , sounds like the fix for this particular issue should be in place then. Can you give a little more detail about what you're seeing?
msf > load openvas
! Omit
[*] Successfully loaded plugin: OpenVAS
----
msf > openvas_connect vas vas 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username vas...
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful
! Trying to do a scan within msfconsole - so I Load Config List - the ID's should be in Numeral format but are UID strings.
msf > openvas_config_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configs
ID Name
-- ----
085569ce-73ed-11df-83c3-002264764cea empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery
698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea Full and very deep
74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery
bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery
daba56c8-73ec-11df-a475-002264764cea Full and fast
! For Fun I try to load one of the tasks with openvas_task_start IDstring
msf > openvas_task_start daba56c8-73ec-11df-a475-002264764cea
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='404' status_text='Failed to find task 'daba56c8-73ec-11df-a475-002264764cea''/></X>
I am trying to do the scan inside the msfconsole after loading openvas. This was the same issue outlined in the document so it seemed like the same issue. I also get this exact same issue on another machine. I just loaded Metasploit-framework 4.14.0-dev and openvas version 9 on my Ubuntu machine and I get the exact same results.
That was maybe not so clear - any function where you should see ID #'s - the openvas plugin shows UID's instead and the UID's do not exist so nothing can function.
Such as openvas_format_list, target_list, config_list. All documentation for steps to use openvas inside of msfconsole shows that these should be numbers 0-99 for example and not UID strings.
msf > openvas_format_list
ID Name Extension Summary
-- ---- --------- -------
5057e5cc-b825-11e4-9d0e-28d24461215b Anonymous XML xml Anonymous version of the raw XML report
openvas_target_list
+] OpenVAS list of targets
ID Name Hosts Max Hosts In Use Comment
-- ---- ----- --------- ------ -------
6d57eb06-4a22-438c-aec8-e3351701d6f1
!Omit
openvas_config_list
[+] OpenVAS list of configs
ID Name
-- ----
085569ce-73ed-11df-83c3-002264764cea empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery
! Omit
I think I have posted this in alternate issue. I see that this page lists this issue more clearly.
Hi @eraddatz. We definitely should be using the UID values with the plugin, sounds like the documentation needs updating. As far as the broken behavior you're experiencing, I can take a deeper look at this tomorrow (and fixup the documentation while I'm at it).
So I looked into this, it appears to be working correctly. When I connect to my OpenVAS server via the MSF plugin, I see valid IDs (which do look like UUIDs, but it's still valid to call them IDs, IMO), and I can log into the OpenVAS UI via my Chrome browser and verify those IDs are, indeed, ones associated with the information I'm getting from the plugin.
W.r.t. to your example of openvas_task_start
returning an error, it appears that a task was never created first. If I do the same steps and create the task before starting it, it all works as expected:
$ ./msfconsole -q
msf > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*]
[*] OpenVAS integration requires a database connection. Once the
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*]
[*] Successfully loaded plugin: OpenVAS
msf> openvas_connect admin admin 10.0.2.7 9390
[-] Warning: SSL connections are not verified in this release, it is possible for an attacker
[-] with the ability to man-in-the-middle the OpenVAS traffic to capture the OpenVAS
[-] credentials. If you are running this on a trusted network, please pass in 'ok'
[-] as an additional parameter to this command.
msf > openvas_connect admin admin 10.0.2.7 9390 ok
[*] Connecting to OpenVAS instance at 10.0.2.7:9390 with username admin...
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful
msf > openvas_config_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configs
ID Name
-- ----
085569ce-73ed-11df-83c3-002264764cea empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery
698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea Full and very deep
74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery
bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery
daba56c8-73ec-11df-a475-002264764cea Full and fast
msf > openvas_format_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of report formats
ID Name Extension Summary
-- ---- --------- -------
5057e5cc-b825-11e4-9d0e-28d24461215b Anonymous XML xml Anonymous version of the raw XML report
50c9950a-f326-11e4-800c-28d24461215b Verinice ITG vna Greenbone Verinice ITG Report, v1.0.1.
5ceff8ba-1f62-11e1-ab9f-406186ea4fc5 CPE csv Common Product Enumeration CSV table.
6c248850-1f62-11e1-b082-406186ea4fc5 HTML html Single page HTML report.
77bd6c4a-1f62-11e1-abf0-406186ea4fc5 ITG csv German "IT-Grundschutz-Kataloge" report.
9087b18c-626c-11e3-8892-406186ea4fc5 CSV Hosts csv CSV host summary.
910200ca-dc05-11e1-954f-406186ea4fc5 ARF xml Asset Reporting Format v1.0.0.
9ca6fe72-1f62-11e1-9e7c-406186ea4fc5 NBE nbe Legacy OpenVAS report.
9e5e5deb-879e-4ecc-8be6-a71cd0875cdd Topology SVG svg Network topology SVG image.
a3810a62-1f62-11e1-9219-406186ea4fc5 TXT txt Plain text report.
a684c02c-b531-11e1-bdc2-406186ea4fc5 LaTeX tex LaTeX source file.
a994b278-1f62-11e1-96ac-406186ea4fc5 XML xml Raw XML report.
c15ad349-bd8d-457a-880a-c7056532ee15 Verinice ISM vna Greenbone Verinice ISM Report, v1.1.10.
c1645568-627a-11e3-a660-406186ea4fc5 CSV Results csv CSV result list.
c402cc3e-b531-11e1-9163-406186ea4fc5 PDF pdf Portable Document Format report.
msf > openvas_target_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of targets
ID Name Hosts Max Hosts In Use Comment
-- ---- ----- --------- ------ -------
b493b7a8-7489-11df-a3ec-002264764cea Localhost localhost 1 0
msf > openvas_task_create
[*] Usage: openvas_task_create <name> <comment> <config_id> <target_id>
msf > openvas_task_create my-task "just a quick test" 8715c877-47a0-438d-98a3-27c7a6ab2196 b493b7a8-7489-11df-a3ec-002264764cea
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[*] c7572ed0-fbfb-4895-8e62-4652ddecacd6
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks
ID Name Comment Status Progress
-- ---- ------- ------ --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6 my-task just a quick test New -1
msf > openvas_task_start c7572ed0-fbfb-4895-8e62-4652ddecacd6
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='202' status_text='OK, request submitted'><report_id>8c82525b-6a1c-48f9-9f72-fec64ae65fe9</report_id></start_task_response></X>
msf > openvas_task_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks
ID Name Comment Status Progress
-- ---- ------- ------ --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6 my-task just a quick test Running 8
msf > openvas_task_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks
ID Name Comment Status Progress
-- ---- ------- ------ --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6 my-task just a quick test Running 82
msf > openvas_task_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks
ID Name Comment Status Progress
-- ---- ------- ------ --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6 my-task just a quick test Done -1
I feel the documentation within the plugin is fine, since OpenVAS itself calls these long UUID-looking values "IDs":
If you can point me to other Metasploit or Rapid7 documentation that mentions ID values of 0-99 (and the like), I can look into updating those. Thx!
When runing
openvas_*
command that involves any ID likeopenvas_target_delete <id>
, it does nothing.The problem seems to be that openvas stores IDs like a long string similar to "698f691e-7489-11df-9d8c-002264764cea" and functions defined on
plugins/openvas.rb
are showing and requiring numeric IDs. When this numeric IDs are passed to functions on gemruby-2.3.1/gems/openvas-omp-0.0.4/lib/openvas-omp.rb
, the responses are likeFailed to find target '0'
, because ID 0 doesn't really exist.The ID's that
openvas_*_list
commands are showing are "fake IDs". We can see that aprox line 259 onplugins/openvas.rb
:Steps to reproduce
openvas_target_create localhost 127.0.0.1 local
openvas_target_delete 0
Expected behavior
Delete target with ID == 0
Current behavior
Does not delete target with ID == 0
System stuff
OpenVAS version
OpenVAS Libraries 8.0.8 OpenVAS Manager 6.0.9 OpenVAS Scanner 5.0.6
Metasploit version
Framework: 4.12.23-dev-219f643 Console : 4.12.23-dev-219f643
I installed Metasploit with:
Git clone install.
Ruby version
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
OS
Debian 8.5