10

I am practising in my lab with some metasploitable machines, and I just realised that the vulns declared by OpenVAS 6.01 in the scan report aren’t imported in Metasploit 4.11.5 by the db_import report-blah.xml.

When I read the report on the OpenVAS web interface, I see 72 vulns (with all kinds of vulnerabilities like ms15-043, a backdoor on port tcp 1524, etc.) but on the Metasploit db, I just have 51.

I also tried to import the report in nbe, but there is no difference. diff msf hosts vs openvas report

schroeder
  • 123,438
  • 55
  • 284
  • 319
Sarastro
  • 321
  • 2
  • 13
  • How many vulns were in the database before you imported? Is the problem that the numbers are different or is it that the vulns aren't being imported at all? – schroeder Dec 03 '15 at 00:00
  • sorry about my first explanation .., there was none vulns on the database , just run a nmap scan ,no script something like (db_nmap -sS -Pn -A -iL someFile.txt), then run some auxiliary modules for version recognition over the open ports , and finally the openvas with this . the problem is they are not imported , and more important if this is happening with this , it could be happening with all the data imported by the db_import (in metasploit ). – Sarastro Dec 03 '15 at 00:48
  • When you run `db_import`, what does the console say? – schroeder Dec 03 '15 at 00:56
  • when i import a OpenVAS xml says "importing OpenVAS XML , successfully imported and the name of the file ", when i import a nmap xml says the same plus the nokogiri gem v 1.6.6.2 – Sarastro Dec 03 '15 at 01:03
  • It's odd that it reports a successful import and the data isn't there. At this point, I would ask on the Rapid7 community site for Metasploit. – schroeder Dec 03 '15 at 04:29
  • Agree my friend , tnx for the guide and your time .. – Sarastro Dec 03 '15 at 04:47
  • Is the postGre service correctly started? Maybe, the datas has been imported in another workspace of metasploit ? – Sorcha Dec 03 '15 at 06:56
  • the database its working just fine ...in the other workspace i have other lab with other kind of vulns – Sarastro Dec 04 '15 at 00:30

2 Answers2

1

Have you tried to load the openvas plugin in MSF, connect to your running openvas server, and import your report directly from openvas by issuing "openvas_report_import report_id nbe"?

I was having the same problem as you until I imported using the plugin.

blackappy
  • 111
  • 3
0

Yes, there have been known errors in importing XML from OpenVAS into MSF and technically there isn't a fix as of now. I would suggest you use faraday which simplifies integrated penetration testing and just not only combines metasploit and openvas but also combines results from many other tools like Nmap, Nessus, Nikto and much more.

Nipun Jaswal
  • 134
  • 5