Questions tagged [openvas]

OpenVAS is a collection of open source tools for vulnerability scanning and management.

32 questions
6
votes
2 answers

False positives in OpenVAS

I recently ran the 1st vulnerability scan in my offices network using OpenVAS. We received a great deal of false positives. Mostly I saw that (at least some) tests are unaware of internal patches in a system. For example we were alerted to these:…
Uberhumus
  • 198
  • 1
  • 7
5
votes
1 answer

What could an attacker do on a server where Source Control Management (SCM) files are accessible?

I'm testing some servers with OpenVAS and I run into some SCM files that are remotely accessible: .git/config .git//info/exclude .git/description .git/HEAD that contains refs/heads/master and .git/refs/heads/master that contains a hash I'm new to…
EQT_STRIKE
  • 53
  • 4
5
votes
1 answer

Is it possible to invoke OS commands from a NASL script in OpenVAS?

I was wondering if it is possible to run a command like cat, w3m or any other Operating System (Linux) utility from inside a NASL script and use its output. Do you know any examples? I know you can use the tools that OpenVAS uses like nikto, etc…
4
votes
2 answers

OpenVAS won't generate SCAP Database

To deploy OpenVAS to Virtual machines I've been using Ansible for a while and it worked pretty well. Now today I wanted to deploy it to another machine but the openvas-check-setup script keeps telling me that the setup isn't yet finished because the…
4
votes
1 answer

Best practices manual for Alienvault USM?

Is there any best practices manual for Alienvault USM? I found some information about the profiles for the vulnerability scanner but nothing about how often I should launch the scan or which categories for a custom profile are dangerous: Deep -…
Blai
  • 43
  • 3
4
votes
1 answer

Metasploit & openvas error (openvas_connect)

I'm using Kali 4.3.0 and trying to run openVAS plugin into the Metasploit. OpenVAS (version 8.0) works properly on port 9392, metasploit is ok too. This is log of error: msf > openvas_connect admin admin 127.0.0.1 9392 ok [*] Connecting to OpenVAS…
Sergey Pavlov
  • 41
  • 1
  • 2
4
votes
1 answer

Is this a reasonable approach of continous network monitoring?

I'm currently implementing some mechanisms to continuously monitor our network. Most of this is done through OSSIM but I also extended it by some self written monitoring scripts. Im currently doing the following: Hourly host discovery scans of all…
davidb
  • 4,285
  • 3
  • 19
  • 31
3
votes
2 answers

Why OpenVAS does not find all open ports compared to Nmap?

I recently launched a system discovery scan with OpenVAS to an IP from my net to compare its results to Nmap. As you can see in the image OpenVAS does not find all the ports Nmap does. Both scans were all TCP ports scans. Also, both tools are…
2
votes
1 answer

Identify crash-inducing NVT in OpenVAS

I'm currently scanning a network using OpenVAS / Greenbone Security Assistant installed on Kali Linux. During the scan, multiple targets have crashed. This is obviously something I want to investigate. As I'm running the "Full and fast" scan…
Niklas
  • 73
  • 7
2
votes
1 answer

scan forwarded ports with OpenVAS/GVM?

I'm currently learning about network security and came across a problem, maybe I'm just missing something obvious but I'll try to explain my environment: I have a Kali Linux VM connected to the WAN Interface (192.168.178.109) of a Pfsense VM, the…
ecisse
  • 23
  • 1
  • 9
2
votes
1 answer

Missing HTTPOnly Cookie Attribute in Laravel 7

I have a Laravel site, I thought I patched this issue already. I got these in my session.php 'secure' => true, 'http_only' => true, But OpenVas still detected that I still need to it. It also listed it 3 times Am I missing anything else ? or…
code-8
  • 125
  • 1
  • 7
2
votes
1 answer

openVAS: uninitialized constant OpenVASOMP::OMPConnectionError

I was searching in many forums regarding this issue like here and here, but they were mentioning using port 9390. I launched OpenVAS on port 9390, but I still get the same error. I am using openVAS in msfconsole on Kali Linux. I load openVAS…
debugging XD
  • 121
  • 1
  • 4
2
votes
1 answer

OpenVas gets stuck on some scans

We have been using OpenVas to scan our servers for months now. Recently the scans are getting stuck on different %, always below 30%. We did not change anything in my local configuration. I read a post somewhere that I should lower the maximum…
lro985
  • 31
  • 1
  • 5
2
votes
1 answer

RRD Performance reporting with GSA/OpenVAS

I'm running Greenbone Security Assistant 7.0.2 (on Kali Linux) and the default performance reporting currently goes a "Fallback Report" which only dumps /proc/meminfo to the screen. A note on the page implies that there's more rich reporting but I…
BenC
  • 121
  • 3
2
votes
1 answer

Openvas : Change in port list has unexpected results

I have encountered strange results while changing only the port list for some targets. If I use the wizard (immediate scan) to scan a couple of hosts, I get a report with some medium vulnerabilities. If I clone the target that was created by the…
MisterV
  • 31
  • 5
1
2 3