I tried running a scan from my VM machine on my host. It always shows
the severity as 0.0 (log)
I don't understand what this means..surely I have vulnerabilities and
they are listed in the report.. e.g. HTTP server type and version are
shown 'Apache Coyote 1.1', which has many vulnerabilities...
I ran a scan on one of the windows machines I have and I got a number of
vulnerabilities. But the smbv1 vulnerability of shadow broker was not there
even though I certainly not that it should .my nvt's signature is from 28 April
Thanks
--
Sent from my Android device with K-9 Mail. Please excu
Hi,
I've been using OpenVas for a while now. I must say that as a single
user it is pretty impressive. However, I've noticed that if I were to
provide other users access to the scanner, I am not able to share any of
the scans I've done or the hosts (not even the configuration).
I know this i
Hi,
I've been using OpenVas for a while now. I must say that as a single
user it is pretty impressive. However, I've noticed that if I were to
provide other users access to the scanner, I am not able to share any of
the scans I've done or the hosts (not even the configuration).
I know this i
Thanks,
Those instructions work well. I'm able to share scans and hosts I
wish, however, we can further apply permissions on groups rather than
just ad user by user it'll be great.
Ali
On 06/04/2017 09:18 PM, Christian Fischer wrote:
> Hi,
>
> On 04.06.2017 19:29, Ali K
Dear All,
Is there a .nasl available to check if a host is vulnerable to cve 2017-0199.
I understand this requires authenticated scanning but is it available at all ?
Ali
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.___
Openv
Thanks, Christian.
I will check it out.
On 06/28/2017 10:03 PM, Christian Fischer wrote:
> Hi,
>
> On 28.06.2017 20:21, Ali Khalfan wrote:
>> Dear All,
>> Is there a .nasl available to check if a host is vulnerable to cve
>> 2017-0199.
>>
>> I understand t
I found that the .nasl exists for eternalblue .. However,it doesn't seem to run
for any of the scan configs
Is there a way I can make sure it is added ?
On June 28, 2017 10:03:59 PM GMT+03:00, Christian Fischer
wrote:
>Hi,
>
>On 28.06.2017 20:21, Ali Khalfan wrote:
>> Dea
thanks
Original Message
Subject: Re: [Openvas-discuss] Checking for cve 2017-0199
From: Roger Davies
To: Ali Khalfan
CC: openvas-discuss@wald.intevation.org
Date: Tue Jul 25 2017 09:53:56 GMT+0300 (AST)
> Hi there
>
> Yes, it's in two monthly rollup checks and
I've found the following issue when scanning a subset of windows hosts that
openvas is not detecting that the host is vulnerable to ms17-010 . Also, I got
no alert that this windows version is 2003 and out of support.
I search for ms17-010 nasl file and I find it there in the host. However I
>Sent from my Sony Xperia™ smartphone
>
> Ali Khalfan wrote
>
>>___
>>Openvas-discuss mailing list
>>Openvas-discuss@wald.intevation.org
>>https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
I tried running a windows authenticated scan using my own credentials on
the system. The account used is not an administrative one. I noticed in
the scan log that the authentication was successful. I used the Full
and Deep scan, but it seems the results are the same. Not even the log
information
I created my own Scap 1.2 file to benchmark some windows machines based
on a particular baseline. Is there a way I can import this file to
openvas for it to conduct an authenticated scan and produce a compliance
report ?
Thanks,
Ali
___
Openvas-dis
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I setup openvas scanner 3.3.1 on ubuntu 12.04.1 as well as the
certificates according to the default standards
I also setup openvas manager 3.0.3 and generate the default
certificates. I started the openvas server but couldn't get the manager
to
>| ASSERT: mpi.c:609
|<2>| ASSERT: dn.c:1209
- Peer's certificate is trusted
- Version: TLS1.0
- Key Exchange: RSA
- Cipher: AES-128-CBC
- MAC: SHA1
- Compression: NULL
- Handshake was completed
- Simple Client Mode:
Original Message
Subject: handshake problem
Aitzol,
Do you have an openvasmd.log file? Does it report any errors ?
Christian Kuersteiner wrote:
> Aitzol,
>
> On 10/03/2012 06:24 PM, Aitzol Egia Amezua wrote:
>> I follow this procedure to solve the problem:
>>
>> 1. Run openvas-nvt-sync --wget (I get a timeout error with rsync but
>>
gnutls_strerror (ret));
if (shutdown (server_socket, SHUT_RDWR) == -1)
Original Message
Subject: Re: handshake problems openvas server and manager
From: Ali Khalfan
To: openvas-discuss@wald.intevation.org
Date: Fri Sep 28 2012 20:07:41 GMT+0300 (AST)
>
>
This is what I feared ... there seems to be a problem with the openvas
library in setting a handshake with the scanner using gnutls , I just
posted something about this
Can't seem to get anyone to help me out either her or on the gnutls list.
I''ll be trying the latest gnutls version soon and I
The new version didn't work either, here's the packet capture
Original Message
Subject: Re: [Openvas-discuss] Installing OpenVAS on OpenSUSE 11.1
From: Ali Khalfan
To: Aitzol Egia Amezua
CC: openvas-discuss@wald.intevation.org
Date: Thu Oct 04 2012 12:21:38 GMT
it seems that I was still running the old gnutls , the newwer one
(3.1.2) seems to successfully perform the handshake
I got a long way to go though
Original Message
Subject: Re: [Openvas-discuss] Installing OpenVAS on OpenSUSE 11.1
From: Ali Khalfan
To: openvas-discuss
I'm also stuck with the same problem. I am running it on ubuntu
precise, which I'm thinking is what BT%r3 is built on (or one of the
versions of ubuntu anyway)
I actually tried downgrading, didn't really help, and the openvasmd.log
aren't enough to troubleshoot the problem
bb.boogie wrote:
>
Hi Eero,
what version of gnutls are you using ?
Original Message
Subject: Re: [Openvas-discuss] openvasmd authentication configuration
could not be loaded
From: Eero Volotinen
To: Ali Khalfan
CC: openvas-discuss@wald.intevation.org
Date: Thu Oct 11 2012 09:35:51 GMT+0300
I tried 2.12 and 3.1 on ubuntu. I checked out the latest sources from the
repos
بتاريخ 2012 10 16 09:32، كتبها "Jan-Oliver Wagner" <
jan-oliver.wag...@greenbone.net>:
> On Thursday 11 October 2012 09:40:43 Ali Khalfan wrote:
> > what version of gnutls are you using ?
&
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
what error do you get in the logs?
Stuart Sheldon wrote:
> Hi Veerendra and all,
>
> I've got something wrong with my builds, but I'll be darned if I
> can figure out what it is. If I had to guess, I would say it had to
> do with the gnutls lib, b
When trying to import (or even add ) a port list on the gsad panel, I
get the error
Internal error: create_port_list_omp:13745
An internal error occurred while creating a new port list. A new port
list was, however, created. Diagnostics: Failure to receive response
from manager daemon.
I check
ginal Message
Subject: xml parse error when adding ports
From: Ali Khalfan
To: openvas-discuss@wald.intevation.org
Date: Thu Oct 25 2012 23:33:56 GMT+0300 (AST)
> When trying to import (or even add ) a port list on the gsad panel, I
> get the error
>
> Internal error: cre
There seems to be a bug when trying to add a target with an ssh credential.
When I click on add the target the page reload but nothing happens (the
target is not added)
the openvasmd.log shows "lib rer:WARNING:2012-11-01 09h02.15
UTC:13944: Target source configuration could not be loaded.
"
_
For wapiti this did the trick for me
http://www.linuxquestions.org/questions/linux-software-2/wapiti-security-tool-fails-to-run-with-openvas-935495/
Not sure why you're getting that issue with arachni though. what
version have you got ?
Anthony Byrnes wrote:
>
>
> Hi,
>
> Running on Centos
For the record I'm facing this problem on Debian Squeeze
Simon Deziel wrote:
> Hi all,
>
> I just installed OpenVAS on Ubuntu 12.04 using the OBS repo. Now, I'm
> unable to add SSH credentials to a target. This was reported in
> http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-Nove
1) I can't hook up to the IRC channel either. There might be a way to
do it through a browser I think through here
http://client00.chat.mibbit.com/?server=irc.oftc.net&channel=%23openvas
, but my experience I didn't get a lot of help, in fact I haven't seen
anyone actually chat for a while .
2)
dig a little deeper in the mailing list archive, sorry.
> I'll wait for 5.0.4 to be available in the OBS repo :) For now, I am
> working around this by doing manual edition of the sqlite3 DB. Thanks a
> lot Ryan!
>
> Regards,
> Simon
>
>> On 11/8/2012 3:56 PM, Ali K
Can someone please point me to the right direction about openvas and
ovaldi ?
The integrated tools site http://www.openvas.org/integrated-tools.html
refers to ovaldi 5.5.4, while the latest version is 5.10. So, I'm
thinking it's a bit outdated.
Can we install ovaldi 5.10 without any consequences?
I thought about it, but I'll get a better head start if someone tried it
before me. I'll give it a shot
Original Message
Subject: Re: [Openvas-discuss] openvas - ovaldi status
From: Brandon Perry
To: Ali Khalfan
CC: openvas-discuss@wald.intevation.org
Date: Sat 17 N
rgument 3 of ‘int rpmcliQuery(rpmts_s*, rpmQVKArguments_s*, char* const*)’
make: *** [../../src/probes/linux/RPMInfoProbe.o] Error 1
Original Message
Subject: Re: [Openvas-discuss] openvas - ovaldi status
From: Ali Khalfan
To: bperry.volat...@gmail.com
CC: openva
openvasmd. Is there anything else I need to do ?
Original Message
Subject: Re: [Openvas-discuss] openvas - ovaldi status
From: Ali Khalfan
To: openvas-discuss@wald.intevation.org
Date: Sat 17 Nov 2012 10:55:19 PM AST
> I'm stuck here:
>
> In file in
check this out
http://lists.wald.intevation.org/pipermail/openvas-discuss/2012-November/004719.html
王风军 wrote:
> Hi, my admired friends,
> When I create a target, the 'SMB Credential(optional)' can't be
> selected, and the 'SSH Credential(optional)' can't be selected.
> Please give me
I am trying to create another user to view my tasks and reports on the
security assistant. But when I try to access with the new account, even
as an admin, I am not able to view the tasks or targets. Is there a way
I can create a new user that could view all the previous information
entered?
Th
Original Message
Subject: Re: [Openvas-discuss] greenbone security assistant permissions
From: Matthew Mundell
To: Ali Khalfan
CC: openvas-discuss@wald.intevation.org
Date: Sat Feb 02 2013 14:55:17 GMT+0300 (AST)
>> I am trying to create another user to view my tas
I am getting the following message when I am trying to scan a remote
server (any remote server)
[Thu Feb 14 13:43:15 2013][5695] user om starts a new scan. Target(s) :
176.58.89.148, with max_hosts = 20 and max_checks = 4
[Thu Feb 14 13:43:15 2013][5695] user om : testing 176.xx
(:::176.58.89
emote host is dead
From: Michael Meyer
To: Ali Khalfan
CC: openvas-discuss@wald.intevation.org
Date: Thu Feb 14 2013 17:49:17 GMT+0300 (AST)
> Hello,
>
> *** Ali Khalfan wrote:
>
>> I am getting the following message when I am trying to scan a remote
>> server (any rem
I'm trying to run a scan on a /29 subnet. My problem is everytime I do
something like this I get the errors below in the openvassd logs.
Running on one host seems to work fine.
What would be the best way to troubleshoot this? There doesn't seem to
be anything wrong with memory (free -m doesn't
From: Michael Meyer
To: Ali Khalfan
CC: openvas-discuss@wald.intevation.org
Date: Fri Feb 22 2013 11:28:15 GMT+0300 (AST)
> *** Ali Khalfan wrote:
>> I'm trying to run a scan on a /29 subnet. My problem is everytime I do
>> something like this I get the errors below i
I ran a black-box scan on a host, which is supposed to be a web
application. The host from the tests being run is clearly shown as
running a an web server IIS. Visiting the web pages shows that it is a
.NET application. However, after scanning openvas stated that there is
a php vulnerability.
How do I configure the scan intensity on Greenbone Security Assistant 2.0.1
I do not see any field for it.
Just to note that gsad 2.0.1 is on backtrack 5 R3
--Ali
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
https://lists.wald
I keep getting a high vulnerability with the content NVT: Mongoose
Webserver Content-Length Denial of Service Vulnerability (OID:
1.3.6.1.4.1.25623.1.0.900268) .
I'm pretty sure there is no web server running on that port. Also, I get
this vulnerability frequently when scanning other hosts.
Is i
unknown
62078/tcp open iphone-sync
64623/tcp open unknown
64680/tcp open unknown
65000/tcp open unknown
Original Message
Subject: Re: [Openvas-discuss] mongoose vulnerability
From: Eero Volotinen
To: Ali Khalfan
CC: "openvas-discuss@wald.intevation.org&q
figure out what would trigger openvas to state it's a
mongoose vulnerability.
Original Message
Subject: Re: [Openvas-discuss] mongoose vulnerability
From: Eero Volotinen
To: Ali Khalfan
Date: Mon Apr 01 2013 08:38:06 GMT+0300 (AST)
> There is something wrong with yo
I have realized that whenever I try to create a target and specify a
port list (such as all IANA TCP and UDP ports), the next time I login I
realize the port list is changed to "Openvas Default"
Is there any reason behind this?
--Ali
___
Openvas-discus
I am trying to perform on a host. However, I got a message that says
that the remote host is dead. I did an nmap of the same host and it
showed the host as up and it showed the listening ports as well.
This time it is different from the last time I got the problem . Last
time it happened it was
I think I narrowed down the problem in that hosts that reply to pings
can be scan. Other hosts are presumed dead , even though nmap says they
are up
Original Message
Subject: The remote host is dead...again
From: Ali Khalfan
To: openvas-discuss@wald.intevation.org
Date: Sat
is there a way I could update the password ued when logging in gsad ?
trying to do it from the webpage i get an error "save_user_oap:523"
I don't know how to do it from openvasad, I can't find the right command
in openvasad -c
thanks
___
Openvas-discu
I get the following error when compiling openvas-libraries on debian
squeeze
openvas-libraries-7.0.4/build$ make
[ 16%] Built target openvas_base_shared
[ 18%] Built target test-hosts
[ 42%] Built target openvas_misc_shared
[ 95%] Built target openvas_nasl_shared
Linking C executable openvas-nasl
got this fixed by following the steps in the howto in the same
directory, had to download and patch wmiclient as instructed.
Original Message
Subject: `wmi_reg_set_string_val' for openvas7-libraries on debian
From: Ali Khalfan
To: openvas-discuss@wald.intevation.org
Date
I run gsad on Debian squeeze and I get the below:
GLib-ERROR **: The thread system is not yet initialized.
aborting...
Aborted
why is GLib needed at all I thought greenbone was web based. and how
to fix this? installing gtk2 and dev doesn't seems to do anything.
Ali
___
I run gsad on Debian squeeze and I get the below:
GLib-ERROR **: The thread system is not yet initialized.
aborting...
Aborted
why is GLib needed at all I thought greenbone was web based. and how
to fix this? installing gtk2 and dev doesn't seems to do anything.
Ali
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
sorry I actually meant glib, why is it needed at all?
On 10/12/2014 04:03 PM, Reindl Harald wrote:
>
> Am 12.10.2014 um 14:56 schrieb Ali Khalfan:
>> I run gsad on Debian squeeze and I get the below:
>>
>> GLib-ERROR
That makes sense.. I get it now
Has anyone encountered this on greenbone? Is there a fix for it?
Reindl Harald wrote:
>Am 12.10.2014 um 15:06 schrieb Ali Khalfan:
> > sorry I actually meant glib, why is it needed at all?
>
>what about read the wikipedia article i linked?
>
i haven't seen any way to import/export db efficiently ..i'd like
someone to correct me if i'm wrong , 'cause i'm trying to do something
similar
On 10/13/2014 04:37 PM, Helmut Koers wrote:
> Hi there,
> is there a way to migrate an existing OpenVAS6 system including targets,
> schedules, tasks,
= g_malloc (sizeof (GMutex));
g_mutex_init (mutex);
#else
if (mutex == NULL)
{g_thread_init(NULL);
mutex = g_mutex_new ();
}
On 10/12/2014 04:13 PM, Reindl Harald wrote:
> Am 12.10.2014 um 15:06 schrieb Ali Khalfan:
>> sorry I actually meant glib, why is it needed at a
I'm on nmap 5.00 on debian squeeze .. openvas 7
I just started using it and it says the remote host is dead for all
addresses that I can't ping.
I thought this was fixed earlier
Ali
___
Openvas-discuss mailing list
Openvas-discuss@wald.intevation.org
Dear writer,
Did you update the scan settings as the default setting to detect if a machine
is online is via ping
On ٢٢ أكتوبر، ٢٠١٤ ٢:٤٨:٣٦ م GMT+03:00, Martin Herrman
wrote:
>Dear reader,
>
>I have successfully downloaded the OpenVAS-7 DEMO Virtual Appliance
>and started the VM in my Vir
you need to sync your NVTs first
On 01/16/2015 12:11 PM, Xiaofeng Sheng wrote:
> Hi, guys,
>
> I'm setting up the openvas on BT5 R3, I meet one ERROR message
> as the mail title described when I run
> "/pentest/misc/openvas/openvas-check-setup" command. I did some research
> on google websi
62 matches
Mail list logo
