GVM 21.04 scanning but seems incomplete

stefanBP · June 1, 2021, 2:29am

GVM versions

gsad: (‘gsad --version’)
Greenbone Security Assistant 21.04.0~git-caa22de9f-gsa-21.04
gvmd: (‘gvmd --version’)
Greenbone Vulnerability Manager 21.4.0~git-2cd0db62-gvmd-21.04
openvas-scanner: (‘openvas --version’, in older GVM versions < 11: ‘openvassd --version’)
OpenVAS 21.4.1~git-106a206f-openvas-21.04
gvm-libs:
gvm-libs-21.04

Environment

Operating system:
Ubuntu Bionic
Kernel: (‘uname -a’)
Linux vagrant 4.15.0-143-generic #147-Ubuntu SMP Wed Apr 14 16:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source:
From source

I have successfully build GVM 21.04 from source.
Everything appears to work but the scanning results are suspicious.
I have a legacy GVM 9.0.1 reference system.

When I am using the following configuration

Target: Single IP / All TCP and Nmap top 100 UDP
Scan confg: Full and Fast
Scanner: OpenVAS Default

on both systems I am getting:

15 Log level vulnerabilities on GVM 21.04

130 log level / 1 Low level vulnerabilities on GVM 9.0.1

In particular GVM 9.0.1 reports many detected services / open ports that GVM 21 does not report at all.

The logs don’t contain any errors and I checked that nmap is installed and can actually detect the open ports when run from the command line.

What else could be the problem?

Thank you,
Stefan

Lukas · June 1, 2021, 8:45am

Welcome here, a short hint check for previous posts with the same issues and what helped them.

If you GVM toolchain does not give you any results, how can you tell that you successfully build it ?

Your question is far to generic !

Do you have the services up and running ?

What does the log give you on every service ?

Any permission issues ?

stefanBP · June 1, 2021, 9:01am

As I mentioned the GVM 21 tool chain gives me only 5 results:

CGI Scanning Consolidation
Hostname Determination Reporting
HTTP Security Headers Detection
OS Detection Consolidation and Reporting
Traceroute

It does not match my expectation from what I get for the seemingly identical setup in GVM 9 which gives me in total 131 vulnerabilities.

Do you have the services up and running ?
I am running as a local user:

ospd-scanner
gvmd
gsad

What does the log give you on every service ?
As per the logs these are working fine.

Any permission issues ?
I did configure the sudo setup so that openvas can be run as root. I also check the openvas processes being spawned and they are indeed running as ‘root’. As far as I can tell there are no permission issues.

Thanks,
Stefan

Lukas · June 1, 2021, 9:13am

Sorry but i think your build is not optimal.

I would suggest to check the GSM Trial and check if GVM 21.04 is working there. Then you should try to rebuild your tool chain.

Alesystem · July 22, 2021, 6:34pm

I have the same problem. When I have scanned, I have only 5 vulnerabilities per host. Has someboby solved this problem?

stefanBP · July 23, 2021, 2:43am

I managed to make some progress on my own by debugging into the issue some more.

For me the issue appears to be caused by the interaction with the Vagrant VM.

I noticed that for some network interfaces the this_host call seems to return null or an empty string and at least some NASL scripts don’t handle that which causes the entire scan to fail.

I made progress by setting the source interface on the task itself to get past this issue.

But I also noticed that when I do set the interface explicitly GVM gives me a deprecation warning.