Openvas-nasl thinks a host is dead (but it isn't)


#1

When attempting to test an NVT against a Windows host, I am unable to authenticate as ping_host.nasl thinks that the host is dead:

The output is as follows:
/openvas/bin/openvas-nasl -Xdi /openvas/var/lib/openvas/plugins/ -k “SMB/domain=testbed” -k “SMB/login=administrator” -k “SMB/password=Bobchicken125” -t 192.168.80.184 /openvas/var/lib/openvas/plugins/logins.nasl /openvas/var/lib/openvas/plugins/gb_dont_scan_fragile_device.nasl /openvas/var/lib/openvas/plugins/ping_host.nasl
lib misc-Message: set key ftp/writeable_dir -> /incoming
lib misc-Message: set key ftp/login -> anonymous
lib misc-Message: set key ftp/password -> anonymous@example.com
lib misc-Message: set key SMB/dont_send_in_cleartext -> 1
lib misc-Message: set key SMB/NTLMSSP -> 1
lib misc-Message: set key /ping_host/mark_dead -> yes
lib misc-Message: set key /tmp/start_time -> 1559747890
lib misc-Message: set key ICMPv4/EchoRequest/failed -> 1

I think I’m missing something - a dependency or missing executable - but I’m unsure what.

Weirdly, the NVT does run successfully if I include the NVT in a proper scan, it just fails when using openvas-nasl


#2

Just set it to assume alive in the scan config.


#3

Do you have an example of what the configuration would look like - or would I need to open gvm create a scan and dig around for the scan configuration?


#4

IMHO the quickest way is to edit the target.

  • Clone the target
  • edit the target so that the drop down menu at “Alive test” reads “consider alive”
  • clone the task and attach the new target.

#5

Basically it might be possible that you’re using a different “Alive Test” method (as described previously) during the “full” scan then the default which ping_host.nasl is using (ICMP Echo request) when running via openvas-nasl.

As VTs running via openvas-nasl are not able to read any of the script_add_preference() set in the metadata of a VT or within a scan config you might need to play around with the script_get_preference calls in ping_host.nasl to get a similar behavior like in a “full” scan.

Generally please note that openvas-nasl is not really a replacement for a “full” scan via openvassd and should be only seen as a development tool for the initial development of a VT.

In general it doesn’t care if a host is “dead” or not so the ping_host.nasl dependency is unnecessary when using openvas-nasl.

Furthermore it doesn’t evaluate most of the data in the description block like e.g. script_require_ports, script_dependencies, script_mandatory_keys or the previously mentioned script_add_preference.

Some of these points are also described in Understanding testing of nasl scripts, especially the note on unscanned_closed and unscanned_closed_udp mentioned there might be relevant as well.


#6

@cfi @Lukas
I am working on the same issue. Here is my configuration (output from openvassd -s)

$ openvassd -s
non_simult_ports = 139, 445, 3389, Services/irc
be_nice = no
safe_checks = yes
nasl_no_signature_check = yes
time_between_request = 0
expand_vhosts = yes
max_checks = 10
optimize_test = yes
report_host_details = yes
config_file = /openvas/etc/openvas/openvassd.conf
unscanned_closed_udp = yes
include_folders = /openvas/var/lib/openvas/plugins
test_empty_vhost = no
plugins_timeout = 320
cgi_path = /cgi-bin:/scripts
checks_read_timeout = 5
unscanned_closed = yes
auto_enable_dependencies = yes
log_whole_attack = no
db_address = /tmp/redis.sock
drop_privileges = no
log_plugins_name_at_load = no
scanner_plugins_timeout = 36000
timeout_retry = 3
max_hosts = 30
network_scan = no
open_sock_max_attempts = 5
plugins_folder = /openvas/var/lib/openvas/plugins

Do I need an additional config here?


#7

@cfi @Lukas
Or, putting in another way… is there a way to access the gvm config file so I can edit the alive test configuration?


#8

Please see my previous posting which should already provide detailed background info on both questions.