Openvas-scanner scan nothing

LubinLew · June 16, 2021, 5:26am

version: v21.4.0 on Ubuntu 20.04
deb: https://github.com/OpenSecHub/openvas-packaging/releases/tag/v21.4.0
Feeds: lastest(NVT: 20210616T1012, SCAP&CERT: 20210616T0030, GVMD_DATA: 20210614T1001)

Everything is OK, but get no results in report.
I can get CVE reports from openvas:v20.8.1.
I checked all the logs, nothing wrong.

gvmd.log

event task:MESSAGE:2021-06-17 00h53.06 UTC:59951: Task 10.130.12.172 (34dc7e73-3d83-4078-9ea1-901ad14470df) has been requested to start by admin
event task:MESSAGE:2021-06-17 00h53.08 UTC:59954: Status of task 10.130.12.172 (34dc7e73-3d83-4078-9ea1-901ad14470df) has changed to Queued
event task:MESSAGE:2021-06-17 00h53.49 UTC:59954: Status of task 10.130.12.172 (34dc7e73-3d83-4078-9ea1-901ad14470df) has changed to Running
event task:MESSAGE:2021-06-17 00h55.56 UTC:59954: Status of task 10.130.12.172 (34dc7e73-3d83-4078-9ea1-901ad14470df) has changed to Done

ospd-openvas.log

OSPD[59903] 2021-06-17 08:52:47,535: INFO: (ospd.main) Starting OSPd OpenVAS version 21.4.0.
OSPD[59903] 2021-06-17 08:53:08,791: INFO: (ospd.command.command) Scan 03f4185b-f6a5-41d3-875f-3091cec65494 added to the queue in position 1.
OSPD[59903] 2021-06-17 08:53:44,840: INFO: (ospd.ospd) Currently 1 queued scans.
OSPD[59903] 2021-06-17 08:53:44,856: INFO: (ospd.ospd) Starting scan 03f4185b-f6a5-41d3-875f-3091cec65494.
OSPD[59903] 2021-06-17 08:55:52,755: INFO: (ospd.ospd) 03f4185b-f6a5-41d3-875f-3091cec65494: Host scan finished.
OSPD[59903] 2021-06-17 08:55:52,758: INFO: (ospd.ospd) 03f4185b-f6a5-41d3-875f-3091cec65494: Scan finished.

openvas.log

sd   main:MESSAGE:2021-06-16 03h18.03 utc:2545: openvas 21.4.0 started
sd   main:MESSAGE:2021-06-16 03h18.08 utc:2545: Vulnerability scan 37e1a346-c894-4651-a13d-5ca8af0d9a5e started: Target has 1 hosts: 10.130.10.172, with max_hosts = 20 and max_checks = 4
sd   main:MESSAGE:2021-06-16 03h18.08 utc:2588: Vulnerability scan 37e1a346-c894-4651-a13d-5ca8af0d9a5e started for host: 10.130.10.172
sd   main:MESSAGE:2021-06-16 03h18.56 utc:2588: Vulnerability scan 37e1a346-c894-4651-a13d-5ca8af0d9a5e finished for host 10.130.10.172 in 48.55 seconds
sd   main:MESSAGE:2021-06-16 03h18.57 utc:2545: Vulnerability scan 37e1a346-c894-4651-a13d-5ca8af0d9a5e finished in 54 seconds: 1 hosts

ospd-openvas & openvas

    ● ospd-openvas.service - OSP server to allow GVM to remotely control an OpenVAS Scanner
         Loaded: loaded (/etc/systemd/system/ospd-openvas.service; enabled; vendor preset: enabled)
         Active: active (running) since Wed 2021-06-16 12:26:12 CST; 47min ago
           Docs: man:ospd-openvas(8)
       Main PID: 7853 (python3)
          Tasks: 12 (limit: 9525)
         Memory: 89.6M
         CGroup: /system.slice/ospd-openvas.service
                 ├─ 7853 /opt/gvm/py3venv/bin/python3 /opt/gvm/py3venv/bin/ospd-openvas -s /opt/gvm/.config/ospd.conf
                 ├─ 7855 /opt/gvm/py3venv/bin/python3 /opt/gvm/py3venv/bin/ospd-openvas -s /opt/gvm/.config/ospd.conf
                 ├─16608 /opt/gvm/py3venv/bin/python3 /opt/gvm/py3venv/bin/ospd-openvas -s /opt/gvm/.config/ospd.conf
                 ├─16717 sudo -n openvas --scan-start a4053a5c-dede-4f9d-83fb-3c20ce4424b7
                 ├─16718 openvas --scan-start a4053a5c-dede-4f9d-83fb-3c20ce4424b7
                 ├─16758 openvas: testing 10.130.10.172
                 ├─16764 openvas: testing 10.130.10.172 (/opt/gvm/var/lib/openvas/plugins/host_alive_detection.nasl)
                 └─16766 nmap --reason -sP -T3 --send-ip -e ens3 -PE 10.130.10.172

    Jun 16 13:10:17 scanner-openvas sudo[15927]: pam_unix(sudo:session): session opened for user root by (uid=0)
    Jun 16 13:10:17 scanner-openvas sudo[15927]: pam_unix(sudo:session): session closed for user root
    Jun 16 13:10:17 scanner-openvas sudo[15929]:      gvm : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sbin/openvas --scan-start 18189436-7871-4365-b271-e02eb639bdf8
    Jun 16 13:10:17 scanner-openvas sudo[15929]: pam_unix(sudo:session): session opened for user root by (uid=0)
    Jun 16 13:11:09 scanner-openvas sudo[15929]: pam_unix(sudo:session): session closed for user root
    Jun 16 13:13:47 scanner-openvas sudo[16715]:      gvm : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sbin/openvas -s
    Jun 16 13:13:47 scanner-openvas sudo[16715]: pam_unix(sudo:session): session opened for user root by (uid=0)
    Jun 16 13:13:47 scanner-openvas sudo[16715]: pam_unix(sudo:session): session closed for user root
    Jun 16 13:13:47 scanner-openvas sudo[16717]:      gvm : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/local/sbin/openvas --scan-start a4053a5c-dede-4f9d-83fb-3c20ce4424b7
    Jun 16 13:13:47 scanner-openvas sudo[16717]: pam_unix(sudo:session): session opened for user root by (uid=0)

Only some ICMP packages to target IP

Lukas · June 16, 2021, 8:18am

First i would have a look at your Log results, if they are not empty you might find the question here.

It looks like you have an issue with the alive criteria, but not 100% sure without seeing any results.

Then please have a look here:

That will answer your questions.

LubinLew · June 17, 2021, 1:11am

Thanks,

The target has no ping issue. I can get results from openvas:v20.8.1.
And the “Consider Alive” option does no difference.

Lukas · June 18, 2021, 7:40am

I would suggest you get back to your packet provider and open an issue there, alternative you can use a GSM Trial or compile it your self.

vudududu · June 22, 2021, 9:21pm

Hi, look at this issue https://github.com/yu210148/gvm_install/issues/26.
Maintainer used this script as reference. Also you can ask maintainer here V20.8.1 pre-build package for ubuntu-20.04