Scan Report Error wapiti

ospd
osp

#1

I have the latest version of wapiti but somehow it is not recognized by the scanner. How to get it recognised I even edited the permission of vulnerability.py and wapiti.py still the same error.

Issue

NVT: wapiti (NASL wrapper)
OID: 1.3.6.1.4.1.25623.1.0.80110
Threat: Log (CVSS: 0.0)
Port: 80/tcp

Summary:
This plugin uses wapiti to find
web security issues.
Make sure to have wapiti 2.x as wapiti 1.x is not supported.
See the preferences section for wapiti options.
Note that the scanner is using limited set of wapiti options. Therefore, for m!
ore complete web
assessment, you should use standalone wapiti tool for deeper/customized checks!
.
Note: The plugin needs the ‘wapiti’ binary found within the PATH of the user r!
unning the scanner and
needs to be executable for this user. The existence of this binary is checked !
and reported separately
within ‘Availability of scanner helper tools’ (OID: 1.3.6.1.4.1.25623.1.0.8100!
00).

Vulnerability Detection Result:
The wapiti report filename is empty. That could mean that a wrong version of wap!
iti is used or tmp dir is not accessible. Make sure to have wapiti 2.x as wapiti!
1.x is not supported.
In short: Check the installation of wapiti and the scanner.

Log Method:
Details:
wapiti (NASL wrapper)
(OID: 1.3.6.1.4.1.25623.1.0.80110)
Version used: $Revision: 13985 $


#2

Please note that the wrapper concept from NASL side around such external tools like wapiti is basically deprecated and won’t receive any updates / fixes from Greenbone side. The mentioned wrapper VT is currently only kept in the Greenbone Community Feed for legacy reasons.

Calling such external tools should be done via an OSPd wrapper (https://github.com/greenbone/ospd) where you can find some basic documentation on how to implement one at https://github.com/greenbone/ospd#how-to-write-your-own-osp-scanner-wrapper

For further questions around OSP the existing category About the Open Scanner Protocol (OSP) category could be used.