Wrong IDs on openvas plugin

[R3nPi2]

When runing openvas_* command that involves any ID like openvas_target_delete <id>, it does nothing.

The problem seems to be that openvas stores IDs like a long string similar to "698f691e-7489-11df-9d8c-002264764cea" and functions defined on plugins/openvas.rb are showing and requiring numeric IDs. When this numeric IDs are passed to functions on gem ruby-2.3.1/gems/openvas-omp-0.0.4/lib/openvas-omp.rb, the responses are like Failed to find target '0', because ID 0 doesn't really exist.

The ID's that openvas_*_list commands are showing are "fake IDs". We can see that aprox line 259 on plugins/openvas.rb:

    id = 0
    @ov.target_get_all().each do |target|
      tbl << [ id, target["name"], target["hosts"], target["max_hosts"],
      target["in_use"], target["comment"] ]
      id += 1
    end

Steps to reproduce

1. openvas_target_create localhost 127.0.0.1 local
2. openvas_target_delete 0

Expected behavior

Delete target with ID == 0

Current behavior

Does not delete target with ID == 0

System stuff

OpenVAS version

OpenVAS Libraries 8.0.8
OpenVAS Manager 6.0.9
OpenVAS Scanner 5.0.6

Metasploit version

Framework: 4.12.23-dev-219f643
Console : 4.12.23-dev-219f643

I installed Metasploit with:

Git clone install.

Ruby version

ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]

OS

Debian 8.5

[pbarry-r7]

Verified the plugin now uses/displays/accepts the openvas ID values.

[ghost]

Hello - where is this FIX? I am having this issue and trying to resolve. I have re-installed open-vas and metasploit with no avail.

[busterb]

Hi, how did you install Metasploit? I'd suggest verifying that you are using a version of Metasploit newer than this PR.

[ghost]

It is just installed with Kali - version 4.14.0-dev.

[busterb]

ok @eraddatz , sounds like the fix for this particular issue should be in place then. Can you give a little more detail about what you're seeing?

[ghost]

msf > load openvas 
! Omit
[*] Successfully loaded plugin: OpenVAS
----
msf > openvas_connect vas vas 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username vas...
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful
! Trying to do a scan within msfconsole - so I Load Config List - the ID's should be in Numeral format but are UID strings.
msf > openvas_config_list 
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configs

ID                                    Name
--                                    ----
085569ce-73ed-11df-83c3-002264764cea  empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5  Host Discovery
698f691e-7489-11df-9d8c-002264764cea  Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea  Full and very deep
74db13d6-7489-11df-91b9-002264764cea  Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196  Discovery
bbca7412-a950-11e3-9109-406186ea4fc5  System Discovery
daba56c8-73ec-11df-a475-002264764cea  Full and fast
! For Fun I try to load one of the tasks with openvas_task_start IDstring
msf > openvas_task_start daba56c8-73ec-11df-a475-002264764cea
/usr/share/metasploit-framework/vendor/bundle/ruby/2.3.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='404' status_text='Failed to find task &apos;daba56c8-73ec-11df-a475-002264764cea&apos;'/></X>

I am trying to do the scan inside the msfconsole after loading openvas. This was the same issue outlined in the document so it seemed like the same issue. I also get this exact same issue on another machine. I just loaded Metasploit-framework 4.14.0-dev and openvas version 9 on my Ubuntu machine and I get the exact same results.

[ghost]

That was maybe not so clear - any function where you should see ID #'s - the openvas plugin shows UID's instead and the UID's do not exist so nothing can function.

Such as openvas_format_list, target_list, config_list. All documentation for steps to use openvas inside of msfconsole shows that these should be numbers 0-99 for example and not UID strings.

msf > openvas_format_list 
ID                                    Name           Extension  Summary
--                                    ----           ---------  -------
5057e5cc-b825-11e4-9d0e-28d24461215b  Anonymous XML  xml        Anonymous version of the raw XML report
openvas_target_list

+] OpenVAS list of targets

ID                                    Name       Hosts      Max Hosts  In Use  Comment
--                                    ----       -----      ---------  ------  -------
6d57eb06-4a22-438c-aec8-e3351701d6f1  
!Omit
openvas_config_list

[+] OpenVAS list of configs

ID                                    Name
--                                    ----
085569ce-73ed-11df-83c3-002264764cea  empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5  Host Discovery
! Omit

[ghost]

I think I have posted this in alternate issue. I see that this page lists this issue more clearly.

#7294

[pbarry-r7]

Hi @eraddatz. We definitely should be using the UID values with the plugin, sounds like the documentation needs updating. As far as the broken behavior you're experiencing, I can take a deeper look at this tomorrow (and fixup the documentation while I'm at it).

[pbarry-r7]

So I looked into this, it appears to be working correctly. When I connect to my OpenVAS server via the MSF plugin, I see valid IDs (which do look like UUIDs, but it's still valid to call them IDs, IMO), and I can log into the OpenVAS UI via my Chrome browser and verify those IDs are, indeed, ones associated with the information I'm getting from the plugin.

W.r.t. to your example of openvas_task_start returning an error, it appears that a task was never created first. If I do the same steps and create the task before starting it, it all works as expected:

$ ./msfconsole -q
msf > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS
msf> openvas_connect admin admin 10.0.2.7 9390
[-] Warning: SSL connections are not verified in this release, it is possible for an attacker
[-]          with the ability to man-in-the-middle the OpenVAS traffic to capture the OpenVAS
[-]          credentials. If you are running this on a trusted network, please pass in 'ok'
[-]          as an additional parameter to this command.
msf > openvas_connect admin admin 10.0.2.7 9390 ok
[*] Connecting to OpenVAS instance at 10.0.2.7:9390 with username admin...
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful
msf > openvas_config_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configs

ID                                    Name
--                                    ----
085569ce-73ed-11df-83c3-002264764cea  empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5  Host Discovery
698f691e-7489-11df-9d8c-002264764cea  Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea  Full and very deep
74db13d6-7489-11df-91b9-002264764cea  Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196  Discovery
bbca7412-a950-11e3-9109-406186ea4fc5  System Discovery
daba56c8-73ec-11df-a475-002264764cea  Full and fast


msf > openvas_format_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of report formats

ID                                    Name           Extension  Summary
--                                    ----           ---------  -------
5057e5cc-b825-11e4-9d0e-28d24461215b  Anonymous XML  xml        Anonymous version of the raw XML report
50c9950a-f326-11e4-800c-28d24461215b  Verinice ITG   vna        Greenbone Verinice ITG Report, v1.0.1.
5ceff8ba-1f62-11e1-ab9f-406186ea4fc5  CPE            csv        Common Product Enumeration CSV table.
6c248850-1f62-11e1-b082-406186ea4fc5  HTML           html       Single page HTML report.
77bd6c4a-1f62-11e1-abf0-406186ea4fc5  ITG            csv        German "IT-Grundschutz-Kataloge" report.
9087b18c-626c-11e3-8892-406186ea4fc5  CSV Hosts      csv        CSV host summary.
910200ca-dc05-11e1-954f-406186ea4fc5  ARF            xml        Asset Reporting Format v1.0.0.
9ca6fe72-1f62-11e1-9e7c-406186ea4fc5  NBE            nbe        Legacy OpenVAS report.
9e5e5deb-879e-4ecc-8be6-a71cd0875cdd  Topology SVG   svg        Network topology SVG image.
a3810a62-1f62-11e1-9219-406186ea4fc5  TXT            txt        Plain text report.
a684c02c-b531-11e1-bdc2-406186ea4fc5  LaTeX          tex        LaTeX source file.
a994b278-1f62-11e1-96ac-406186ea4fc5  XML            xml        Raw XML report.
c15ad349-bd8d-457a-880a-c7056532ee15  Verinice ISM   vna        Greenbone Verinice ISM Report, v1.1.10.
c1645568-627a-11e3-a660-406186ea4fc5  CSV Results    csv        CSV result list.
c402cc3e-b531-11e1-9163-406186ea4fc5  PDF            pdf        Portable Document Format report.


msf > openvas_target_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of targets

ID                                    Name       Hosts      Max Hosts  In Use  Comment
--                                    ----       -----      ---------  ------  -------
b493b7a8-7489-11df-a3ec-002264764cea  Localhost  localhost  1          0       


msf > openvas_task_create
[*] Usage: openvas_task_create <name> <comment> <config_id> <target_id>
msf > openvas_task_create my-task "just a quick test" 8715c877-47a0-438d-98a3-27c7a6ab2196 b493b7a8-7489-11df-a3ec-002264764cea
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[*] c7572ed0-fbfb-4895-8e62-4652ddecacd6
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks

ID                                    Name     Comment            Status  Progress
--                                    ----     -------            ------  --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6  my-task  just a quick test  New     -1


msf > openvas_task_start c7572ed0-fbfb-4895-8e62-4652ddecacd6
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='202' status_text='OK, request submitted'><report_id>8c82525b-6a1c-48f9-9f72-fec64ae65fe9</report_id></start_task_response></X>
msf > openvas_task_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks

ID                                    Name     Comment            Status   Progress
--                                    ----     -------            ------   --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6  my-task  just a quick test  Running  8


msf > openvas_task_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks

ID                                    Name     Comment            Status   Progress
--                                    ----     -------            ------   --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6  my-task  just a quick test  Running  82


msf > openvas_task_list
/home/pbarry/.rvm/gems/ruby-2.3.3@metasploit-framework/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201:in `sendrecv': Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks

ID                                    Name     Comment            Status  Progress
--                                    ----     -------            ------  --------
c7572ed0-fbfb-4895-8e62-4652ddecacd6  my-task  just a quick test  Done    -1

I feel the documentation within the plugin is fine, since OpenVAS itself calls these long UUID-looking values "IDs":

If you can point me to other Metasploit or Rapid7 documentation that mentions ID values of 0-99 (and the like), I can look into updating those. Thx!