-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wrong IDs on openvas plugin #7267
Comments
Verified the plugin now uses/displays/accepts the openvas ID values. |
Hello - where is this FIX? I am having this issue and trying to resolve. I have re-installed open-vas and metasploit with no avail. |
Hi, how did you install Metasploit? I'd suggest verifying that you are using a version of Metasploit newer than this PR. |
It is just installed with Kali - version 4.14.0-dev. |
ok @eraddatz , sounds like the fix for this particular issue should be in place then. Can you give a little more detail about what you're seeing? |
I am trying to do the scan inside the msfconsole after loading openvas. This was the same issue outlined in the document so it seemed like the same issue. I also get this exact same issue on another machine. I just loaded Metasploit-framework 4.14.0-dev and openvas version 9 on my Ubuntu machine and I get the exact same results. |
That was maybe not so clear - any function where you should see ID #'s - the openvas plugin shows UID's instead and the UID's do not exist so nothing can function. Such as openvas_format_list, target_list, config_list. All documentation for steps to use openvas inside of msfconsole shows that these should be numbers 0-99 for example and not UID strings.
|
I think I have posted this in alternate issue. I see that this page lists this issue more clearly. |
Hi @eraddatz. We definitely should be using the UID values with the plugin, sounds like the documentation needs updating. As far as the broken behavior you're experiencing, I can take a deeper look at this tomorrow (and fixup the documentation while I'm at it). |
So I looked into this, it appears to be working correctly. When I connect to my OpenVAS server via the MSF plugin, I see valid IDs (which do look like UUIDs, but it's still valid to call them IDs, IMO), and I can log into the OpenVAS UI via my Chrome browser and verify those IDs are, indeed, ones associated with the information I'm getting from the plugin. W.r.t. to your example of
I feel the documentation within the plugin is fine, since OpenVAS itself calls these long UUID-looking values "IDs": If you can point me to other Metasploit or Rapid7 documentation that mentions ID values of 0-99 (and the like), I can look into updating those. Thx! |
When runing
openvas_*
command that involves any ID likeopenvas_target_delete <id>
, it does nothing.The problem seems to be that openvas stores IDs like a long string similar to "698f691e-7489-11df-9d8c-002264764cea" and functions defined on
plugins/openvas.rb
are showing and requiring numeric IDs. When this numeric IDs are passed to functions on gemruby-2.3.1/gems/openvas-omp-0.0.4/lib/openvas-omp.rb
, the responses are likeFailed to find target '0'
, because ID 0 doesn't really exist.The ID's that
openvas_*_list
commands are showing are "fake IDs". We can see that aprox line 259 onplugins/openvas.rb
:Steps to reproduce
openvas_target_create localhost 127.0.0.1 local
openvas_target_delete 0
Expected behavior
Delete target with ID == 0
Current behavior
Does not delete target with ID == 0
System stuff
OpenVAS version
OpenVAS Libraries 8.0.8
OpenVAS Manager 6.0.9
OpenVAS Scanner 5.0.6
Metasploit version
Framework: 4.12.23-dev-219f643
Console : 4.12.23-dev-219f643
I installed Metasploit with:
Git clone install.
Ruby version
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]
OS
Debian 8.5
The text was updated successfully, but these errors were encountered: