Not scanning public/external IP
nisar-med opened this issue · 4 comments
I have tried scanning public IP addresses using greenbone security web interface and the scanner just finishes with an empty report and /var/log/openvas/openvasmd.log says the host is dead.
I can scan localhost without any problems. I am using boot2docker in Mac OS to run the docker image and it seems that it has something to do with openvassd configuration to allow scanning of external IP addresses but I can't figure it out.
I've seen this a few times, could be the same as #84. Can you provide the full log? Also, try to scan a public djs record before scanning an ip and let me know the results. Thanks!
Pasting full log in the end of this message.
Found this post which is kind of related but applicable to older version.
http://www.backtrack-linux.org/forums/showthread.php?t=59874
Also is there a way to debug openvassd service? (log_whole_attack = yes already enabled), I think nmap is returning "host is dead". I tried google.com and it is taking forever at 1%.
$ docker exec -it openvas tail -f /var/log/openvas/openvassd.messages
[Mon Jun 20 12:22:00 2016][818] Starts a new scan. Target(s) : 59.167.29.49, with max_hosts = 30 and max_checks = 10
[Mon Jun 20 12:22:00 2016][818] exclude_hosts: Skipped 0 host(s).
[Mon Jun 20 12:22:00 2016][818] Testing securesites.toowards.com (59.167.29.49) [839]
[Mon Jun 20 12:22:03 2016][839] The remote host (59.167.29.49) is dead
[Mon Jun 20 12:22:03 2016][839] Finished testing 59.167.29.49. Time : 3.51 secs
[Mon Jun 20 12:22:03 2016][818] Test complete
[Mon Jun 20 12:22:04 2016][818] Total time to scan all hosts : 12 seconds
$ docker exec -it openvas tail -f /var/log/openvas/openvasmd.log
md otp:MESSAGE:2016-06-20 12h12.11 utc:47: Scanner loading: 47250 / 47486 nvts.
lib auth: INFO:2016-06-20 12h12.52 utc:125: Authentication configuration not found.
event target:MESSAGE:2016-06-20 12h21.47 UTC:814: Target 218ac69a-74ec-48dd-8113-dbfb342d18c0 has been created by admin
event task:MESSAGE:2016-06-20 12h21.47 UTC:814: Status of task (5d53a742-be32-4394-a879-6076b23da9c1) has changed to New
event task:MESSAGE:2016-06-20 12h21.47 UTC:814: Task 5d53a742-be32-4394-a879-6076b23da9c1 has been created by admin
event task:MESSAGE:2016-06-20 12h21.48 UTC:814: Status of task Immediate scan of IP 59.167.29.49 (5d53a742-be32-4394-a879-6076b23da9c1) has changed to Requested
event task:MESSAGE:2016-06-20 12h21.48 UTC:814: Task 5d53a742-be32-4394-a879-6076b23da9c1 has been requested to start by admin
event wizard:MESSAGE:2016-06-20 12h21.48 UTC:814: Wizard quick_first_scan has been run by admin
event task:MESSAGE:2016-06-20 12h21.53 UTC:820: Status of task Immediate scan of IP 59.167.29.49 (5d53a742-be32-4394-a879-6076b23da9c1) has changed to Running
event task:MESSAGE:2016-06-20 12h22.04 UTC:820: Status of task Immediate scan of IP 59.167.29.49 (5d53a742-be32-4394-a879-6076b23da9c1) has changed to Done
I'm getting the exact same problem. Host OS is Ubuntu 15.10 Wily.
[Thu Aug 4 17:46:11 2016][27162] openvassd 5.0.5 started
[Thu Aug 4 17:47:19 2016][27199] Client not present
[Thu Aug 4 18:00:07 2016][27162] Received the Terminated signal
[Thu Aug 11 02:03:09 2016][23] openvassd 5.0.5 started
[Thu Aug 11 02:03:34 2016][35] Client not present
[Thu Aug 11 02:07:40 2016][444] Starts a new scan. Target(s) : REDACTED, with max_hosts = 30 and max_checks = 10
[Thu Aug 11 02:07:40 2016][444] exclude_hosts: Skipped 0 host(s).
[Thu Aug 11 02:07:40 2016][444] Testing handy.com (REDACTED) [456]
[Thu Aug 11 02:07:42 2016][456] The remote host (REDACTED) is dead
[Thu Aug 11 02:07:43 2016][456] Finished testing REDACTED. Time : 2.94 secs
[Thu Aug 11 02:07:43 2016][444] Test complete
[Thu Aug 11 02:07:43 2016][444] Total time to scan all hosts : 8 seconds
I'm no longer seeing this after v9 so closing. Please reopen if you experience this again