[Openvas-discuss] nmap no longer running

Henri Doreau henri.doreau at greenbone.net
Wed Jun 15 09:14:42 CEST 2011


2011/6/15 Justin Pasher <justinp at distribion.com>:
> I'm running the Debian Squeeze nmap package.
>
> # nmap -V
> Nmap version 5.00 ( http://nmap.org )
>
Ok this one should work with the standard nmap.nasl plugin...

> I've had this same version for a few months now since I upgraded to
> Squeeze, and it used to work fine. The only thing that changed that I
> can think of was syncing my NVT plugins (the automated scan worked fine
> on June 1st using the version dated Mar 23). I went ahead and updated to
> the Testing branch version (5.21) to try it out, and I get the same results.
>
> The KB file for the host says it's detecting nmap, and even launching
> the plug-in (I assume).
>
> 1308088544 3 Launched/1.3.6.1.4.1.25623.1.0.14259=1
> ...
> 1308088544 3 Tools/Present/nmap=1
>
That actually prove that the plugin was started, but it might have
aborted. In this case you should see something in the dump. Otherwise
(if the plugin succeeded) an entry like
Success/1.3.6.1.4.1.25623.1.0.14259=1 should be set. Can you check
this point?

> This is the order of the lines in the file (with a bunch of other
> entries in between). Does it matter that it says it's launching the
> nmap.nasl script before recording that the tool is present? With nmap
> 5.21, I get an additional KB entry, but it still doesn't run.
>
> 1308089789 3 Tools/Present/nmap5.21=1
>
All these entries look good. I am unable to reproduce the problem.
I've tried with several versions of nmap and things just work as
expected. Are you running the scanner as root? Do you use custom
parameters for the nmap plugin?

> The openvassd.messages file doesn't have any additional info. The only
> thing in the dump file is a bunch of warnings about being unable to run
> a handful of NSE scripts.
>
> Nmap wrapper: Unable to run NSE script vnc-info (unsupported scan phases)
> [...]
>
This is normal behavior. These ones are NSE wrappers for the new
nmap_net subsystem and use network wide scanning.

> Just a note. If I enable the "OpenVAS TCP scanner" plug-in it will find
> the additional ports (not sure if it's all of them, but it finds the
> common ones like 21, 25, 80, 443, etc).
>
> It would be neat if the plug-ins were available through a code revision
> system like subversion or git. That would allow people to go back to a
> previous point in time, in the event something screwy happened with the
> plug-ins.
>
> --
> Justin Pasher

Regards.

-- 
Henri Doreau |  Greenbone Networks GmbH  |  http://www.greenbone.net
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner



More information about the Openvas-discuss mailing list