[Openvas-discuss] nmap no longer running

Justin Pasher justinp at distribion.com
Wed Jun 15 00:25:44 CEST 2011


----- Original Message -----
>  From: Henri Doreau <henri.doreau at greenbone.net>
>  Date: Tue, 14 Jun 2011 23:09:40 +0200
>  Subject: Re: [Openvas-discuss] nmap no longer running
>  To: Justin Pasher <justinp at distribion.com>
>  CC: openvas-discuss at wald.intevation.org
>
> 2011/6/14 Justin Pasher<justinp at distribion.com>:
>> FYI, I just did a complete reinstall of the OpenVAS packages (I removed
>> /etc/openvas, /var/lib/openvas, and /var/cache/openvas first), created a
>> new scan task using the "Fast and full" scan config (over 21000
>> plugins), and scanned one host. It's still not running nmap, according
>> to the "Information about the scan" plug-in.
>>
>> I'm stumped now. Any ideas?
>>
>> --
>> Justin Pasher
> Thanks for the report, your problem and Mark's one seem unrelated
> actually. Which version of nmap are you running? Can you see something
> in the logs (openvassd.dump or openvassd.messages)?

I'm running the Debian Squeeze nmap package.

# nmap -V
Nmap version 5.00 ( http://nmap.org )

I've had this same version for a few months now since I upgraded to 
Squeeze, and it used to work fine. The only thing that changed that I 
can think of was syncing my NVT plugins (the automated scan worked fine 
on June 1st using the version dated Mar 23). I went ahead and updated to 
the Testing branch version (5.21) to try it out, and I get the same results.

The KB file for the host says it's detecting nmap, and even launching 
the plug-in (I assume).

1308088544 3 Launched/1.3.6.1.4.1.25623.1.0.14259=1
...
1308088544 3 Tools/Present/nmap=1

This is the order of the lines in the file (with a bunch of other 
entries in between). Does it matter that it says it's launching the 
nmap.nasl script before recording that the tool is present? With nmap 
5.21, I get an additional KB entry, but it still doesn't run.

1308089789 3 Tools/Present/nmap5.21=1

The openvassd.messages file doesn't have any additional info. The only 
thing in the dump file is a bunch of warnings about being unable to run 
a handful of NSE scripts.

Nmap wrapper: Unable to run NSE script vnc-info (unsupported scan phases)
Nmap wrapper: Unable to run NSE script ssh-hostkey (unsupported scan phases)
Nmap wrapper: Unable to run NSE script ssh2-enum-algos (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script http-headers (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script http-trace (unsupported scan phases)
Nmap wrapper: Unable to run NSE script http-vmware-path-vuln 
(unsupported scan phases)
Nmap wrapper: Unable to run NSE script daytime (unsupported scan phases)
Nmap wrapper: Unable to run NSE script http-methods (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script afp-path-vuln (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script netbus-auth-bypass (unsupported 
scan phases)
Nmap wrapper: Unable to run NSE script mongodb-databases (unsupported 
scan phases)
Nmap wrapper: Unable to run NSE script afp-serverinfo (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script db2-discover (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script giop-info (unsupported scan phases)
Nmap wrapper: Unable to run NSE script citrix-enum-servers (unsupported 
scan phases)
Nmap wrapper: Unable to run NSE script hddtemp-info (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script whois (unsupported scan phases)
Nmap wrapper: Unable to run NSE script rpcinfo (unsupported scan phases)
Nmap wrapper: Unable to run NSE script smbv2-enabled (unsupported scan 
phases)
Nmap wrapper: Unable to run NSE script banner (unsupported scan phases)

Just a note. If I enable the "OpenVAS TCP scanner" plug-in it will find 
the additional ports (not sure if it's all of them, but it finds the 
common ones like 21, 25, 80, 443, etc).

It would be neat if the plug-ins were available through a code revision 
system like subversion or git. That would allow people to go back to a 
previous point in time, in the event something screwy happened with the 
plug-ins.

-- 
Justin Pasher


More information about the Openvas-discuss mailing list