[Openvas-discuss] Testing W3af with Openvas 8 beta version

Hani Benhabiles hani.benhabiles at greenbone.net
Tue Feb 10 11:14:53 CET 2015


On 2015-02-02 11:30, Miguel Ángel Martínez Martínez wrote:
> Hi,
>
> I have checked W3af works and I am using the last version of OSPd
> daemon (1.0b6).
>
> Anyway, I have been running new w3af scans in GSA with the following 
> results:
>
> - Although OSPd-w3af daemon shows the same logs
>
> 2015-01-20 17:38:24,006 ospd.ospd: DEBUG: SSL error: The read
> operation timed out
> 2015-01-20 17:38:24,012 ospd.ospd: DEBUG: Connection to
> <ssl.SSLSocket object at 0x9ce8d14> closed
> 2015-01-20 18:23:33,338 ospd_w3af.wrapper: DEBUG: w3af scan reached 
> timeout.
> 2015-01-20 18:23:33,844 ospd.ospd: INFO:
> bcb72ab5-318b-4a8f-ae6b-8bfa46b5f302: Scan finished
>
> the scans finish and a HTML report is always generated. I have had a
> look at the reports and all of them contain findings.
>
> - The status related to the task in GSA doesn't update right. For
> instance, it is 1% all the time. Furthermore, when the task is done,
> the severity is "Error" and there are no "Scan results", despite the
> fact that the report contains information.
>

Related to progress: It depends on the scanner, in this case 
w3af_console doesn't support showwing a progress value to the user.

What does the error say ? Have you tried with openvas manager and ospd 
from current trunk (Work in progress, so you may have stumbled accros an 
already fixed a bug)

> - The task takes a great deal of time to finish, compared to the
> scans run with w3af_console. It makes no sense, when w3af is supposed
> to test only a port: 80, 443,..
>

Have you tried to verify the same scan using "w3af_console -s 
/tmp/path_to_script" ? Though I suppose the problem is the "error" you 
have encountered.

> - Finally, I have created a task to scan three diferent web pages and
> I've checked that the w3af report has been overwritten several times.
> Can only a web page be scanned at the same time?
>

Will fix the report overwritting, thanks for pointing it.

> Thanks and regards
>
>
> _______________________________________________
> Openvas-discuss mailing list
> Openvas-discuss at wald.intevation.org
> 
> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss



More information about the Openvas-discuss mailing list