Does not work with GVM11? #14
Comments
|
Hi! I'm sorry to say that currently I only have time to maintain a few quantity of projects and I'm priorizing these projects with sponsorship. This project doesn't have any sponsors (currently) so, I don't have plans to add new features. |
|
how much do you charge to make these adjustments? |
|
I should analyse the work for this feature but, at least, a tier 2 for my sponsor tiers: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Due to the fact that openvas had its life cycle at the end, I needed to install GVM11, however the XML is different from openvas 9 and the script you provided does not work with it. Did you have any plans to make the new version available to us?
Note: You did a great job, helped a lot with scripting.
an example of xml generated by gvm11
admin2020-05-29T00:26:38-03:00<creation_time>2020-05-29T00:26:38-03:00</creation_time><modification_time>2020-05-29T00:33:45-03:00</modification_time>0<in_use>0</in_use>Target 171<report_format id="a994b278-1f62-11e1-96ac-406186ea4fc5">XML</report_format>9.0severitydescendingapply_overrides=0 levels=hml rows=1000 min_qod=70 first=1 sort-reverse=severity notes=1 overrides=1HighMediumLowapply_overrides=0levels=hmlrows=1000min_qod=70first=1sort-reverse=severitynotes=1overrides=1<severity_class id="d4c74cda-89e1-11e3-9c29-406186ea4fc5">nist<full_name>NVD Vulnerability Severity Ratings</full_name><severity_range>None0.00.0</severity_range><severity_range>Low0.13.9</severity_range><severity_range>Medium4.06.9</severity_range><severity_range>High7.010.0</severity_range></severity_class><scan_run_status>Done</scan_run_status>1<closed_cves>3</closed_cves>1310<ssl_certs>0</ssl_certs>Target 1710teste1711002020-05-29T00:26:18-03:00<scan_start>2020-05-29T00:26:38-03:00</scan_start>America/Sao_Paulo<timezone_abbrev>-03</timezone_abbrev>3general/tcp172.16.0.1712.6Low445/tcp172.16.0.1719.3High135/tcp172.16.0.1715.0MediumMicrosoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)admin<modification_time>2020-05-29T00:32:15-03:00</modification_time><creation_time>2020-05-29T00:32:15-03:00</creation_time>172.16.0.171445/tcpnvtMicrosoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389)Windows : Microsoft Bulletins<cvss_base>9.3</cvss_base>cvss_base_vector=AV:N/AC:M/Au:N/C:C/I:C/A:C|summary=This host is missing a critical security
update according to Microsoft Bulletin MS17-010.|insight=Multiple flaws exist due to the way that the
Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests.|affected=- Microsoft Windows 10 x32/x64 Edition
Microsoft Windows Server 2012 Edition
Microsoft Windows Server 2016
Microsoft Windows 8.1 x32/x64 Edition
Microsoft Windows Server 2012 R2 Edition
Microsoft Windows 7 x32/x64 Edition Service Pack 1
Microsoft Windows Vista x32/x64 Edition Service Pack 2
Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1
Microsoft Windows Server 2008 x32/x64 Edition Service Pack 2|impact=Successful exploitation will allow remote
attackers to gain the ability to execute code on the target server, also
could lead to information disclosure from the server.|solution=The vendor has released updates. Please see the references for more information.|vuldetect=Send the crafted SMB transaction request
with fid = 0 and check the response to confirm the vulnerability.|solution_type=VendorFix<scan_nvt_version></scan_nvt_version>High9.395<original_threat>High</original_threat><original_severity>9.3</original_severity>DCE/RPC and MSRPC Services Enumeration Reportingadmin<modification_time>2020-05-29T00:31:05-03:00</modification_time><creation_time>2020-05-29T00:31:05-03:00</creation_time>172.16.0.171135/tcpnvtDCE/RPC and MSRPC Services Enumeration ReportingWindows<cvss_base>5.0</cvss_base>cvss_base_vector=AV:N/AC:L/Au:N/C:P/I:N/A:N|summary=Distributed Computing Environment / Remote Procedure Calls (DCE/RPC) or MSRPC services running
on the remote host can be enumerated by connecting on port 135 and doing the appropriate queries.|insight=|affected=|impact=An attacker may use this fact to gain more knowledge
about the remote host.|solution=Filter incoming traffic to this ports.|vuldetect=|solution_type=Mitigation<scan_nvt_version></scan_nvt_version>Medium5.080Here is the list of DCE/RPC or MSRPC services running on this host via the TCP protocol:
Port: 49152/tcp
Port: 49153/tcp
Port: 49154/tcp
Port: 49155/tcp
Port: 49184/tcp
Port: 49186/tcp
Note: DCE/RPC or MSRPC services running on this host locally were identified. Reporting this list is not enabled by default due to the possible large size of this list. See the script preferences to enable this reporting.
<original_threat>Medium</original_threat><original_severity>5</original_severity>TCP timestampsadmin<modification_time>2020-05-29T00:28:09-03:00</modification_time><creation_time>2020-05-29T00:28:09-03:00</creation_time>172.16.0.171general/tcpnvtTCP timestampsGeneral<cvss_base>2.6</cvss_base>cvss_base_vector=AV:N/AC:H/Au:N/C:P/I:N/A:N|summary=The remote host implements TCP timestamps and therefore allows to compute
the uptime.|insight=The remote host implements TCP timestamps, as defined by RFC1323.|affected=TCP/IPv4 implementations that implement RFC1323.|impact=A side effect of this feature is that the uptime of the remote
host can sometimes be computed.|solution=To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the
Timestamp options when initiating TCP connections, but use them if the TCP peer
that is initiating communication includes them in their synchronize (SYN) segment.
See the references for more information.|vuldetect=Special IP packets are forged and sent with a little delay in between to the
target IP. The responses are searched for a timestamps. If found, the timestamps are reported.|solution_type=Mitigation<scan_nvt_version></scan_nvt_version>Low2.680It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:nvt1.3.6.1.4.1.25623.1.0.902782EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11913EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.103549EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.10879OSMicrosoft Windowsnvt1.3.6.1.4.1.25623.1.0.108044DCE/RPC and MSRPC Services EnumerationEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11024Services139,tcp,smbnvt1.3.6.1.4.1.25623.1.0.11011Service detection (1.3.6.1.4.1.25623.1.0.11011)EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.802726traceroute172.17.0.2,172.16.0.171nvt1.3.6.1.4.1.25623.1.0.51662Traceroutecpe:/o:microsoft:windows_7:-:sp1general/tcpnvt1.3.6.1.4.1.25623.1.0.105937EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.902269scanned_with_feedversion202005270936nvt1.3.6.1.4.1.25623.1.0.103739Host Scan EndClosed CVECVE-2006-3439openvasmd1.3.6.1.4.1.25623.1.0.902782Microsoft Windows Server Service Remote Code Execution Vulnerability (921883)10.0EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.902815OSWindows 7 Professional 7601 Service Pack 1nvt1.3.6.1.4.1.25623.1.0.102011SMB NativeLanMantcp_ports135,139,445nvt1.3.6.1.4.1.25623.1.0.900239Check Open TCP PortsEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11367EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11159OS-Detectioncpe:/o:microsoft:windows_7:-:sp1nvt1.3.6.1.4.1.25623.1.0.105937Services445,tcp,cifsnvt1.3.6.1.4.1.25623.1.0.11011Service detection (1.3.6.1.4.1.25623.1.0.11011)scanned_with_feedtypeGreenbone Community Feednvt1.3.6.1.4.1.25623.1.0.103739Host Scan EndEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11880ports135,139,445nvt1.3.6.1.4.1.25623.1.0.900239Check Open TCP PortsEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.15571EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11905EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11903best_os_txtWindows 7 Professional 7601 Service Pack 1nvt1.3.6.1.4.1.25623.1.0.102011;SMB NativeLanManscanned_with_scanner11.0.1nvt1.3.6.1.4.1.25623.1.0.103739Host Scan EndEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.14687EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.10927Closed CVECVE-2009-2526, CVE-2009-2532, CVE-2009-3103openvasmd1.3.6.1.4.1.25623.1.0.900965Microsoft Windows SMB2 Negotiation Protocol Remote Code Execution Vulnerability10.0Closed CVECVE-2010-0020, CVE-2010-0021, CVE-2010-0022, CVE-2010-0231openvasmd1.3.6.1.4.1.25623.1.0.902269Microsoft Windows SMB Server NTLM Multiple Vulnerabilities (971468)10.0Services135,tcp,epmap,A DCE endpoint resolution service seems to be running on this port.nvt1.3.6.1.4.1.25623.1.0.108044DCE/RPC and MSRPC Services EnumerationEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11901OScpe:/o:microsoft:windowsnvt1.3.6.1.4.1.25623.1.0.108044DCE/RPC and MSRPC Services EnumerationEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.900965hostname_determination172.16.0.171,172.16.0.171,IP-addressnvt1.3.6.1.4.1.25623.1.0.108449Hostname Determination ReportingEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.103674OScpe:/o:microsoft:windows_7:-:sp1nvt1.3.6.1.4.1.25623.1.0.102011SMB NativeLanManbest_os_cpecpe:/o:microsoft:windows_7:-:sp1nvt1.3.6.1.4.1.25623.1.0.102011;SMB NativeLanManEXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.10832EXIT_CODEEXIT_NOTVULNnvt1.3.6.1.4.1.25623.1.0.11881<scan_end>2020-05-29T00:33:45-03:00</scan_end>0<report_format></report_format>
Packet 1: 101882
Packet 2: 101991
<original_threat>Low</original_threat><original_severity>2.6</original_severity><result_count>1414300111111011<false_positive>00</false_positive></result_count>9.39.3172.16.0.1712020-05-29T00:26:43-03:002020-05-29T00:32:59-03:00<port_count>2</port_count><result_count>31110<false_positive>0</false_positive></result_count>EXIT_CODEEXIT_NOTVULN
The text was updated successfully, but these errors were encountered: