openvas test results

IRJ

@matteo-nunziati said in openvas test results:

slightly off topic: did anyone manage to get the OVA working in VirtualBox? I just tryed and it crashed without any real backtrace. Now downloading the iso...

Just install Ubuntu or CentOS and run it from there. I think it''s very simple with pre-built packages. The VM is not recommended for anything but testing anyway.

http://www.openvas.org/install-packages-v7.html

marcinozga

https://forums.atomicorp.com/viewtopic.php?f=31&t=8539#p44057 - this is step by step guide for Centos 7.

matteo nunziati

just configured an ubuntu VM. web interface was still waiting for seeding when I leaved the office

momurda

Yesterday afternoon I started a scan on the workstation network. Previously I was just using it for servers.
Later, in the evening, I logged in to my Webroot admin console and saw that about 25% of the endpoints were reporting an infection. I just about lost my mind. Luckily, I soon found out that openvas uses winexecsvc.exe to do its thing on Windows machines. Just FYI if anybody else is using this and quite green like me.

IRJ

@momurda said in openvas test results:

Yesterday afternoon I started a scan on the workstation network. Previously I was just using it for servers.
Later, in the evening, I logged in to my Webroot admin console and saw that about 25% of the endpoints were reporting an infection. I just about lost my mind. Luckily, I soon found out that openvas uses winexecsvc.exe to do its thing on Windows machines. Just FYI if anybody else is using this and quite green like me.

I am really surprised webroot hasn't run into OpenVAS before.

momurda

@irj Yes. There are a couple forum posts about it, but they apparently haven't changed the default detection of it as bad.

momurda

Today i scanned an IIS server.
It showed these results, which seem quite frightening. I am only interesested in the two i marked.
0_1513810425793_15773e2d-2c28-4498-910c-4bdb001b3866-image.png
Now, these two items score above 9 on openvas scanner, which means openvas thinks they are very bad.
Then i log into the server, check for updates from Microsoft Update. Server says it is fully uptodate.
Then i try to actually navigate the links from openvas on technet/ms catalog/ms docs/etc. to download these single updates. What a nightmare those sites are.
I finally get the standalone update downloaded, install it, and "This update is not applicable to your computer." So i guess that means it is installed? If so why is openvas saying it isnt, and being so confident(80%) that it is.

travisdh1

@momurda said in openvas test results:

Today i scanned an IIS server.
It showed these results, which seem quite frightening. I am only interesested in the two i marked.

Now, these two items score above 9 on openvas scanner, which means openvas thinks they are very bad.
Then i log into the server, check for updates from Microsoft Update. Server says it is fully uptodate.
Then i try to actually navigate the links from openvas on technet/ms catalog/ms docs/etc. to download these single updates. What a nightmare those sites are.
I finally get the standalone update downloaded, install it, and "This update is not applicable to your computer." So i guess that means it is installed? If so why is openvas saying it isnt, and being so confident(80%) that it is.

Obviously something isn't right. Which server version is that IIS running on?

momurda

IIS 8 on Server 2012.
I suppose it is possible that even at 80% this is a false positive detection.
Windows update screen
0_1513881247443_4575deac-8dae-478f-9b77-78590231e488-image.png
The optional update is for SilverLight

travisdh1

@momurda said in openvas test results:

IIS 8 on Server 2012.
I suppose it is possible that even at 80% this is a false positive detection.
Windows update screen

The optional update is for SilverLight

It could be that Microsoft hasn't released those updates for 2012. Isn't 2012 only covered under extended support now?

Edit: Answering my own question, normal support for 2012/2012R2 ends in 2018.

Accordingly, you should be able to apply those updates.

momurda

I think they are applied and that openvas is being dumb.

momurda

The updates that openvas says are missing are actually installed.
0_1513959881520_4b4ef504-8599-4e4a-8910-59454a869a4d-image.png
and
0_1513959902246_3adff0eb-2190-44f6-84a1-d142bf65e3c2-image.png

Obsolesce

Does anyone still have an OpenVAS scanner going?

momurda

I use mine every couple weeks. It is off right now

Obsolesce

@momurda said in openvas test results:

I use mine every couple weeks. It is off right now

I'm asking because I don't have anything set up, and was curious if anyone could do a non-intrusive vunlerability scan against my VPSs, one on GCP and one on turnkeyinternet?

I'd like to compare the results...

momurda

If you give me ip and port i can setup and run a scan. It is incredibly slow here this week. I shouldnt even be in the office.

Obsolesce

@momurda said in openvas test results:

If you give me ip and port i can setup and run a scan. It is incredibly slow here this week. I shouldnt even be in the office.

tgserv.timothygruber.com

mc.timothygruber.com

See what comes up just from that info.

momurda

Ok scanning now
edit: openvas tripped the IPS and got banned from all net activity for 20 minutes while scanning these sites, so it was working.

Obsolesce

@momurda said in openvas test results:

Ok scanning now
edit: openvas tripped the IPS and got banned from all net activity for 20 minutes while scanning these sites, so it was working.

Okay, I will see about turning it off later today. I'll let you know. Thanks for trying.

momurda

@tim_g I meant my IPS. It has resumed scanning after the 20 minute ban.