I have installed OpenVAS community using docker container and everything works well.
After trying to fix all the issues for running gvm-scripts with
sudo gvn-check-setup -h and following the instructions, the OpenVAS was on https which is good but the GVM_DATA (like Port Lists and Scan Configs) were removed. I have tried every possible workaround I found on the internet to retrieve GVM data but none worked.
I have also tried
I believe the issues come from the following command when I tried to fix the issues for running the gvm-scripts:
sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database
Some useful information that may help:
- OpenVAS Scanner: 22.4
- GMP Version:22.4
- gvm-script: 23.4.0
- API version: 23.4.2
- PostgreSQL Version: 15.4
Any idea on how to retrieve GVM_DATA so as to be able to run scans?
The Docker containers don’t use the
gvm-check-setup command. So, I don’t know why you are using it. Looks like you have confused the Kali native install and the Docker containers install.
@rippledj probably you are right!
if I install OpenVAS community docker, can I still make use of
I got many errors when I tried to run
gvm-script, but after using
gvm-check-setup I was able to run any
Maybe is better to go with the normal installation instead of dockerizen version?
Yes you can. See https://greenbone.github.io/docs/latest/22.4/container/workflows.html#using-gvm-tools-for-cli-access and https://greenbone.github.io/docs/latest/22.4/container/workflows.html#exposing-gvmd-unix-socket-for-gmp-access. Just replace
This depends on you knowledge and skills. IMHO the docker version is easier to use, especially updating the feed but @rippledj will disagree
Thank you @bricks for your reply.
I have installed again OpenVAS community container and tried what you suggested on the first link.
The command worked with
gvm-cli but not with
What I want to achieve finally by leveraging the dockerized version of the OpenVAS Community, is with the use of a script (as I believe is the best option) to create the targets, tasks, run the scans, and finally get the results. So to make the commencement of this process, as a first step, I am trying to run the example script that is on the following link:
For the sake of ease, I am placing a sprintscrean of the script:
However, after running the script, I got the following error:
I think, is better to find a way to overcome the above error and then I can play with the scripts and get the desired results. To overcome the above issue I used
gvm-check-setup which it was a wrong direction…
I have also tried the below but again I got errors:
IMHO native packages are way easier!
If you don’t have a dedicated system, then Docker containers are maybe less resource intensive than running a full VM for native package installation. However, I know that native packages for Ubuntu 22.04 are broken and for Ubuntu 23.04 are somewhat improved but still not 100% functional which just leave Kali for easy native installation support. I also find making some persistent changes to the environment are easier for native packages (bare-metal or VM) than Docker.
Also, as far as I know, SSL/TLS is not supported for Docker containers, so if remote access is your use case requirement, native install is sort of required.
That being said, @bricks = is still the Wizard of the land!
By replacing it didn’t mean a one to one replacement
gvm-script do different things and require different arguments.
gvm-cli is for running XML based GMP commands directly against gvmd.
gvm-script is for executing a Python base GMP script. That said
<get_version/> is of course not an existing file containing a Python based GMP script
If you want to run a GMP script from your host you need to do the following:
Note: The host is the machine running the containers.
You can use gvm-script with a docker container you will just need to mount the script your going to in the docke gvm-tools container with -v(voiume), -w (workdir) makes it easier to run the script.
RUN_OPTIONS=" --it --rm -v $PWD:PWD -w $PWD/script.py --no-deps"
docker compose $COMPOSE_OPTIONS run $RUN_OPTIONS gvm_tools
gvm-script --gmp-user=admin socket $PWD/script.py
I use --no-deps here to ensure that I do not replace any existing containers. That way my communications with gvmd are immediate and error handling is simpler if the server I am taking to is in a failed state. It does assume that my script is only talking to a gvmd container that is always running.
Hi @rippledj and @bricks,
I am sorry for the late reply and thank you for your suggestions.
I had some issues and I needed to go offline. Now I am back and I will resume the work.
I will try your suggested workaround and let you know if all is good!
I will try to run a script that returns OpenVAS version, targets, and tasks as a simple proof-of-concept.