Openvas does not detect new vulnerabilities

cgqc · March 3, 2023, 4:23pm

Could you please help me?
every time that I scan an asset it always shows the same result

only 2 vulnerabilities
thanks

gvmd · March 5, 2023, 10:04am

It might be that you dont have updated plugins or while installation on plugins something went wrong and were properly not installed.
It also might be that there are no new vulnerabilities for the device you are scanning.
You can try to update OpenVas Scanner using the command
sudo gvm-feed-update

cfi · March 6, 2023, 11:12am

Some additional references to background info / docs:

As a source build / 3rd party package is probably used additional setup issues could also have problems.

cgqc · March 8, 2023, 4:01pm

Hi gvmd,
I have already updated the platform

And it’s happening with all the scanned assets.

If you scan your own device… it shows vulnerabilities? can you please share your configuration…
may be, I am missing some parameter.

victor.sanchez · March 13, 2023, 11:03am

@cgqc ,

If you scan your own device… it shows vulnerabilities?

Sure it does.

can you please share your configuration…

Even with the default ones (Full and fast, etc.) it should work. What scan configuration are you using? Could you please post it here?

Thank you in advance.

cgqc · March 15, 2023, 2:54pm

First of all, thanks for your answer.

This is what I have.

Please tell me what else should I share

victor.sanchez · March 16, 2023, 8:14am

Hello @cgqc ,

I do not see anything unusual in your configuration/set up.

You mentioned that you have tested several assets. Why don’t you try to audit something that you know it is already vulnerable?. For example, an out-of-date machine or something like this?.

If that doesn’t work, maybe you should check the references mentioned by @cfi.

Regards.

cgqc · March 16, 2023, 2:50pm

Hello @victor.sanchez
That is my point, I tried with multiple assets, and is not working.
I checked the information provided by @cfi but is still not working.
any other ideas?
please, I really need to solve this issue.

@gvmd any ideas?

cgqc · March 21, 2023, 3:16pm

Hi @victor.sanchez & @gvmd … please help me on this.

cgqc · March 22, 2023, 1:52pm

Hi @DeeAnn , maybe you can help me.
regards.
Carlos Quintana

cgqc · March 28, 2023, 2:41pm

hi all,
@victor.sanchez - @gvmd - @cfi … someone… please !! help!!

cfi · March 29, 2023, 2:47pm

Please:

note that quite a lot help has been already been given previously via various pointers
remember that additional help might not be possible as currently required from your side
- support in this forum is only given on a voluntary base without any SLA or similar
- additional help might require direct access to the environment in question and such support can’t be given by most users
avoid pinging / mentioning users directly, especially multiple times in a row as it is causing unnecessary notifications for users not able to give additional support

To sum up the pointers given either directly in previous comments or in provided links and reasons why some vulnerabilities might not show up:

the target in question is not prone to additional flaws / vulnerabilities besides the current reported ones
there are no VTs for the vulnerabilities on the target in question, e.g.:
- many VTs are only provided in the Greenbone Enterprise Feed
- there is generally no coverage for the products / vulnerabilities on the target in question
there are network problems between the scanner host and the target host
some required ports have not found to be open or have been closed after the initial port scanning phase
the target in question is slow to respond / overloaded and not responding in a timely manner
a setup/installation issue for the scanning environment / scanner exists
- especially valid for uncoordinated integrations / 3rdparty packages and similar
some of the expected flaws are not shown due to a low quality of the detection (QoD)
- More info: 11.2.6 Quality of Detection Concept
a not working authentication on the target if the detection of the flaw requires such
an insufficient port list configuration (e.g. a flawed application is running on a specific port not included in the current port list)
various additional possible unknown factors

As this topic is quite too generic (e.g. it wasn’t even mentioned which flaws are expected to show up) it is suggested to first start with a well working setup consisting of e.g.:

for the scanner side: Greenbone Enterprise TRIAL from https://www.greenbone.net/en/testnow
for the target side: a well known affected target like e.g. a Metasploitable 2 VM

and if that is working as expected continue to isolate the not working part of the environment.

cgqc · April 4, 2023, 3:47pm

Hello,
I want to apologize for being so intense about it. I understand your point of view and I agree.
I have tried all the recommendations and none have worked and that is why I ask for help.
Everything seems fine with the things you’ve mentioned, but I can’t find any new vulnerabilities on the devices.
It’s not normal to get such low results after scanning multiple devices, but I get your point.
Unfortunately, I couldn’t find any more help from the community, so thanks for the effort.

bricks · April 5, 2023, 11:35am

What about trying

?

koda5523 · April 24, 2023, 4:08pm

Hello,
I face the same issue. The cause was that the feed processes were interrupted by a reboot of the server. There were not updated and in a stale state.
/usr/sbin/greenbone-feed-sync --type CERT
/usr/sbin/greenbone-feed-sync --type SCAP
/usr/sbin/greenbone-feed-sync --type GVMD_DATA
/usr/sbin/greenbone-feed-sync --type SCAP
Solve the problem for me.
Hope it helps.
koda