Scan results put 127.0.0.1 or 127.0.0.2 instead of host IP

GVM versions

gsa: 7.0.2
gvm: N/A
openvas-scanner: 5.1.1
gvm-libs: N/A

Environment

Operating system: docker image mikesplain/openvas-docker
Kernel: Linux b4222a1fc330 4.4.0-170-generic #199-Ubuntu SMP Thu Nov 14 01:45:04 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Installation method / source: docker image

Hi,

First time user, I’m doing a scan for multiple websites, I created a target for a list of valid hostnames and launched a task. Then looking at the pdf report or the xml report I see that the host field is putting the IP addresses 127.0.0.1 or 127.0.0.2 instead of the IP address those hostnames resolve to (all resolve to the same IP as they’re all virtual hosts on the same webserver). For example, this is an exerpt from the anonymous xml report:

<count>2</count><port>general/tcp<host>127.0.0.1</host><severity>10.0</severity><threat>High</threat></port><port>80/tcp<host>127.0.0.2</host><severity>7.5</severity><threat>High</threat></port><port>80/tcp<host>127.0.0.1</host><severity>7.5</severity><threat>High</threat></port><port>general/tcp<host>127.0.0.2</host><severity>10.0</severity><threat>High</threat></port><port>443/tcp<host>127.0.0.1</host><severity>7.5</severity><threat>High</threat></port><port>443/tcp<host>127.0.0.2</host><severity>7.5</severity><threat>High</threat></port></ports><results max="-1" start="1">

The scanner is in a different datacenter than the websites, communication is done by public internet. The host running the openvas scanner docker image is on a host connected directly to the internet router with a public IP address, so I don’t understand why those IP addresses appear there.

Any ideas ?

Thanks in advance.

Hi,

you are using an outdated version of a release series which is already end of life. Please take a look at

1 Like

Ahh ok, thanks !!