One task scans a complete /24 network with 254 IP addresses. The problem is, the alive check is not working (over firewall), the TCP alive tests consider any IP as alive. ICMP and ARP does not work or is not reliable. Each scan lists a number of 254 active hosts.
I can provide a list of IP addresses (or FQDN) with active hosts. The target list for a task must be updated via the socket connection using a Python script. Even if I create a alterable task, the targets cannot be changed.
The update task target script is says ‘The given task needs to have the status “new”.’
How can I create a new target list using a script, replace it within the corresponding task and then delete the old target list?
While a /24 CIDR has 254 possible host IP addresses, it actually has 256 total IP addresses including the default gateway and broadcast address.
Regarding your issue: as per my knowledge, you cannot replace the target of a task, nor can you change a target that has been attached to a scan task. This is to protect the integrity of the scan task results. However, you may be able to accomplish it by altering the PG database behind the scenes.
I think it is worthwhile looking at your firewall configuration to determine why it is responding to TCP connections on arbitrary ports and whether this is a potential security misconfiguration within itself. While a next-gen or stateful firewall can evaluate connection status and enforce connection status-based rules, I don’t know of any case for the firewall to establish connections itself. On the other hand, a content filter proxy may. Perhaps you have some sort of network misconfiguration.
Either way, if you want to provide an explicit list of IP addresses to a target and use that target to create a scan task, you can just supply a comma-separated list of IP addresses.
1 Like
Is changing the database the only option?
A new target be selected in the interface for a changeable task.
Couldn’t the creation of the new target, the assignment to the task and the deletion of the old target be automated using a gmp script?
Has anyone tried or built something like this?
Hi Meredith,
You could be right, using python-gvm and the modify_task function to replace the target_id would likely work.
I don’t expect that the same restrictions in the GSA web-interface will apply to direct GMP interaction.