Openvas comes with predefined lists of ports, which seems rather outdated such as “IANA assigned TCP 2012-02-10”. These port lists being used by the tasks to perform scans, I would assume this should be critical to have those kept up to date.
Curiously, they are not and there is no automatic way to update them (like for portnames, with the script openvas-portname-update).
I tried to upload the latest IANA port list in xml format, but the format is not accepted by openvasmd. And this doesn’t seem to be documented anywhere.
So where can we found updated port lists that can be imported in the tool ?
Thanks a lot
Upping this topic. Nobody has a clue ? Seems like highly important issue to me, as with long outdated port lists it’s likely the scanner will miss a lot of vulnerabilities…
The pre-defined port lists are hardcoded within the source code of the manager and can’t be changed “on the fly” by a user.
If you want to use different port lists you can browse to Configuration -> Port Lists within your GSA and define an own Port List. The in-build help page should give you additional information on the expected syntax of the port list.
Thanks cfi. Is this hard coded list updated from time to time ? Or is it the same since 2012 ?
AFAIK pre-defined port lists are newer updated on purpose because the consistency between reports can no longer be guaranteed.
That makes sense for existing tasks. But new tasks will be run with a (long) outdated port list then… I have looked at the options to update ports lists. But the format is far from obvious, and typical IANA port lists xml files are not compatible.