Skip to content

Releases: greenbone/openvas-scanner

OpenVAS Scanner v6.0.2

12 May 14:22
ae852b6
Compare
Choose a tag to compare

This is the second patch release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

Main changes compared to openvas-scanner 6.0.1:

  • The call to wmiexec.py has been replaced with impacket-wmiexec, because
    the symlink has been added in Debian Stretch with python-impacket 0.9.15-1.
  • An issue which could have caused a truncated string in register_service()
    has been fixed.
  • Improve signal handling when update vhosts list.
  • Increase size of buffer for preferences to allow for up to 105K NVTs.
  • Perform the scan even if there are missing plugins in the nvticache.
  • Drop HTTP sync.
  • Use new URL for GCF rsync.

OpenVAS Scanner v7.0.0

11 Oct 09:27
71259c8
Compare
Choose a tag to compare

Added

  • An ID has been added to NVT preferences. #282
  • A new NVT cross references data handling has been added. #317
  • Add option --scan-stop. #352
  • Add support to open an rc4 stream cipher, the function to encrypt stream data using the cipher handle,
    and the function to close a handler. #354
  • Add one single config for redis to config/redis-openvas.conf. #370

Changes

  • Vendor version is now an option in the config file. #363
  • The NVT preference format has been changed. #275
  • Redis supported versions must be 3.2 or higher. #287
  • Log directory is now configurable. #316
  • The greenbone-nvt-sync script is not allowed to run as root. #323
  • OpenVAS Scanner has been renamed to OpenVAS (Open Vulnerability Assessment Scanner). #337 #343
  • Retry until a host finishes and frees a db before running a new host scan, in case there is no free redis db. Therefore a infinite loop has been added when it call kb_new(). #340
  • Use new nvti_add_tag() instead of plug_set_tag() and remove plug_set_tag(). #385
  • Remove dead code about tags regarding former openvas settings "result_prepend_tags" and "result_append_tags". #386
  • Check cache/feed errors during plugin scheduling. #358
  • Vendor version is now an option in the config file. #363
  • Use API for accessing NVTI elements. #365

Fixed

  • An issue with stuck scans where only a single plugin is running and is beyond its timeout has been addressed. #289
  • Fix a type mismatch. Use correct format specifier for size_t. #299
  • An issue which caused falling back into a default port in get_ssh_port() has been fixed. #342
  • An issue which could have caused a truncated string in register_service() has been fixed. #373
  • Reset redis connection after the host scan finished. This avoids to leave open fd, which cause ulimit problems. #384
  • Fix mis-identification of Sphinx Search service. #387
  • Set a key in redis when the scan finishes and fix stop scan using the right pid. #390
  • Fix detection of finger service. #391
  • Wait for zombie process in case of timed out nvts. #379
  • Fix handling of file type nvt preferences. #399

Removed

  • Unused be_nice scan preferences has been removed. #313
  • OTP has been entirely removed in favor of using the ospd-openvas interface. #333 #351
    #337 #389
  • Daemon mode has been entirely removed. #337 #341

OpenVAS Scanner v6.0.1

17 Jul 10:48
76ff5fa
Compare
Choose a tag to compare

This is the first patch release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

Main changes compared to openvas-scanner 6.0.0:

  • An issue which caused the scanner to crash when a plugin is missing
    during a scan has been addressed.
  • An issue which caused a plugin to hang in nasl_pread() has been addressed.
  • Lower-case format is used for values added from add_host_name().
  • Do not launch the scan if the nvticache is corrupted or an error is detected
    during the plugin schedule process.
  • Issues in building process have been addressed.
  • An issue which caused the manager to consider a scan as finished when it was
    actually stopped has been addressed.
  • An issue which caused possible null IP values in OTP results has been
    addressed.
  • An issue which caused forgotten children of children processes has been
    addressed.
  • The unfinished Advanced log feature has been removed.
  • An issue which caused a plugin to finished immediately when a wrong
    custom timeout was sent from the manager has been addressed.
  • An issue which caused a scan to hang for ever if there was no redis kb
    available has been addressed.
  • An issue which caused a plugin to use the default port when a custom port
    is given has been addressed.

OpenVAS Scanner v6.0.0

05 Apr 09:49
55c53e1
Compare
Choose a tag to compare

This is the first release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.

Apart from this, the module covers a number of significant advances
and clean-ups.

Main changes compared to openvas-scanner 6.0+beta2:

  • Function to get the currently running script filename has been added.
  • Debugging nasl mechanism has been improved, replacing preprocessor directives
    with g_debug facility.
  • An issue related to the log facility and greenbone-nvt-sync has been fixed.
  • OpenVAS reload has been improved.
  • Code related to redis queries was improved.
  • An issue which caused nasl-lint to fail in case of unneeded nested functions
    has been addressed.
  • An issue which caused returning erroneous values by
    get_plugin_preference() has been addressed.
  • An issue which cause stuck scans where only a single plugin is running
    and is beyond its timeout has been addressed.
  • Unused internal_send/recv() functions have been removed.
  • Issues reported by static code analysis have been addressed.
  • Issues in building process have been addressed.
  • Several code improvements and clean-ups have been done.
  • Documentation has been improved.

OpenVAS Scanner v6.0+beta2

04 Dec 15:25
7a87039
Compare
Choose a tag to compare
Pre-release

This is the second beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

The module covers a number of significant advances and clean-ups.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matt Mundell, Juan Jose Nicola,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to openvas-scanner 6.0+beta1:

  • A new command line option 'scan-start' with a scan ID has been added. This
    add support for non-OTP clients.
  • Handling of vhosts and multiple domain names has been improved.
  • Setting 'kb_location' has been renamed to 'db_address'.
  • Cleanup of plugin child processes has been improved.
  • Routines for tcp and udp required ports checks have been improved.
  • An issue caused by password quotation has been addressed.
  • Script version has been removed.
  • Script copyright has been removed.
  • An issue which caused a hanging scan process has been addressed.
  • An issue related to WMI_HANDLE which caused a segmentation fault has
    been addressed.
  • NASL get_host_names() API has been added.
  • Several code style improvements have been done.
  • Several performance improvements have been done.
  • The plugin scheduler has been improved.
  • Define MAXPATHLEN for specific downstream architectures.
  • An issue which caused parameter pollution in certain NASL functions
    has been addressed.
  • NASL function resolve_host_name() has been added.
  • Unused preference use_mac_addr has been removed.
  • Issues in building process have been addressed.
  • Defaults to expand_vhosts if no preference was given is set to yes.
  • NASL function get_ssl_compression() has been removed.
  • Compatibility mode in GnuTLS priority string has been enabled.
  • GnuTLS RC4 + COMPAT in set_gnutls_protocol() have been enabled.
  • Several issues reported by Coverity have been addressed.
  • Documentation has been improved.

OpenVAS Scanner v5.1.3

29 Aug 16:28
a2dc191
Compare
Choose a tag to compare

This is the third maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Juan Jose Nicola, Timo Pollmeier, Jan-Oliver Wagner
and Michael Wiegand.

Main changes compared to 5.1.2:

  • An issue which caused the scanner host process to get stuck searching
    for plugins has been addressed.
  • Dependency for openvas-libraries has been raised from 9.0.2 to 9.0.3.
  • Checking routines for tcp and udp required ports have been improved.
  • Handling of requests from manager during the plugin load up has been
    improved.
  • Support to specify a regex-based mandatory key has been added.
  • New scanner option "time_between_request" has been added.
  • NVT metadata cleanup has been improved.

OpenVAS Scanner v6.0+beta1

18 Apr 15:09
ccb21c3
Compare
Choose a tag to compare
Pre-release

This is the first beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.

Apart from this, the module covers a number of significant advances
and clean-ups.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Juan Jose Nicola, Bjoern Ricks,
Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 5.1:

  • The required minimum version of new dependency GVM Libraries is 1.0.
  • Many files which are only used for openvas-scaner have been moved to this
    module from openvas-libraries. Therefore many include directives have been
    adapted to the new source code. The dependency to module openvas-libraries
    was removed.
  • OTP has been changed regarding the NVT category: It is now sent as integer
    instead of as a string.
  • Plugin scheduler has been improved.
  • NASL cryptography support has been updated.
  • The use of winexe has been replaced with using wmiexec.py.
  • Support for bigger numbers has been added to nasl_int function.
  • The logging method has been completely re-arranged to follow the standard
    logging methodology like all other GVM modules. Apart from unification,
    essentially the scanner log now has timestamps.
    • openvassd.dump does not exist anymore: The log information are now handled
      via central logging with respective log domain.
    • Log location has been moved to /var/log/gvm/.
    • Support for using GLIB based logging has been added and logging messages
      have been reviewed and improved.
    • It is now possible to configure the logging via /etc/openvas/openvassd_log.conf
  • openvas-nasl-lint has been improved.
  • Handling of vhost has been improved.
  • The scanner inter-process communication has been simplified.
  • The use of struct arglist has been reduced, among others global struct for scans
    has been changed to struct global_scan. Other uses of arglist we transformed
    into redis-based data handling.
  • Handling of non_simultaneous_ports_list has been improved.
  • Handling of the plugin preferences and their communication to the client have
    been improved.
  • Host/dead and Host/ping_failed are checked before attempting to launch the
    plugin.
  • Greenbone NVT sync process has been improved: The scanner detects now on its own
    when the feed was updated and automatically loads new and changed NVTs.
  • Location of access key is now configurable.
  • The NASL command script_id has been removed.
  • The NASL command script_summary has been removed.
  • Command line option --gnupg-home has been removed.
  • openvas_popen has been replaced with GLib routine.
  • Error handling has been improved.
  • Documentation has been updated.
  • Several memory management aspects have been improved.
  • Various code cleanups and improvements, partly derived from static code analysis.
  • The CMake building process was improved.
  • Compilation issue with gcc 7 due to a switch fallthrough has been addressed.
  • Minimum required version of glib has been raised to 2.42.
  • Minimum required version of cmake has been raised to 3.0.
  • Minimum required version of libssh has been raised to 0.6.0.

OpenVAS Scanner v5.0.9

27 Mar 10:23
a184d49
Compare
Choose a tag to compare

This is the ninth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).

Many thanks to everyone who contributed to this release:
Hani Benhabiles, Christian Fischer, Jan-Oliver Wagner and Juan Jose Nicola.

Main changes compared to 5.0.8:

  • Redis performance has been improved reducing the number of queries during
    a scan.
  • An issue related to the dependency cycle detection has been addressed.

OpenVAS Scanner v5.1.2

07 Mar 12:01
90d04e3
Compare
Choose a tag to compare

This is the second maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Björn Ricks, Michael Wiegand, and Juan José Nicola.

Main changes compared to 5.1.1:

  • Plugin scheduling has been improved.
  • An issue which caused segmentation faults under certain circumstances when
    openvas-scanner was built with GnuTLS < 3.3.0 has been addressed.
  • The use of hostname and IP while logging has been made more consistent.
  • An issue which caused NVTs to be executed out of sequence has been addressed.
  • An issue which caused the main scanner process to terminate prematurely when
    receiving a SIGHUP signal under certain circumstances has been addressed.
  • Increased dependency for openvas-libraries from 9.0.0 to 9.0.2.
  • A Redis error is considered fatal and all running scans are stopped. A
    message is sent to the client and the NVTs are reloaded.
  • A new progress bar style in which dead host are not taken in account was
    added, which makes more time realistic the progress bar.
  • An issue which caused low scan performance has been addressed.
  • The preference log_whole_attack is now an scanner-only preference.
  • Several memory management issues have been addressed.
  • Load-up plugins process is now a forked child process, which prevent main
    process memory footprint growth.
  • Plugin preferences are sent directly to the client.
  • Full nvticache has been moved from .nvti files to Redis.
  • An issue with dependency cycle detection has been addressed.
  • An issue which cause complete deletion of nvticache before reloading has
    been addressed.