Collaborate Disseminate
I have a Laravel site, I thought I patched this issue already.
I got these in my session.php
‘secure’ => true,
‘http_only’ => true,
But OpenVas still detected that I still need to it.
It also listed it 3 times
Am I miss… Continue reading Missing HTTPOnly Cookie Attribute in Laravel 7
OpenVAS found a vulnerability where it points to PHP versions 5.4.3 and 5.3.13.
But both the two hosts I checked with OpenVAS are running PHP 7.2.x.
Would this vulnerability be a false positive?
High (CVSS: 7.5) NVT: PHP-CGI-based setups … Continue reading Why does OpenVAS warn about PHP 5 when I am running PHP 7?
I am looking at a particular Azure SQL Database that has Server level firewall rules. I am told there are no database level firewall rules. Nmap reported open ports on the database even though the IP address i ran it from was not allowed… Continue reading Azure SQL Database firewall allows TCP connections when they should be blocked [migrated]
I recently launched a system discovery scan with OpenVAS to an IP from my net to compare its results to Nmap. As you can see in the image OpenVAS does not find all the ports Nmap does.
Both scans were all TCP ports scans. Also, both too… Continue reading Why OpenVAS does not find all open ports compared to Nmap?
I’ve been trying to install OpenVas on my Kali Linux
I have no luck.
I tried to Google, I found this link
https://iamjagjeetubhi.wordpress.com/2017/04/10/fix-unable-to-locate-package-error-in-kali-linux/
I open that sources.list, a… Continue reading Unable to locate package openvas – Kali Linux
I’m trying to intentionally open up an SQL vulnerability in a web app to see if OpenVAS will pick it up.
There’s a url that OpenVAS tries, which is /news/?group_id=&limit=50&offset=50;select+1+as+id,unix_pw+as+forum_… Continue reading OpenVAS – how does it know if an SQL vulnerability is open?
I tried evaluating the NVTs with OpenVas and I can definitely say they are great. Now, I’ve seen an option that shows “Enable generic web application scanning”. But I didn’t find an option to enable it.
Any help with this?
… Continue reading How can I enable web application scanning in OpenVas? [on hold]
I recently installed openvas9 following this guide.
I can log into the web interface on port 4000 just fine, and I ran a scan on my metasploitable VM for testing, and it seems good. Now I wanted to import the results into met… Continue reading metasploit openvas plugin not connecting to OpenVAS9-Manager
Can someone help me on how to use OpenVas as a purely Passive Vulnerability Scanning tool?
Continue reading How do I perform a Passive Scan with OpenVas [on hold]
I’m testing some servers with OpenVAS and I run into some SCM files that are remotely accessible:
.git/config
.git//info/exclude
.git/description
.git/HEAD that contains refs/heads/master
and
.git/refs/heads/master that … Continue reading What could an attacker do on a server where Source Control Management (SCM) files are accessible?