Revendor openvas omp, fix ruby deprecations when using the openvas plugin

[busterb]

PR #7223 had good intentions that we'd see better support from the upstream vendor gem for openvas-omp, but unfortunately it hasn't been maintained in a while (see #13797 (comment) kost/openvas-omp-ruby#4, etc.). So this PR undoes #7223 and fixes the long-standing bug in using the deprecated timeout function.

Fixes #13797 #12715 #12848

Verification

• Start msfconsole and use the openvas plugin, verify functionality

$ ./msfconsole -qx 'load openvas; openvas_connect admin password localhost 9390'
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS
[*] Connecting to OpenVAS instance at localhost:9390 with username admin...
[+] OpenVAS connection successful
msf5 > openvas_
openvas_config_list           openvas_report_delete         openvas_target_list           openvas_task_resume_or_start
openvas_connect               openvas_report_download       openvas_task_create           openvas_task_start
openvas_debug                 openvas_report_import         openvas_task_delete           openvas_task_stop
openvas_disconnect            openvas_report_list           openvas_task_list             openvas_version
openvas_format_list           openvas_target_create         openvas_task_pause            
openvas_help                  openvas_target_delete         openvas_task_resume           
msf5 > openvas_config_list 
[+] OpenVAS list of configs

ID                                    Name
--                                    ----
085569ce-73ed-11df-83c3-002264764cea  empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5  Host Discovery
698f691e-7489-11df-9d8c-002264764cea  Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea  Full and very deep
74db13d6-7489-11df-91b9-002264764cea  Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196  Discovery
bbca7412-a950-11e3-9109-406186ea4fc5  System Discovery
daba56c8-73ec-11df-a475-002264764cea  Full and fast

msf5 > openvas_report_list 
[+] OpenVAS list of reports

ID  Task Name  Start Time  Stop Time
--  ---------  ----------  ---------

I'm relying on OpenVas users like @bcoles, @guarisma, and @KittyTechnoProgrammer to validate that this works as expected in their scenarios. Thanks in advance!

[bcoles]

openvas_report_list failed for me.

msf6 > db_connect msf:msf@127.0.0.1:5432/msf
Connected to Postgres data service: 127.0.0.1/msf
msf6 > load openvas 
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS
msf6 > openvas_connect 
[*] Usage:
[*] openvas_connect username password host port <ssl-confirm>
msf6 > openvas_connect admin admin 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username admin...
[+] OpenVAS connection successful
msf6 > op
openvas_config_list           openvas_format_list           openvas_report_import         openvas_target_list           openvas_task_pause            openvas_task_stop
openvas_connect               openvas_help                  openvas_report_list           openvas_task_create           openvas_task_resume           openvas_version
openvas_debug                 openvas_report_delete         openvas_target_create         openvas_task_delete           openvas_task_resume_or_start  options
openvas_disconnect            openvas_report_download       openvas_target_delete         openvas_task_list             openvas_task_start            
msf6 > openvas_report_list 
[-] Error while running command openvas_report_list: undefined method `elements' for #<Hash:0x00005562f1b06450>

Call stack:
/root/Desktop/metasploit-framework/plugins/openvas.rb:463:in `block in cmd_openvas_report_list'
/root/Desktop/metasploit-framework/plugins/openvas.rb:462:in `each'
/root/Desktop/metasploit-framework/plugins/openvas.rb:462:in `cmd_openvas_report_list'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:23:in `<main>'
msf6 > openvas_target_list 
[+] OpenVAS list of targets

ID                                    Name                                        Hosts       Max Hosts  In Use  Comment
--                                    ----                                        -----       ---------  ------  -------
0df3e819-80e0-413d-bdc7-0c10e6f33e64  10.1.1.100                                  10.1.1.100  1          0       10.1.1.100
7df71246-b6de-4880-8cb4-700e1eea4fa7  Target for immediate scan of IP 10.1.1.170  10.1.1.170  1          1       
d6794c07-4bdb-4e5e-911b-3f59da3c4530  Target for immediate scan of IP 10.1.1.100  10.1.1.100  1          1       


msf6 > openvas_report_list 
[-] Error while running command openvas_report_list: undefined method `elements' for #<Hash:0x00007faa84207b10>

Call stack:
/root/Desktop/metasploit-framework/plugins/openvas.rb:463:in `block in cmd_openvas_report_list'
/root/Desktop/metasploit-framework/plugins/openvas.rb:462:in `each'
/root/Desktop/metasploit-framework/plugins/openvas.rb:462:in `cmd_openvas_report_list'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:523:in `run_command'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:474:in `block in run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `each'
/root/Desktop/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:468:in `run_single'
/root/Desktop/metasploit-framework/lib/rex/ui/text/shell.rb:158:in `run'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start'
/root/Desktop/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start'
./msfconsole:23:in `<main>'
msf6 > openvas_task_list 
[+] OpenVAS list of tasks

ID                                    Name                             Comment  Status  Progress
--                                    ----                             -------  ------  --------
967a1f1d-aef6-4baf-9845-273e636d3589  Immediate scan of IP 10.1.1.170           Done    -1
98b3e311-1811-4c9f-9ef4-c4af199c7538  Immediate scan of IP 10.1.1.100           Done    -1


msf6 > 

[busterb]

Cool, thanks! I'll take a look.

[busterb]

I fixed a lot of bugs (there were many, from XML format detection to missing methods in the database itself). Question: this plugin seems to be confused about whether it wants to deal with integer indexes, or UUIDs. Which is better? Is it both?

[bcoles]

I fixed a lot of bugs

:hooray:

Question: this plugin seems to be confused about whether it wants to deal with integer indexes, or UUIDs. Which is better? Is it both?

Your guess is as good as mine. I don't use OpenVAS and the original posters are AWOL.

[bcoles]

Oh, I see what you mean now. I use the report UUID but for no good reason.

That seems to work much better.

msf6 > db_connect msf:msf@127.0.0.1/msf
Connected to Postgres data service: 127.0.0.1/msf
msf6 > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS
msf6 > openvas_connect admin admin 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username admin...
[+] OpenVAS connection successful
msf6 > openvas_report_list 
[+] OpenVAS list of reports

ID                                    Task Name                        Start Time  Stop Time
--                                    ---------                        ----------  ---------
7bee224c-b15f-433d-9a59-aab0442a5434  Immediate scan of IP 10.1.1.100              
f5674838-2335-4341-b2c0-c0de247432ad  Immediate scan of IP 10.1.1.170              


msf6 > openvas_
openvas_config_list           openvas_format_list           openvas_report_import         openvas_target_list           openvas_task_pause            openvas_task_stop
openvas_connect               openvas_help                  openvas_report_list           openvas_task_create           openvas_task_resume           openvas_version
openvas_debug                 openvas_report_delete         openvas_target_create         openvas_task_delete           openvas_task_resume_or_start  
openvas_disconnect            openvas_report_download       openvas_target_delete         openvas_task_list             openvas_task_start            
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434
[*] Usage: openvas_report_import <report_id> <format_id>
[*] Only the NBE and XML formats are supported for importing.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434 xml
[-] OpenVAS OMP: Invalid report id.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434 7bee224c-b15f-433d-9a59-aab0442a5434
[-] OpenVAS OMP: Invalid report id.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434 
[*] Usage: openvas_report_import <report_id> <format_id>
[*] Only the NBE and XML formats are supported for importing.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434 XML
[-] OpenVAS OMP: Invalid report id.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434 xml
[-] OpenVAS OMP: Invalid report id.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434
[*] Usage: openvas_report_import <report_id> <format_id>
[*] Only the NBE and XML formats are supported for importing.
msf6 > openvas_report_import 7bee224c-b15f-433d-9a59-aab0442a5434 xml
[-] OpenVAS OMP: Invalid report id.
msf6 > openvas_report_import 0 xml
[*] Importing report to database.
msf6 > vulns

Vulnerabilities
===============

Timestamp                Host       Name                      References
---------                ----       ----                      ----------
2020-08-12 13:37:44 UTC  127.0.0.1  ICMP Timestamp Detection  

msf6 > 

It seems to be confused about the host IP address. Not sure why the host shows up as 127.0.0.1.

msf6 > services
Services
========

host  port  proto  name  state  info
----  ----  -----  ----  -----  ----

msf6 > hosts

Hosts
=====

address  mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------  ---  ----  -------  ---------  -----  -------  ----  --------

msf6 > openvas_report_list
[+] OpenVAS list of reports

ID                                    Task Name                        Start Time  Stop Time
--                                    ---------                        ----------  ---------
7bee224c-b15f-433d-9a59-aab0442a5434  Immediate scan of IP 10.1.1.100              
f5674838-2335-4341-b2c0-c0de247432ad  Immediate scan of IP 10.1.1.170              


msf6 > openvas_report_import 1 xml
[*] Importing report to database.
msf6 > hosts

Hosts
=====

address    mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------    ---  ----  -------  ---------  -----  -------  ----  --------
127.0.0.1             Unknown                    device         

msf6 > services
Services
========

host       port  proto  name  state  info
----       ----  -----  ----  -----  ----
127.0.0.1  80    tcp          open   
127.0.0.1  111   tcp          open   

msf6 > 

msf6 > openvas_report_import 0 xml
[*] Importing report to database.
msf6 > hosts

Hosts
=====

address    mac  name  os_name  os_flavor  os_sp  purpose  info  comments
-------    ---  ----  -------  ---------  -----  -------  ----  --------
127.0.0.1             Unknown                    device         

msf6 > services
Services
========

host       port  proto  name  state  info
----       ----  -----  ----  -----  ----
127.0.0.1  22    tcp          open   
127.0.0.1  80    tcp          open   
127.0.0.1  139   tcp          open   
127.0.0.1  443   tcp          open   
127.0.0.1  445   tcp          open   
127.0.0.1  631   tcp          open   
127.0.0.1  3260  tcp          open   
127.0.0.1  8080  tcp          open   

msf6 > 

[busterb]

The IP address issue is actually a UUID bug. When you try to specify 'XML' as the format_id, currently the plugin tries to marshal that to an index, fails, it becomes '0', then 'Anonymous XML' gets selected. I think having to specify a format_id on import is dumb anyway, since why wouldn't you just want 'XML' all the time? Thinking of changing it to just work and removing format_id as an option.

[bcoles]

I think having to specify a format_id on import is dumb

+1

[adfoster-r7]

Hey @busterb / @bcoles - is there anything I can do to help this get landed? 🎉

[busterb]

Hi @adfoster-r7 I wanted to improve it a bit more since there are more things broken, but my OpenVAS installation went belly-up, and it seems every distro I tried has it broken as well, left a comment on #13797 with current notes.

[github-actions]

Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it attic and closed it for now.

What does this generally mean? It could be one or more of several things:

• It doesn't look like there has been any activity on this pull request in a while
• We may not have the proper access or equipment to test this pull request, or the contributor doesn't have time to work on it right now.
• Sometimes the implementation isn't quite right and a different approach is necessary.

We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this!

[adfoster-r7]

Just doing a clear out of older PRs that are in limbo 👍