OpenVas comes pre-installed on Kali linux. It can be manually downloaded from:
http://www.openvas.org/download.html
Before starting OpenVas it is necessary to run the setup first. This will create the database and prompt you to create login details. Do not forget these details. If you do however forget your login you can create a new admin user with the command sudo openvasad -c add_user -u administrator -r Admin. To begin the setup run the command:
sudo openvas-setup
Note, this process may take a while. After the setup has complete it is a good idea to run the setup check as an extra precaution. Run the check with the command:
sudo openvas-check-setup
If all went well you should have a screen like the one above. Note this line:
OK: Greenbone Security Assistant is listening on port 9392, which is the default port.
Now we can go to our web browser and go to the url:
https://127.0.0.1:9392
You will be warned of an untrusted SSL certificate. This is only because OpenVas is using its own self-signed certificate. You should be presented with this login prompt:
Login with your credentials you created during the setup. Once you are logged in go to the administration tab and update your NVT, SCAP and CERT feed. This may take a very long time depending on how long it was since the last update.
NVT: Network Vulnerability Test
SCAP: Security Content Automation Protocol
CERT: Computer Emergency Response Team
Once that has completed you are ready to add your targets for scanning. Navigate to Configuration, targets. Once in the targets panel click on the star icon to add a new target:
Enter the IP address and any details of the host you wish to scan. Set the port options to your desired port range. In this case I will be scanning all TCP ports as assigned by IANA. You can also add a list of IPs located in an external file.
Once you have created your target click "Create Target". Now we need to create a task and add this target to it. Go to Scan management and click New Task. This where you set your desired type of scan. The first option "Full and Fast" is the fastest of them all. The scans take longer for each type of scan with "Full and very deep ultimate" taking the longest. For now I am just setting it at the Full and Fast. Under targets, add your target you created earlier. You have the option of adding any observers to the scan as well. This would be any user you want to let view the scan remotely.
Once the task has been created, it will be listed in the home page of OpenVas. Start the scan by clicking the play button to the left of your task.
The box I am scanning is a Windows XP SP2 system running on Virtual Box. It is running xamp with apache and mysql enabled.
Scan Results
As well as printing the results you are also given advise on how to fix the issues like the one below.
After this scan I re-ran the scan using the Full and very deep ultimate setting. The scan took around and hour and half and found 1 more vulnerability bringing the total up to 7. This goes to show how taking the extra time can mean the difference between a successful compromise and an unsuccessful one.
It is complete details provided onn the vulnerability scanning with OpenVas. Although the result is time taken around 1.5 hours but the result is quite effective. good one
ReplyDeleteearn money online without investment
ReplyDeleteReally amazing, Your articles were very nice and full of information. Thanks, great post. I really like your point of view!
I definitely enjoying every little bit of it. It is a great website and nice share. I want to thank you. Good job! You guys do a great blog, and have some great contents. Keep up the good work.