This article covers the openvas tutorial, how to use openvas. I wrote a post on how to use Nessus check it out! You may be familiar with OpenVAS which stands for Open Vulnerability Assessment System a vulnerability scanning and management platform. When compared to Nessus there is an obvious better choice, however openvas is free!
OpenVAS is part of an open source vulnerability management framework supported by Greenbone Networks for the vulnerable target that you will be scanning I suggest installing Metasploitable 3.
Table of Contents
Here’s What You Need
- Kali Linux VM – VirtualBox
- OpenVAS
- A vulnerable target in your home lab – Metasploitable 3
apt update
apt upgrade
apt install openvas
Now to run setup for openvas.
openvas-setup
Greenbone Security Assistant
You may have seen the name thrown around during installation Greenbone the Greenbone Security Assistant is the web client an interface for managing the . Greenbone Networks supports OpenVAS as part of its Greenbone Vulnerability Managemement solution.
Login using the admin user account the password is generated during setup and found in the output in your shell.
Feel free to change your password to something more convenient.
Add new credentials
A credentialed scan can recover more details about a host than one without credentials. These should always be considered more advantageous. Go to the Configuration tab > credentials and enter a new user. The user I am using is the vagrant user on Metasploitable 3 it is one of the default accounts with an easily cracked NTLM hash.
Import new targets from nmap
Using the Linux command cut figure out a way to get the results of the nmap scan to feed them to openvas. Delimiting by empty spaces only return unique values. Notice the -d flag is short for delimiter and how the -f 2 flag is specifying which field of the lines of the file to grep by.
root@kali:~# cat m3-initial.gnmap
# Nmap 7.80 scan nmap -A -oA m3-initial 192.168.56.0/24
Host: 192.168.56.104 () Status: Up
Host: 192.168.56.104 () Ports: 21/open/tcp//ftp//Microsoft ftpd/, 22/open/tcp//ssh//OpenSSH 7.1 (protocol 2.0)/, 80/open/tcp//http//Microsoft IIS httpd 7.5/,
root@kali:~# grep Up m3-initial.gnmap | cut -d ” ” -f 2 | uniq >> up-targets
root@kali:~# cat up-targets
192.168.56.104
192.168.56.104
Now you can create a new target and select from the up-targets file which will contain all the live hosts on the subnet we scanned.
Scan the target
Consider scans in openvas as done by creating new tasks under the Task tab. Create a new task and then kick off the scan task by clicking on the action play button next to the task.
Pick the full and very deep ultimate scan because it’s time to get into this scan for real :-).
Results from the scan
The scan completed after a long time but it came back with some pretty good results. There are a lot of vulnerabilities which makes sense because Metasploitable 3 is purposefully vulnerable.
Take it further
Python client
There is a Python wrapper a web client for the OVM server which is really a convenient why of automating web scans.
git clone https://github.com/golismero/openvas_lib.git
python setup.py install
# or use pip
pip install openvas_lib
Recommended Reading
I highly recommend buying Georgia Wiedman’s Penetration Testing. Check the price on Amazon.
