OpenVAS Vulnerability Scanning basic teaching OpenVAS overview and installation and configuration OpenVAS services

OpenVAS Vulnerability Scanning basic teaching OpenVAS overview and installation and configuration OpenVAS Services OpenVAS Fundamentals

The OpenVAS (Open vulnerability Assessment System) is an open vulnerability assessment system with a core part of a server. The server includes a set of network vulnerability testers that can detect security issues in remote systems and applications. OpenVAS different and traditional vulnerability scanning software. All OpenVAS software is free, and there are some open plugins in the Nessus (a powerful network scanning tool) earlier versions. Although the Nessus is very powerful, but the tool is not open source, and the free version of the function is more limited. Therefore, the OpenVAS tool is described in detail in this chapter.

OpenVAS Overview

OpenVAS is an open vulnerability assessment system, or it can be said to be a network scanner with related tools. This section provides a brief introduction to the concept and architecture of OpenVAS.

What is OpenVAS

OpenVAS is an open vulnerability assessment tool designed to detect the security of a target network or host. The tool is based on C/S (client/server), b/S (browser/server) architecture to work, the user through the browser or a dedicated client program to release scan tasks, server-side load authorization, perform scanning operations and provide scan results.

Architecture of the OpenVAS

A complete set of OpenVAS systems includes server-side and port-side multiple components, as shown in 1.1.

Figure 1.1 Architecture of OpenVAS

is an architecture of the OpenVAS system. The following describes the server and client tiers, respectively, of the components that are required to be installed. As shown below:

1. Server-level components (recommended installation)

• Q Openvas-scanner (Scanner): Responsible for invoking a variety of vulnerability detection plug-in, complete the actual scanning operation.
• Q Openvas-manager (Manager): Responsible for assigning scan tasks and producing evaluation reports based on scan results.
• Q openvas-administrator (Manager): Responsible for the management of configuration information, user authorization and other related work.

2. Customer level component (optional)

• Q openvas-cli (command line Interface): responsible for providing access to the OpenVAS service layer program from the command line.
• Q greenbone-security-assistant (Installation Assistant): responsible for providing access to the OpenVAS service layer of the Web interface, easy to set up the scanning task through the browser, is the most convenient customer layer components.
• Q greenbone-desktop-suite (Desktop Suite): Responsible for providing access to the OpenVAS service layer of the graphical program interface, mainly allowed in the Windows client.

Tip: The OpenVAS server side only supports installing Linux operating systems. However, the client is installed on both Windows and Linux systems.

Install and configure OpenVAS services

Once you understand the OpenVAS tool, you can use the tool. Before using this tool, first describe how it is installed.

Installing OpenVAS

The installation of OpenVAS tools is relatively simple, and the OpenVAS website provides installation methods in various operating systems. It is http://www.openvas.org/install-packages.html. However, if the user is installed, many of the dependent packages may appear to be manually resolved. If the dependency pack is not resolved well, the OpenVAS tool will not be installed successfully. Therefore, for the convenience of users, the Kali Linux system has already installed the tool by default, the user can directly use.

If users find that the OpenVAS installed on their system is not the latest version, the latest version of the OpenVAS tool can be installed in the following ways. The exact method is as follows:

(1 ) to update the package list. The execution commands are as follows:

• [Email protected]:~# apt-get Update

After executing the above command, you will get a list of the most recent packages.

(2 ) get to the latest package,. The execution commands are as follows:

• [Email protected]:~# apt-get Dist-upgrade

After executing the above command, the updated package will be downloaded and installed.

(3 Reinstall the OpenVAS tool. The execution commands are as follows:

• [Email protected]:~# apt-get Install OpenVAS

After executing the above command, if there is no error, the OpenVAS tool has been successfully installed. If the latest version of the OpenVAS software is already installed on the current system, the following information will be displayed:

• Reading Package List ... Complete
• Analyzing Dependency tree for Package
• Reading status information ... Complete
• OpenVAS It's already the latest version.

The following packages are installed automatically and are not needed now:

• Firmware-mod-kit libafpclient0 libhackrf liblzma-dev libmozjs22d libnet-daemon-perl libnfc3 Libplrpc-perl
• Libruby libtsk3-3 libwireshark2 libwiretap2 libwsutil2 openjdk-7-jre-lib python-apsw python-utidylib
• Ruby-crack Ruby-diff-lcs ruby-rspec ruby-rspec-core ruby-rspec-expectations ruby-rspec-mocks Ruby-simplecov
• ruby-simplecov-html Unrar-free xulrunner-22.0
• Use the ' Apt-get autoremove ' to remove them.
• 0 packages were upgraded, 0 new packages were installed, 0 packages were uninstalled, 20 packages were not upgraded.

From the output information above, you can see that OpenVAS is already the latest version.

Configuring the OpenVAS Service

After the installation of the OpenVAS tool is successful, some configuration is required before it can be used. For example, initializing a service, synchronizing a plug-in, and starting a service. The methods for configuring the OpenVAS service in Kali Linux are described below.

"Example 1-1" configures the OpenVAS service. The procedure is as follows:

(1 ) Download and update the OpenVAS library. The execution commands are as follows:

• [Email protected]:~# openvas-setup
• /var/lib/openvas/private/ca created
• /var/lib/openvas/ca created #创建证书
• [I] This script synchronizes a NVT collection with the ' OpenVAS NVT Feed '.
• [i] the ' OpenVAS NVT Feed ' is provided by ' the OpenVAS Project '.
• [i] Online information about this feed: ' http://www.openvas.org/openvas-nvt-feed.html '.
• [i] NVT dir:/var/lib/openvas/plugins
• [W] Could not determine feed version.
• [i] rsync isn't recommended for the initial sync. Falling back on HTTP.
• [i] 'll use wget
• [i] Using GNU wget:/usr/bin/wget
• [i] configured NVT http feed:http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
• [i] downloading to:/tmp/openvas-nvt-sync. qh0vl5ckzd/openvas-feed-2015-07-28-23736.tar.bz2
• --2015-07-28 09:53:24--http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
• Parsing host www.openvas.org (www.openvas.org) ... 5.9.98.186
• Connecting www.openvas.org (www.openvas.org) |5.9.98.186|:80 ... is connected.
• An HTTP request has been made and is waiting for a response ... OK
• Length: 17065793 (16M) [APPLICATION/X-BZIP2]
• Saving to: "/tmp/openvas-nvt-sync. QH0VL5CKZD/OPENVAS-FEED-2015-07-28-23736.TAR.BZ2 "
• 100%[======================================================================>] 17,065,793 337K/s spents 34s
• 2015-07-28 09:54:09 (484 kb/s)-Saved/tmp/openvas-nvt-sync. QH0VL5CKZD/OPENVAS-FEED-2015-07-28-23736.TAR.BZ2 "[17065793/17065793])
• 2008/
• 2008/DEB_008_1.NASL #同步NVT库
• ...... synchronization problems to [email protected]
• If you had any other questions, please use the OpenVAS mailing lists
• Or the OpenVAS IRC chat. See http://www.openvas.org/for details.
• Receiving incremental file list
• ./
• COPYING
• 1493 100% 1.42mb/s 0:00:00 (xfer#1, TO-CHECK=63/65)
• Copying.asc
• 198 100% 193.36kb/s 0:00:00 (xfer#2, TO-CHECK=62/65)
• Nvdcve-2.0-2002.xml
• 19454677 100% 224.29kb/s 0:01:24 (xfer#3, TO-CHECK=61/65)
• Nvdcve-2.0-2002.xml.asc
• 198 100% 0.44kb/s 0:00:00 (xfer#4, TO-CHECK=60/65)
• Nvdcve-2.0-2003.xml
• 5691998 100% 266.11kb/s 0:00:20 (xfer#5, TO-CHECK=59/65)
• Nvdcve-2.0-2003.xml.asc
• 198 100% 7.73kb/s 0:00:00 (xfer#6, TO-CHECK=58/65)
• ......
• Country name (2 letter code) [De]:state or province name (full name) [some-state]:locality name (eg, city) []:organization Name (eg, company) [Internet widgits Pty ltd]:organizational Unit Name (eg, sections) []:common name (eg, your name or you R server ' s hostname) []:email Address []:using configuration from/tmp/openvas-mkcert-client.24593/stdc.cnf
• Check that the request matches the signature
• Signature OK
• The Subject ' s distinguished Name is as follows
• CountryName:P rintable: ' DE ' #国家名
• Localityname:P rintable: ' Berlin ' #本地名
• CommonName:P rintable: ' Om ' #普通名
• Certificate is to be certified until Jul 03:02:02 GMT (365 days)
• Write out database with 1 new entries
• Data Base Updated
• Stopping OpenVAS manager:openvasmd.
• Stopping OpenVAS SCANNER:OPENVASSD.
• Starting OpenVAS SCANNER:OPENVASSD.
• Starting OpenVAS Manager:openvasmd.
• Restarting Greenbone Security Assistant:gsad. #OpenVAS服务已启动
• User created with password ' 4B44AA5B-5535-4525-B1DB-D87C9B5D81CD '. #创建的用户密码

The above is a process of updating the OpenVAS library. From the output information, you can see that the process has created a certificate, downloaded and updated all the scanning plug-ins and so on. During the update process, a user named admin is created, and a password is automatically generated. In this example, the generated password is 4B44AA5B-5535-4525-B1DB-D87C9B5D81CD. In this process the output of more information, due to the reasons for space, the middle part of the content using the ellipsis (...). ) replaced. Because this process downloads a large number of plugins, the process takes about half an hour. However, when you synchronize again, the time is fast.

tip: in the update plugin is mainly to see the user's speed. If the speed is good, it may not take a long time. However, if the speed is not good, it will take a long time, please wait patiently. Also, the user does not need to do anything in the process.

(2 When you update the OpenVAS library, a password is automatically created for the Admin user. However, the password is longer, so it is not easy to remember. To facilitate user memory and input, you can use the OPENVASMD command to modify the password. Where the execution commands are as follows:

• [Email protected]:~# openvasmd--user=admin--new-password=123456

After executing the above command, no information will be output. In the above command, the--user option specifies that the user who modifies the password specifies that the password for the Admin user be modified to "123456" for the Admin,--new-password option.

(3 to verify that the OpenVAS is installed, you can use Openvas-check-setup to check the service. As shown below:

• [Email protected]:~# openvas-check-setup
• Openvas-check-setup 2.3.0
• Test completeness and readiness of OpenVAS-8
• (add '--v6 ' or '--v7 ' or '--9 '
• If you want to check for another OpenVAS version)
• Please report us any non-detected problems and
• Help us to improve this check routine:
• Http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
• Send us the Log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
• Use the parameter--server to skip checks for client tools
• Like GSD and Openvas-cli.
• Step 1:checking OpenVAS Scanner ...
• Ok:openvas Scanner is present in version 5.0.1.
• Ok:openvas Scanner CA Certificate is present As/var/lib/openvas/ca/cacert.pem.
• Ok:openvas Scanner Server certificate is valid and present AS/VAR/LIB/OPENVAS/CA/SERVERCERT.PEM.
• Ok:nvt collection In/var/lib/openvas/plugins contains 40087 Nvts.
• Warning:signature checking of Nvts is not an enabled in OpenVAS Scanner.
• Suggest:enable signature Checking (see http://www.openvas.org/trusted-nvts.html).
• Ok:the NVT cache In/var/cache/openvas contains 40087 files for 40087 Nvts.
• Ok:redis-server is present in version 2.4.14.
• Ok:scanner (kb_location setting) is configured properly using the Redis-server socket:/var/lib/redis/redis.sock
• Ok:redis-server is running and listening on socket:/var/lib/redis/redis.sock.
• Ok:redis-server configuration is OK and Redis-server is running.
• Step 2:checking OpenVAS Manager ...
• Ok:openvas Manager is present in version 6.0.1.
• Ok:openvas Manager client certificate is valid and present AS/VAR/LIB/OPENVAS/CA/CLIENTCERT.PEM.
• Ok:openvas Manager Database found in/var/lib/openvas/mgr/tasks.db.
• ok:access rights for the OpenVAS Manager database is correct.
• Ok:at least one user exists.
• Ok:sqlite3 found, extended checks of the OpenVAS Manager installation enabled.
• Ok:openvas Manager Database is at revision 146.
• Ok:openvas Manager expects database at revision 146.
• Ok:database schema is up to date.
• Ok:openvas Manager database contains information about 40087 Nvts.
• Ok:openvas SCAP Database found in/var/lib/openvas/scap-data/scap.db.
• Ok:openvas CERT Database found in/var/lib/openvas/cert-data/cert.db.
• Ok:xsltproc found.
• Step 3:checking User Configuration ...
• Warning:your password policy is empty.
• Suggest:edit the/etc/openvas/pwpolicy.conf file to set a password policy.
• Step 4:checking greenbone Security Assistant (GSA) ...
• Ok:greenbone Security Assistant is present in version 6.0.1.
• Step 5:checking OpenVAS CLI ...
• Ok:openvas CLI version 1.4.0.
• Step 6:checking greenbone Security Desktop (GSD) ...
• skip:skipping Check for Greenbone Security Desktop.
• Step 7:checking If OpenVAS Services is up and running ...
• Ok:netstat found, extended checks of the OpenVAS services enabled.
• Ok:openvas Scanner is running and listening only on the local interface.
• Ok:openvas Scanner is listening on port 9391, which is the default port.
• Warning:openvas Manager is running and listening only on the local interface.
• This means, you are not being able to access the OpenVAS Manager from the
• Outside using the GSD or OpenVAS CLI.
• Suggest:ensure that OpenVAS Manager listens on all interfaces unless you want
• A local service only.
• Ok:openvas Manager is listening in Port 9390, which is the default port.
• Ok:greenbone Security Assistant is listening on port 9392, which is the default port.
• Step 8:checking nmap installation ...
• Warning:your version of Nmap is not fully supported:6.47
• Suggest:you should install Nmap 5.51 if you plan to use the Nmap NSE Nvts.
• Step 10:checking presence of optional tools ...
• Ok:pdflatex found.
• Ok:pdf generation successful. The PDF report format was likely to work.
• Ok:ssh-keygen found, LSC credential generation for Gnu/linux targets are likely to work.
• Warning:could not find rpm binary, the LSC credential package generation for RPM and DEB based targets won't work.
• Suggest:install rpm.
• Warning:could not find makensis binary, the LSC credential package generation for Microsoft Windows targets won't work.
• Suggest:install NSIs.
• It seems like your OpenVAS-8 installation are OK.
• If you think it isn't OK, please report your observation
• and help us to improve this check routine:
• Http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
• Please attach the Log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.

From the above output information, you can see that the above process has nine steps to check. After checking, see "It seems like your OpenVAS-7 installation is OK." Information, the OpenVAS installation is successful. Next, the user can implement the scan using the OpenVAS tool.

This article is selected from: OpenVAS Vulnerability Scanning Basic Tutorial University bully internal information, reproduced please indicate the source, respect the technology respect it people!

OpenVAS Vulnerability Scanning basic teaching OpenVAS overview and installation and configuration OpenVAS services