Tuesday, April 22, 2014

Kali - OpenVAS - Basic usage

OpenVAS is a very powerful vulnerability scanner, management tool. It's updated daily with feeds, so called Network Vulnerability Tests (NVTs), which are defining the various vulnerabilities and used at scanning. Right now it's about 36k NVTs.

This is just a very quick intro on how to use OpenVAS on Kali Linux. For the test I used the Kioptrix 2014 VM.

Menu: Vulnerability Analysis -> OpenVAS


To start with we need to run the "openvas initial setup". This will take a couple of minutes to run, once it will ask for defining the "admin" password, I set it to be "toor" - just to not to forget :) I had to rerun it couple of time, to get it successful. We can verify the setup with the "openvas check setup". I only got the following error even after setup:

ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db)
FIX: Run a SCAP synchronization script like openvas-scapdata-sync or greenbone-scapdata-sync.

But the advise on the FIX solved it. After setup openvas will be started already, so if we try to start it again with "openvas start" we will get an error.

The "openvas feed update" will update the NVTs.

To start using the application, run "openvas-gsd", which is the GUI front end for the app (gsd: Greenbone Security Desktop). We will be asked for the login as seen below. Here you give the password specified during installation, the user is admin.


Once it's loaded we can go to the Target tab at the bottom to define the machine we want to test. We also need to select the ports to test against, if we want our custom list we can define it at the "Port List" tab.


We will see the newly added target:


After that we can go to the Tasks tab, and can create a new task, which will be the actual scan. We can define the target, and a few other options, if any of the offered one are not good for us, we can create our own, at the specific tab at the bottom (Escalators, Schedules, Slaves, Scan Configs).


Once the task is created we need to press the run button to actually start it. We can track the progress with pressing the refresh button. Even a full and deep scan should finish in 5-10 minutes, it's pretty fast.


During the scan the report is already available, and it will be updated periodically, once it's finished we can export it to several formats, and it does a really great job with formatting. I tried PDF and it was awesome.


You can download the software from here: http://www.openvas.org/

2 comments:

deep said...

How can we configure credential in Greenbone Security Assistant by which we can scan my target machine without password?

zaki said...

You can use the OpenVAS Manager to create an account. However you need to assign a password.
$ openvasmd --create-user --new-password