Penetration testing with Open VAS Vulnerability Scanner
During Any penetration Testing Project Vulnerability scanning is a important phase.OpenVAS is one of the great Vulnerability scanners that ship in with Kali Linux . It is always good to have an updated vulnerability scanner in your security tool-kit can often make a real difference by helping you discover overlooked vulnerable items.
Kali Linux , one of the most loved penetration testing distributions , comes packed with Open VAS vulnerability scanner. In this tutorial we will focus on a quick overview on how to get it up and running.
Setting up Kali Linux for Vulnerability Scanning
In this part of the tutorial we will make sure that our Kali Linux machine is up-to-date and has the latest OpenVAS installed . This is very essential as having the latest updated database of Vulnerabilities is very essential during a penetration testing . New vulnerabilities (sometimes zero day) are exploited by the attackers and during a penetration test it is important that we protect the infrastructure against these zero day vulnerabilities as well and hence having an Updated database of vulnerabilities is of High Criticality .
Once the above is achieved , run the openvas-setup command to setup OpenVAS, download the latest rules, create an admin user, and start up the various services. At this stage you need to be patient as this is time taking .
root@kali:~# apt-get update root@kali:~# apt-get dist-upgrade root@kali:~# apt-get install openvas root@kali:~# openvas-setup /var/lib/openvas/private/CA created /var/lib/openvas/CA created [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'. [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed ... sent 1143 bytes received 681741238 bytes 1736923.26 bytes/sec total size is 681654050 speedup is 1.00 [i] Initializing scap database [i] Updating CPEs [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml ... Write out database with 1 new entries Data Base Updated Restarting Greenbone Security Assistant: gsad
Once openvas-setup completes its process, the OpenVAS manager, scanner, and GSAD services should be listening:
root@kali:~# netstat -antp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 9583/openvasmd tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 9570/openvassd: Wai tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 9596/gsad
To start the OpenVAS services , Simply give the command openvas-start and this will start all the necessary services .
root@kali:~# openvas-start Starting OpenVas Services Starting Greenbone Security Assistant: gsad. Starting OpenVAS Scanner: openvassd. Starting OpenVAS Manager: openvasmd.
Now all one needs to do is to connect to the OpenVAS web interface . To do this , open the browser and type the url : https://127.0.0.1:9392 . You might be prompted to accept the self signed SSL certificate and enter the credentials for the admin user . The admin password was generated during the setup phase .
Now all a penetration tester need to do is to run OpenVAS against an IP or a Range of IP addresses .
Please be aware that the vulnerability scanning needs a permission . Doing so without any acknowledgement may have legal issues