Setting Up OpenVAS for Penetration Testing

By -

Penetration testing with Open VAS Vulnerability Scanner

During Any penetration Testing Project Vulnerability scanning is a important phase.OpenVAS is one of the great Vulnerability scanners that ship in with Kali Linux . It is always good to have an updated vulnerability scanner in your security tool-kit can often make a real difference by helping you discover overlooked vulnerable items.
Kali Linux , one of the most loved penetration testing distributions , comes packed with Open VAS vulnerability scanner. In this tutorial we will focus on a quick overview on how to get it up and running.

Setting up Kali Linux for Vulnerability Scanning

In this part of the tutorial we will make sure that our Kali Linux machine is up-to-date and has the latest OpenVAS installed . This is very essential as having the latest updated database of Vulnerabilities is very essential during a penetration testing . New vulnerabilities (sometimes zero day) are exploited by the attackers and during a penetration test it is important that we protect the infrastructure against these zero day vulnerabilities as well and hence having an Updated database of vulnerabilities is of High Criticality .
Once the above is achieved , run the openvas-setup command to setup OpenVAS, download the latest rules, create an admin user, and start up the various services. At this stage you need to be patient as this is time taking .

root@kali:~# apt-get update
 root@kali:~# apt-get dist-upgrade
 
 root@kali:~# apt-get install openvas
 root@kali:~# openvas-setup
 /var/lib/openvas/private/CA created
 /var/lib/openvas/CA created
 
 [i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
 [i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed
 ...
 sent 1143 bytes received 681741238 bytes 1736923.26 bytes/sec
 total size is 681654050 speedup is 1.00
 [i] Initializing scap database
 [i] Updating CPEs
 [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
 [i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
 ...
 Write out database with 1 new entries
 Data Base Updated
 Restarting Greenbone Security Assistant: gsad
Once openvas-setup completes its process, the OpenVAS manager, scanner, and GSAD services should be listening:

root@kali:~# netstat -antp
 Active Internet connections (servers and established)
 Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
 tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 9583/openvasmd
 tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 9570/openvassd: Wai
 tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 9596/gsad

To start the OpenVAS services , Simply give the command openvas-start and this will start all the necessary services .

root@kali:~# openvas-start
 Starting OpenVas Services
 Starting Greenbone Security Assistant: gsad.
 Starting OpenVAS Scanner: openvassd.
 Starting OpenVAS Manager: openvasmd.

Now all one needs to do is to connect to the OpenVAS web interface . To do this , open the browser and type the url : https://127.0.0.1:9392 . You might be prompted to accept the self signed SSL certificate and enter the credentials for the admin user . The admin password was generated during the setup phase .


Now all a penetration tester need to do is to run OpenVAS against an IP or a Range of IP addresses .
Please be aware that the vulnerability scanning needs a permission . Doing so without any acknowledgement may have legal issues

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more