OpenVAS, the Open Vulnerability Assessment System, is an excellent framework that can be used to assess the vulnerabilities of our target. It is a fork of the Nessus project. Unlike Nessus, OpenVAS offers its feeds completely free of charge. As OpenVAS comes standard in Kali Linux, we will begin with configuration.
Getting ready
A connection to the Internet is required to complete this recipe.
How to do it...
Let's begin the process of installing, configuring, and starting OpenVAS by navigating to its directory via a terminal window:
1. OpenVAS is installed by default and it only needs to be configured in order to be utilized.
2. From a terminal window, change your directory to the OpenVAS directory:
cd /usr/share/openvas/
3. Execute the following command:
openvas-mkcert
What we are performing in this step is creating the SSL certificate for the OpenVAS program:
1. Leave the default lifetime of the CA certificate as it is.
2. Update the certificate lifetime to match the number of days of the CA certificate: 1460.
3. Enter the country.
4. Enter the state or province (if desired).
5. Leave the organization name as the default.
6. You will be presented with the certificate confirmation screen, then press Enter to exit:
4. Execute the following command:
openvas-nvt-sync
This will sync the OpenVAS NVT database with the current NVT Feed. It will also update you with the latest vulnerability checks:
5. Execute the following commands:
openvas-mkcert-client -n om -i openvasmd -rebuild
This will generate a client certificate and rebuild the database respectively.
6. Execute the following command:
openvassd
This will start the OpenVAS Scanner and load all plugins (approximately 26,406), so this may take some time.
7. Execute the following commands:
openvasmd --rebuild openvasmd --backup
These commands will rebuild and create a backup of the database.
8. Execute the following command to create your administrative user (we use openvasadmin): openvasad -c 'add_user' -n openvasadmin -r admin
9. Execute the following command:
openvas-adduser
This will allow you to create a regular user:
- 1. Enter a login name.
- 2. Press Enter on the authentication request (this automatically chooses the password).
- 3. Enter the password twice.
- 4. For rules, press Ctrl + D.
- 5. Press Y to add the user.
10. Execute the following commands to configure the ports that OpenVAS will interact with:
openvasmd -p 9390 -a 127.0.0.1 openvasad -a 127.0.0.1 -p 9393 gsad --http-only --listen=127.0.0.1 -p 9392
9392 is the recommended port for the web browser, but you can choose your own.
11. Go to http://127.0.0.1:9392, in your browser to view the OpenVAS web interface.
No comments:
Post a Comment