OpenVas for Kali Linux on the Raspberry Pi

By K4Paul 7 Kali, Vulnerability Scanner , , , ,

I’m working on creating a semi-portable security platform. I decided to experiment with installing and using the armel version of Kali Linux (the new backtrack OS) on the raspberry pi. Initially, I faced a lot of problems getting OpenVAS to work on the device. This is one of the very few if only open source armel vulnerability scanners I could find. The following steps cover my successful attempt to setting up OpenVAS for anyone else interested in working with this tool in Kali on a Pi. Be prepared to spend a good amount of time waiting for the plugins to install and the database to update.

  1. Downloaded and installed a fresh armel image of Kali (http://www.kali.org/downloads/). I used this image (Username: root, password: toor).
  2. Use a disk imager to image a SD card with the Kali image to run on the Pi. I used Win32 Disk Imager.
  3. Insert the SD card into the pi and power it up.
  4. You may want to expand the partition created by the disk imager, a tutorial on how to expand an active partition can be found here.
  5. Set the correct date if needed: 
    date <month><day><hour><minute><year>.<second>
  6. Create the openVAS certificate: 
    openvas-mkcert
  7. Create the openVAS client certificate: 
    openvas-mkcert-client -n om -i
  8. Download the openVAS NVT’s (This takes a few minutes): 
    openvas-nvt-sync
  9. Start the openVAS scanner (This takes 30+ minutes.): 
    openvassd
  10. Build the openVAS database (This can take an hour or more.): 
    openvasmd --rebuild
  11. Create an admin account: 
    openvasad -c 'add_user' -n openvasadmin -r Admin
  12. Update the  openVAS database with the latest definition (This can take an hour or more.): 
    openvasmd --update
  13. Migrate the database (This can take an hour or more.): 
    openvasmd --migrate
  14. Rebuild one last time to be safe (This can take an hour or more.): 
    openvasmd --rebuild
  15. Start the openVAS manager on port 9390: 
    openvasmd -p 9390 -a 127.0.0.1
  16. Start the openVAS admin: 
    openvasad -a 127.0.0.1 -p 9393
  17. Start GSAD, this is the client tool for openVAS: 
    gsad --http-only -p 9392
  18.  Use the web client to interact with the tool, it can be accessed on http://<IP OF PI>:9392. You can log in with the admin account created earlier.

Capture

That’s it! Now you can use this amazing tool to scan machines in a network!

After a reboot or shutdown, openVAS can be started with the commands:

  1. Start the openVAS scanner (This takes a few minutes this time.): openvassd
  2. Start the openVAS manager on port 9390: openvasmd -p 9390 -a 127.0.0.1
  3. Start the openVAS admin: openvasad -a 127.0.0.1 -p 9393
  4. Start GSAD on port 9392, this is the client tool for openVAS: gsad –http-only -p 9392

Scanning With Nmap

By K4Paul 0 Backtrack, Fingerprinting, Kali, Linux, Penetration Testing, Windows , , ,

Nmap is an effective network-scanning tool that can be used for host and open port service discovery. It can be downloaded from here.

In my experiences, to find hidden services or special services, not located on common ports, the below scans can be used. Different services respond to different packet messages. The “-p” tag specifies a port range, it is not required. However, when I stated the range, I found more running services than when the range was not stated. My theory is nmap, on a basic scan will look at popular ports and not necessarily all ports when not stated.

  • Find UDP Services: nmap –sU <ADDRESS> –p1-6000
  • Basic Service Scan: nmap –v <ADDRESS> –p1-6000
  • Basic All Service Scan: nmap –A <ADDRESS> –p1-6000
  • Null port scan (Does not set and bits in the TCP flag header): nmap –sN <ADDRESS> –p1-6000
  • Fin port scans (Sets just the TCP FIN bit): nmap –sF <ADDRESS> –p1-6000
  • Christmas port scans (Sets the FIN, PSH and URG flags): nmap –sX <ADDRESS> –p1-6000