CPT-Graphs-directed-weighted-ex1.svg

OpenVAS Quick and Easy: Scheduling and Running Tasks

OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution” (http://www.openvas.org/).

So I’ve been using OpenVAS as an alternative to Nessus and I’ve actually been quite pleased with the tool. The initial installation was a little difficult (see post) but once up and running, it has been great. I haven’t been able to find a simple howto guide on the scanner so I have decided to write one from my own experience with OpenVAS server version 6 and the client tool GSAD version 3.03. I only provide this tutorial as a learning experience and I do not endorse illegal scanning activity.

  1. I used to GSAD web client interface to interact with OpenVAS once the tool was up and running (see post). I accessed the web interface at http://<OpenVAS IP Address>:<GSAD Port>.OpenVas Login
  2. Log into OpenVAS with credentials created during setup (see post). If you are unable to log in and you know your credentials are correct, its most likely your openVAS database is out-of-date. Try the following steps in a terminal window before attempting to login again:
    • Update the  openVAS database with the latest definition (This can take an hour or more.): openvasmd –update
    • Migrate the database (This can take an hour or more.): openvasmd –migrate
    • Rebuild one last time to be safe (This can take an hour or more.): openvasmd –rebuild
    • If your server date/time is off this could also cause a problem later on, to correct this you will have to first stop all openVAS processes then change the server date/time to the current. Lastly, you will need to repeat creating the necessary certificates and starting up all the openVAS tools similar to the installation process (see post).
  1. Upon a successful login, you will be greeted with a window of tasks scheduled and completed.OpenVAS Tasks
  2. So for a simple vulnerability scan, you will need to setup a target. This is the machine OpenVAS will scan. By default, the tool has localhost already configured as a target but I’m assuming you will want to scan machines other than the one running OpenVAS. To setup a target, hover over the Configuration tab then select Targets.
  3. In the next window, fill out the desired target fields. OpenVAS can be scheduled to scan one or more devices. This is determined by the Hosts field, you can either enter one IP address (x.x.x.x) for a singular host scan or a range of addresses (x.x.x.x-x.x.x.x) for a multiple host vulnerability scan. You may find your device can only handle scanning one IP at a time (This is what I found true on my Raspberry Pi). It is a best practice to always scan by IP addresses, a domain name can resolve to multiple hosts and provide conflicting results. In the picture below, I only entered into the form a target name and a singular IP address, everything else I left as default (you can experiment around with the settings for a more detailed scan). When you are finished entering in all the details, create the target by selecting the Create Target button.OpenVAS Target Creation
  4. The new target will be visible in the box below the form once successfully created. Make sure OpenVAS has a value under the IPs column. This is to ensure it found the target IP address or addresses.Targets
  5. Now it is time to create a task to scan the new target. Hover over the Scan Management tab then select New Task.
  6. Fill out the new task field with the desired task details. In the picture below, I only entered into the form a task name and selected a target to scan, everything else I left as default for a full and fast scan (you can experiment around with the settings for a more detailed scan). When you are finished entering in all the details, create the task by selecting the Create Task button. Task Setup
  7. The task will now appear in the task window and is ready to start. OpenVAS will not automatically start a task, you must select the green start icon under the Actions column in the task window to begin the scan. The other actions found in this column provide easy task management for when you want to start, pause or resume a task in order to pace server activity. New Target
  8. The scan will take a bit of time so be patient. If you want to view the progress of the scan, you can change the drop box settings above the task box to refresh ever X seconds and to no overrides. With these settings, the page will refresh every so often to notify you of the task progress under the Status column in the task box. Sometimes the task may stop itself, you can resume it by selecting the icon next to the start arrow under the Actions column.
  9. When the status of the scan shows Done, you can review the scan findings. Select the coordinating task date under the Last column. A summary of the report will be presented along with the capabilities to download a more detailed version of the report.OpenVAS Scan Results
  10. There you have it, you can review the findings in the report to learn of possible vulnerabilities in a host. Good luck!
CPT-Graphs-directed-weighted-ex1.svg

OpenVas for Kali Linux on the Raspberry Pi

I’m working on creating a semi-portable security platform. I decided to experiment with installing and using the armel version of Kali Linux (the new backtrack OS) on the raspberry pi. Initially, I faced a lot of problems getting OpenVAS to work on the device. This is one of the very few if only open source armel vulnerability scanners I could find. The following steps cover my successful attempt to setting up OpenVAS for anyone else interested in working with this tool in Kali on a Pi. Be prepared to spend a good amount of time waiting for the plugins to install and the database to update.

  1. Downloaded and installed a fresh armel image of Kali (http://www.kali.org/downloads/). I used this image (Username: root, password: toor).
  2. Use a disk imager to image a SD card with the Kali image to run on the Pi. I used Win32 Disk Imager.
  3. Insert the SD card into the pi and power it up.
  4. You may want to expand the partition created by the disk imager, a tutorial on how to expand an active partition can be found here.
  5. Set the correct date if needed:
    date <month><day><hour><minute><year>.<second>
  6. Create the openVAS certificate:
    openvas-mkcert
  7. Create the openVAS client certificate:
    openvas-mkcert-client -n om -i
  8. Download the openVAS NVT’s (This takes a few minutes):
    openvas-nvt-sync
  9. Start the openVAS scanner (This takes 30+ minutes.):
    openvassd
  10. Build the openVAS database (This can take an hour or more.):
    openvasmd --rebuild
  11. Create an admin account:
    openvasad -c 'add_user' -n openvasadmin -r Admin
  12. Update the  openVAS database with the latest definition (This can take an hour or more.):
    openvasmd --update
  13. Migrate the database (This can take an hour or more.):
    openvasmd --migrate
  14. Rebuild one last time to be safe (This can take an hour or more.):
    openvasmd --rebuild
  15. Start the openVAS manager on port 9390:
    openvasmd -p 9390 -a 127.0.0.1
  16. Start the openVAS admin:
    openvasad -a 127.0.0.1 -p 9393
  17. Start GSAD, this is the client tool for openVAS:
    gsad --http-only -p 9392
  18.  Use the web client to interact with the tool, it can be accessed on http://<IP OF PI>:9392. You can log in with the admin account created earlier.

Capture

That’s it! Now you can use this amazing tool to scan machines in a network!

After a reboot or shutdown, openVAS can be started with the commands:

  1. Start the openVAS scanner (This takes a few minutes this time.): openvassd
  2. Start the openVAS manager on port 9390: openvasmd -p 9390 -a 127.0.0.1
  3. Start the openVAS admin: openvasad -a 127.0.0.1 -p 9393
  4. Start GSAD on port 9392, this is the client tool for openVAS: gsad –http-only -p 9392