openvas漏扫部署

OpenVAS 9 install on Ubuntu 16.04

To install OpenVAS 9 on Ubuntu 16.04 we will use the third party binary package method. While we could build from source the packages allow us to get OpenVAS up and running quickly and with minimal fuss.

If you are installing OpenVAS into an Ubuntu virtual machine I suggest adding as much CPU as you can as this will speed up your scan times. A suggested minimum is 8GB of RAM and 4 cores. An interesting new feature mentioned in the latest release is the development towards build a distributed system for large scale deployments. Having a central console (and manager) that can delegate scans to multiple scanners is an excellent architecture for those wanting to scan large numbers of targets.

Install OpenVAS

First step is to add the PPA repository to our Ubuntu build. In this example I am using a clean server build on VMware Workstation. After running the app-apt-repository command you will receive a notice that gives a good summary of the installation process.

[email protected]:~# add-apt-repository ppa:mrazavi/openvas

Next apt update and install the main packages.

[email protected]:~# apt update
[email protected]:~# apt install sqlite3
[email protected]:~# apt install openvas9

There are a ton of packages to be installed, on my clean Ubuntu Server build a total of 175 packages and 581mb of disk space is to be used. A couple of additional packages are required for the PDF reports to work.

[email protected]:~# apt install texlive-latex-extra --no-install-recommends

Now some extra fonts to make those pdf's look pretty.

[email protected]:~# apt-get install texlive-fonts-recommended

The libopenvas9-dev package installs the openvas-nasl utility that allows you to run single OpenVAS nasl scripts, great for quick checks and troubleshooting. In the next step we are also adding the vulnerability data by syncing with the feeds.

[email protected]:~# apt install libopenvas9-dev
[email protected]:~# greenbone-nvt-sync
[email protected]:~# greenbone-scapdata-sync
[email protected]:~# greenbone-certdata-sync

Time to start the OpenVAS scanner process.

[email protected]:~# service openvas-scanner restart

Now a check of the running processes will show our scanner loading the NVT's.

[email protected]:~# ps -ef | grep openvas
root      34149      1  0 00:22 ?        00:00:00 gpg-agent --homedir /var/lib/openvas/openvasmd/gnupg --use-standard-socket --daemon
root      34241      1  0 00:22 ?        00:00:01 openvasmd
root      37861      1 55 02:01 ?        00:00:02 openvassd: Reloaded 8550 of 53269 NVTs (16% / ETA: 00:20)
root      37862  37861  0 02:01 ?        00:00:00 openvassd (Loading Handler)
root      37864  25921  0 02:01 pts/1    00:00:00 grep --color=auto openvas

Using netstat -an we can see that gsad is now running on port 4000. Another thing to notice is that openvasmd and openvassd are running on sockets rather listening on TCP ports.

An extra package is required if we want to be able to test Microsoft SMB services for critical vulnerabilities such as MS17-010. This particular Microsoft Patch is of note as it fixes the vulnerability that has been keeping IT staff busy since the wannacry ransomware attack started spreading around the world. Of course any penetration tester will be familiar with MS08-067, a previous favourite vulnerability for attacking Windows 2003 systems.

apt install smbclient

Now lets restart the openvas-manager and rebuild the cache. Rebuilding the cache ensures the feed that we synced is all loaded up into the manager and we are ready to start testing.

[email protected]:~# service openvas-manager restart
[email protected]:~# openvasmd --rebuild --progress
Rebuilding NVT cache... done.

If you have any issues the log files contain the information for troubleshooting. OpenVAS logs can be found in the following location.

/var/log/openvas
/var/log/openvas/gsad.log
/var/log/openvas/openvasmd.log
/var/log/openvas/openvassd.dump
/var/log/openvas/openvassd.messages

We should be now all ready to load up the web interface and start testing. Don't forget we are on a new port number. The default user and password is admin / admin.

https://192.168.94.81:4000

Getting Started with OpenVAS 9

After completing the installation and syncing the vulnerability feed. Login to the web interface using the default credentials (don't forget to change your password!).
1. Add a target

Using the web interface select Configuration | Targets to add a new target to scan. Note the little star icon in the top left corner is the "add" button (this follows through on the other screens as well.
2. Add a task

Select Scans | Tasks option to now add a new task. For your first scan you can stick with the defaults, simply select the scan target that you added in step 1 and hit create.
3. Start Scan

Now it is simply a matter of hitting the play button for the task to kick the scan off. Once the scan has completed you will be able to review results under Scans | Reports. Reports can be downloaded in HTML / XML / PDF and other formats or you can review the results in the web interface.