Guest User


a guest
Jan 16th, 2019
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. "
  2. <p>Is the previous tutorial <a href="" target="_blank" rel="noopener">Vulnerability Scanning with OpenVAS 9.0 part 1</a> we’ve gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we’ve also installed a virtual machine with Metasploitable 2 which we’ll target with OpenVAS. If you don’t know how to install Metasploitable you can check out the installation tutorial for <a href="" target="_blank" rel="noopener">Metasploitable 2</a> (scroll down a bit) or <a href="" target="_blank" rel="noopener">Metasploitable 3</a>.</p>
  3. <p>Before we can actually start vulnerability scanning with OpenVAS 9, we have to complete the following tasks:</p>
  4. <ol>
  5. <li>Create and configure a target.</li>
  6. <li>Create and configure a scan task.</li>
  7. <li>Run the scan.</li>
  8. </ol>
  9. <p>At this point of the tutorial you need to have OpenVAS 9.0 installed and configured. If you haven&#8217;t done this at this point I recommend to follow <a href="" target="_blank" rel="noopener">part 1 of vulnerability scanning with OpenVAS</a> first. To follow along it is also recommended to have a vulnerable Metasploitable machine up and running that is accessible from the OpenVAS appliance or the Kali Linux VM you’ve installed OpenVAS on. The lab setup used for this tutorial looks as follows:</p>
  10. <ul>
  11. <li>Host machine with VMWare Workstation Pro 12.</li>
  12. <li>Kali Linux 2018.2 VM with OpenVAS 9.0 installed (</li>
  13. <li>Metasploitable 2 VM (</li>
  14. </ul>
  15. <p>All virtual machines use the NAT network which can be configured in the network settings on the network adapter. Now that we’ve got everything up and running, let’s start with configuring a target and a scan task.</p>
  16. <p>
  17. <span style="display: inline !important; float: none; background-color: transparent; color: #606569; cursor: text; font-family: 'Open Sans',Arial,sans-serif; font-size: 14px; font-style: normal; font-variant: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">
  18. <div class="cfmon"> <!-- InPost - RES --> <ins class="adsbygoogle" style="display:block" data-ad-client="ca-pub-2195678332656815" data-ad-slot="1208678084" data-ad-format="auto"></ins> <script> (adsbygoogle = window.adsbygoogle || []).push({}); </script></div></span></p>
  19. <blockquote>
  20. <p><strong>Tip</strong>: Did you forgot to write down or change your OpenVAS admin password? Check out the installation tutorial to find out how to reset the admin password.</p>
  21. </blockquote>
  22. <h3>Vulnerability Scanning with OpenVAS 9 Tutorials</h3>
  23. <ul>
  24. <li><a title="Vulnerability Scanning with OpenVAS 9 part 1: Installation &amp; Setup" href="">Vulnerability Scanning with OpenVAS 9 part 1: Installation &amp; Setup</a></li>
  25. <li><a title="Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning" href="">Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning</a></li>
  26. <li><a href="" target="_blank" rel="noopener">Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network</a></li>
  27. <li><a href="">Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations</a></li>
  28. </ul>
  29. <h2>1 Creating a target in OpenVAS</h2>
  30. <p>The first step is to create and configure a target using the OpenVAS/Greenbone Security Assistant web interface. This newly created target is selected in the following step where we configure a scanning task.</p>
  31. <p>To create a target, we need to follow 2 steps:</p>
  32. <ol>
  33. <li>Go to ‘Configuration’ in the top menu and select ’Targets’.</li>
  34. <li>Click the blue icon in the top left corner to create a new target.</li>
  35. </ol>
  36. <div id="attachment_2312" style="width: 976px" class="wp-caption alignnone">
  37. <img class="wp-image-2312 size-full" src="" alt="Vulnerability scanning" width="966" height="270" srcset=" 966w, 150w, 300w" sizes="(max-width: 966px) 100vw, 966px" />
  38. <p class="wp-caption-text">Click configuration and then new target.</p>
  39. </div>
  40. <p>After hitting the new target button, a dialog screen appears where we have to enter the following information:</p>
  41. <ol>
  42. <li>Target name, we’ll name it Metasploitable 2.</li>
  43. <li>The target IP host which is the IP address for our Metasploitable 2 lab machine.</li>
  44. </ol>
  45. <p>Keep all other settings default and click the ‘Create’ button.</p>
  46. <div id="attachment_2313" style="width: 730px" class="wp-caption alignnone">
  47. <img class="wp-image-2313 size-full" src="" alt="02 Create a target-2" width="720" height="441" srcset=" 720w, 150w, 300w" sizes="(max-width: 720px) 100vw, 720px" />
  48. <p class="wp-caption-text">Enter the target name, IP and click create.</p>
  49. </div>
  50. <p>The newly created target will now appear in the list of available targets:</p>
  51. <div id="attachment_2314" style="width: 977px" class="wp-caption alignnone">
  52. <img class="wp-image-2314 size-full" src="" alt="03 Create a target-3" width="967" height="357" srcset=" 967w, 150w, 300w" sizes="(max-width: 967px) 100vw, 967px" />
  53. <p class="wp-caption-text">Newly created target.</p>
  54. </div>
  55. <p>Now that we’ve got our target all set up, let’s continue with creating a scan task that will scan the Metasploitable 2 target for vulnerabilities.</p>
  56. <h2>2 Configuring a scanning task in OpenVAS</h2>
  57. <p>In this section of the tutorial we will create a new scanning task. A scanning task defines which targets will be scanned and also the scanning options such as a schedule, scanning configuration and concurrently scanned targets and NVTs per host. In this tutorial we will just create a scan task and use default scan configurations. In Vulnerability Scanning with OpenVAS 9.0 part 3 (Will be published on: May 25 2018) we will have a more detailed look into scanning configurations.</p>
  58. <p>To create a new scan task, we have to perform the following steps:</p>
  59. <ol>
  60. <li>Go to ‘Scans’ in the top menu and select ’Tasks’.</li>
  61. <li>Point to the blue icon in the top left corner and select ‘New Task’.</li>
  62. </ol>
  63. <div id="attachment_2315" style="width: 977px" class="wp-caption alignnone">
  64. <img class="wp-image-2315 size-full" src="" alt="04 Create a scan task-1" width="967" height="260" srcset=" 967w, 150w, 300w" sizes="(max-width: 967px) 100vw, 967px" />
  65. <p class="wp-caption-text">Click scans -&gt; Tasks and then new task.</p>
  66. </div>
  67. <p>After clicking the new scan option, a dialog screen appears where we have to enter the following information:</p>
  68. <ol>
  69. <li>Task name, we’ll name it ‘Scan Metasploitable 2’.</li>
  70. <li>Make sure that the Metasploitable 2 target we’ve created earlier is selected.</li>
  71. <li>Tick the schedule once checkbox.</li>
  72. <li>Keep all other settings default and click the ‘Create’ button to create the new task.</li>
  73. </ol>
  74. <div id="attachment_2316" style="width: 730px" class="wp-caption alignnone">
  75. <img class="wp-image-2316 size-full" src="" alt="05 Create a scan task-2" width="720" height="439" srcset=" 720w, 150w, 300w" sizes="(max-width: 720px) 100vw, 720px" />
  76. <p class="wp-caption-text">Enter the task name, target and schedule the task only once.</p>
  77. </div>
  78. <p>The newly created task will now appear in the task list as follows:</p>
  79. <div id="attachment_2317" style="width: 970px" class="wp-caption alignnone">
  80. <img class="wp-image-2317 size-full" src="" alt="06 Create a scan task-3" width="960" height="141" srcset=" 960w, 150w, 300w" sizes="(max-width: 960px) 100vw, 960px" />
  81. <p class="wp-caption-text">Newly created scan task.</p>
  82. </div>
  83. <p>There’s also a few other options to create scan tasks. We can use the scan task wizard to instantly scan a target and also the advanced scan task wizard which gives a few more options to configure. For demonstration purposes we’ll stick with the task we’ve just created.</p>
  84. <p>Now that we’ve configured the scan task and added the Metasploitable 2 machine to the target list, all that remains is to run the task and wait for the results.</p>
  85. <h2>3 Running the OpenVAS vulnerability scan</h2>
  86. <p>To run the newly created task we just have to click the green start button as follows:</p>
  87. <div id="attachment_2318" style="width: 970px" class="wp-caption alignnone">
  88. <img class="wp-image-2318 size-full" src="" alt="" width="960" height="141" srcset=" 960w, 150w, 300w" sizes="(max-width: 960px) 100vw, 960px" />
  89. <p class="wp-caption-text">Run the scan task.</p>
  90. </div>
  91. <p>The scan task will now execute against the selected target. Please note that full scan may take a while to complete. When you refresh the tasks page you will be able to check the progress for the executed task:</p>
  92. <ol>
  93. <li>Reload the page.</li>
  94. <li>Check task status/progress.</li>
  95. </ol>
  96. <div id="attachment_2319" style="width: 972px" class="wp-caption alignnone">
  97. <img class="wp-image-2319 size-full" src="" alt="08 Run scan task-2" width="962" height="597" srcset=" 962w, 150w, 300w" sizes="(max-width: 962px) 100vw, 962px" />
  98. <p class="wp-caption-text">Vulnerability scan in progress&#8230;</p>
  99. </div>
  100. <p>After waiting a while the scan task is finished and the status changes to ‘Done’:</p>
  101. <div id="attachment_2320" style="width: 966px" class="wp-caption alignnone">
  102. <img class="wp-image-2320 size-full" src="" alt="Vulnerability scan finished" width="956" height="468" srcset=" 956w, 150w, 300w" sizes="(max-width: 956px) 100vw, 956px" />
  103. <p class="wp-caption-text">Vulnerability scan finished</p>
  104. </div>
  105. <p>As expected we can see that OpenVAS found a number of severe vulnerabilities. Let’s have a look at the details of the results.</p>
  106. <h2>4 Interpreting the scan results</h2>
  107. <p>Now that the vulnerability scan is finished we can browse to ‘Scans -&gt; Reports’ in the top menu. On the reports page we can find the report for the completed scanning task:</p>
  108. <div id="attachment_2321" style="width: 975px" class="wp-caption alignnone">
  109. <img class="wp-image-2321 size-full" src="" alt="Vulnerability scanning report" width="965" height="609" srcset=" 965w, 150w, 300w, 343w" sizes="(max-width: 965px) 100vw, 965px" />
  110. <p class="wp-caption-text">Vulnerability scanning report</p>
  111. </div>
  112. <p>By clicking the report name we can get an overview of all discovered vulnerabilities on the Metasploitable 2 machine, which is a lot as already expected. The results are ordered on severity rate by default:</p>
  113. <div id="attachment_2322" style="width: 971px" class="wp-caption alignnone">
  114. <img class="wp-image-2322 size-full" src="" alt="Discovered vulnerabilities." width="961" height="608" srcset=" 961w, 150w, 300w" sizes="(max-width: 961px) 100vw, 961px" />
  115. <p class="wp-caption-text">Discovered vulnerabilities.</p>
  116. </div>
  117. <p>When we click on the vulnerability name we can get an overview of the details regarding the vulnerability. The following details apply to a backdoor vulnerability in Unreal IRCD we’ve covered in an earlier tutorial:</p>
  118. <div id="attachment_2323" style="width: 970px" class="wp-caption alignnone">
  119. <img class="wp-image-2323 size-full" src="" alt="Vulnerability details" width="960" height="613" srcset=" 960w, 150w, 300w" sizes="(max-width: 960px) 100vw, 960px" />
  120. <p class="wp-caption-text">Vulnerability details.</p>
  121. </div>
  122. <p>Finally, we can also export the report in a variety of formats, such as: XML, HTML and PDF. WE can do this by selecting the desired format from the drop-down menu and click the green export icon as follows:</p>
  123. <div id="attachment_2324" style="width: 974px" class="wp-caption alignnone">
  124. <img class="wp-image-2324 size-full" src="" alt="Export vulnerability report to PDF" width="964" height="341" srcset=" 964w, 150w, 300w" sizes="(max-width: 964px) 100vw, 964px" />
  125. <p class="wp-caption-text">Export vulnerability report to PDF.</p>
  126. </div>
  127. <p>For now, this will conclude part 2 of the vulnerability scanning with OpenVAS tutorial. In the next and final part, we will be focusing on custom scanning configurations to fine tune our scanning needs. Part 3 of vulnerability scanning with OpenVAS will be published on May 25.</p>
  128. <a target='new' rel="nofollow" href=""><IMG border="0" alt="Virtual Hacking Labs - Penetration testing lab" src=""></a>"
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add to your ad blocker whitelist or disable your adblocking software.