Skip to main content

OpenVAS vulnerability scanner



 OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.

·         The actual security scanner is accompanied with a regularly updated feed of Network Vulnerability Tests (NVTs), over 50,000 in total. All OpenVAS products are Free Software. Most components are licensed under the GNU General Public License (GNU GPL).



·         About NVT Feed - Greenbone maintains a public feed of Network Vulnerability Tests (NVTs) for the OpenVAS project, the Greenbone Community Feed. It contains more than 50,000 NVTs, growing on a permanent basis. This feed is configured as the default for the OpenVAS Scanner and relates to the Greenbone Security Feed which is part of the commercial Greenbone Security Manager appliance products.

·         For online-synchronization use the command greenbone-nvt-sync to update your local NVTs with the newest ones from the feed service. This command will download the Greenbone Community Feed unless it is executed in a Greenbone OS environment with a valid subscription key in which case it will download the Greenbone Security Feed.


·         OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database         (sqlite-based) where all configuration and scan result data is centrally stored. Finally, Manager also handles user management including access control with groups and roles.



Installation and Configuration
·         OpenVAS is not included in the default Ubuntu repositories, install its PPA

sudo apt install software-properties-common

sudo add-apt-repository ppa:mrazavi/openvas

·         Install the SQLite 3 database package. This is used to store the Common Vulnerabilities and Exposures (CVE) data.

sudo apt-get install -y sqlite3 rpm nsis alien

sudo apt-get install -y sqlite3 texlive-latex-extra --no-install-recommends

sudo apt-get install -y texlive-fonts-recommended

sudo wget --no-check-certificate https://svn.wald.intevation.org/svn/openvas/branches/tools-attic/openvas-check-setup

sudo chmod +x openvas-check-setup

apt-get install openvas9

sudo apt update –y

·         Sync the OpenVAS NVT feed. This allows your installation to access tests for the most current vulnerabilities and exposures.

sudo greenbone-nvt-sync

·         Sync Security Content Automation Protocol (SCAP) and Computer Emergency Readiness Team (CERT) vulnerability data to a local database. The synchronization will take several minutes, and you can monitor its progress in the output

sudo greenbone-scapdata-sync

sudo greenbone-certdata-sync

service openvas-scanner start

service openvas-manager start

openvasmd --update –progress

sudo openvasmd --rebuild --progress

sudo ./openvas-check-setup --v9

service openvas-scanner start

service openvas-manager start

·         After successful installation go to browser and type  https://Your_Public_IP:4000 you will see login page where default login and password is admin:admin.





·         You can change it by sudo openvasmd --user=admin --new-password=admin




·         Go to scan- task- task wizard and give IP where you want to run scan.

·         After scan you will see result like this.
·         Note-If you see error in browser like - The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.
To Solve this -
Edit - /etc/default/openvas-gsa
change #ALLOW_HEADER_HOST= 
To
ALLOW_HEADER_HOST=Your_Public_IP

Comments

Post a Comment

Popular posts from this blog

OSSEC - Open source And Free Host Intrusion Detection System (HIDS)

As it clarify with name that it is host based intrusion detention system we need to set it up in host/server which we want to monitor. Features File Integrity checking Log Monitoring Rootkit detection Active response Benefits Compliance Requirements -  PCI and HIPAA Multi platform Real-time and Configurable Alerts Integration with current infrastructure Centralized management Agent and agentless m onitoring Configuration   I did in Ubuntu so here are commands I used  sudo apt get update -y sudo apt-get install apache2 -y sudo apt-get install build-essential -y sudo apt get update -y wget https://github.com/ossec/ossec-hids/archive/2.9.2.tar.gz sudo tar -zxvf 2.9.2.tar.gz cd ossec-hids-2.9.2/ sudo ./install.sh sudo /var/ossec/bin/ossec-control start cd /home/ubuntu wget https://github.com/ossec/ossec-wui/archive/master.zip sudo apt-get install unzip -y sudo unzip master.zip mv ossec-wui-master /var/www/html/ossec ...
Post a Comment
Read more

An Nvidia card was not detected in your system fix for Asus Laptops

This article explains how to fix issue like "NVIDIA display settings are not available" OR "An Nvidia card was not detected in your system" in your Asus laptop. The Error looks like  And GPU is not present in armory crate as well You will not be able to Nvidia driver in Device Manager as well To fix this go to your armory crate software and check if Eco mode is enabled in GPU mode. Select any other mode i.e., standard  If you do not see it in your Home Page, go to device and select GPU power saving option and select any other mode than Eco mode. As you select any other mode your GPU will be back This happens because Eco Mode Completely disables GPU for power saving from armory crate Made a video as well regarding this do check it out.
Post a Comment
Read more