In today's rapidly evolving digital landscape, ensuring the security of your systems and networks is important. With cyber threats becoming more advanced, organizations need robust security solutions to safeguard their sensitive data and protect their valuable assets. OpenVAS, an open-source vulnerability scanning tool, has emerged as a powerful ally in the fight against cybercrime.
It is designed to help organizations identify and manage security weaknesses in their systems and networks. It provides a comprehensive solution for vulnerability management, enabling proactive security measures and reducing the risk of potential attacks.
This project covers:
- Why your organization should embrace open source and use OpenVAS as part of your project security management strategy.
- A step-by-step guide on how to properly configure OpenVAS.
- Additional capabilities of OpenVAS beyond vulnerability scanning.
- How to identify open hosts within a network, set up a network scan with OpenVAS, configure scan parameters, and interpret results.
Thanks to its transparency, flexibility, and community-driven development, open-source software has grown significantly in popularity in recent years . Open-source technologies, such as OpenVAS, offer unmatched freedom in comparison to commercial solutions, as they allow users to access, modify, and share the source code. As a global community of developers works together to constantly improve the software, this transparency encourages creativity.
With the help of OpenVAS, enterprises may detect vulnerabilities, evaluate risks, and put in place the appropriate security measures. OpenVAS checks networks, systems, and applications for potential security holes using a sizable vulnerability database, giving you useful information to bolster your defenses. Vulnerability detection, configuration audits, compliance checks, and extensive reporting capabilities are just a few of its powerful feature sets.
Why OpenVAS ?
OpenVAS offers a vast database of Network Vulnerability Tests (NVTs) that cover a wide range of vulnerabilities. These tests enable the detection of known security vulnerabilities in operating systems, applications, and network devices.
OpenVAS is designed to scale according to the size and complexity of the environment. It can handle scanning tasks for small networks as well as large and distributed infrastructures. The tool allows customization of scan parameters, enabling users to tailor scans to specific needs, including target selection, scan intensity, scheduling and automation.
OpenVAS is built with an open architecture, allowing integration with other security tools and workflows. It provides APIs and supports standard formats like Open Vulnerability and Assessment Language (OVAL) and Common Vulnerabilities and Exposures (CVE), facilitating seamless integration into existing security frameworks.
Prerequisites
To get started in this lab ,we must have the following:
- I assume you have Oracle VM Virtualbox installed.
- Kali linux ISO set up. To install Kali linux , check here.
- Familiar with cybersecurity and networking concepts.
- Familiar with linux and bash command line.
Configuring OpenVAS
On the kali terminal, run this command to gain root access:
sudo su
To make sure we are up to date, run this command:
apt-get update && apt-get install
Step 1
To install OpenVAS, run this command:
apt-get install openvas
Step 2
To setup and start the OpenVAS services, run the command:
gvm-setup
NOTE : The setup takes time, mine took up to 12 minutes. Be patient.
Step 3
After set up, a password is generated , copy it. To save this to the Desktop , in a .txt file, run these commands;
cd Desktop
nano gvm-pass.txt
paste the password and save.
Step 4
Now, we check the installation status of OpenVAS with the command:
gvm-check-setup
The installation is not complete, I was prompted to run this command
sudo runuser -u _gvm --greenbone-nvt-sync
Now, I run thegvm-check-setupcommand again to be sure everything is good.
Step 5
Lets check the logs from OpenVAS. To do this, run these commands;
cd /var/log/gvm
tail -f gvmd.log
No SCAP database found. The feeds may be taking a longer time to get to the computer.
Open a vertical terminal and run this command
sudo su
To be sure the feeds are working ,run these commands:
greenbone-feed-sync - -type GVMD_DATA
greenbone-feed-sync - -type SCAP
greenbone-feed-sync - -type CERT
Step 6
To start the OpenVAS daemon, run this command:
gvm-start
NOTE: OpenVAS will open the Web GUI automatically. If you get a message saying OpenVAS is already running, you may need to restart OpenVAS. To do that, run these commands
gvm-stop
gvm-start
This will boot the web UI > Advanced > accept the risk.
Username is admin by default
For the password saved on your desktop;
cd Desktop
gedit gvm-pass.txt
Copy the password, paste and we're in
OpenVAS can be considered a project security management tool.
You can assign users to mitigate vulnerabilities found, create remediation tickets.
It can also set alerts, schedule scans, and automate resilience.
OpenVAS works with compliance, and compliance audits can be created for the system.
Navigate to Scanners.
OpenVAS Defaults are used the most, however, if you are not allowed to scan constantly on the network, you use the CVE.
CVE uses the collected data to check for new vulnerabilities that may have been introduced to the system.
Navigate to Configuration > port lists.
To scan all TCP and UDP ports, we need to create a new port list.
Setting up a Network Scan With OpenVAS
- Update the feeds from OpenVAS. Best to do this before we actually start to scan. OpenVAS updates their feeds every few days. To update, run this command:
gvm-feed-update
- Run this command:
traceroute google.com
The IP result for me is 192.168.100.1
- To get the Hosts that are up in the subnet, run this nMap command:
nmap 192.168.100.1/24
To return the Hosts that are up in an organized list, run this command:
nmap -sP 192.168.100.1/24 | awk '/is up/ {print up}; {gsub (/\(|\)/,""); up = $NF}'
Copy the IP addresses to a .txt file on your desktop with the command:
nano Desktop/ip-list.txt
- Run
gvm-start
New scan > scan target > new > Hosts > from file > Browse to Desktop and select the ip-list file .
Port list > all TCP and UDP ports..save.
OpenVAS can be configured to remotely access the computer via SSH. To better understand how to configure OpenSSH, check here
QoD refers to the quality of detection. The higher the quality of detection, the less amount of false positives. BUT there's a catch. There could be a vulnerability at 60% QoD that may not be caught by a higher QoD.
Its best to do 2 scans, one at QoD of 70% and another at 30%. Then compare the results.
Scan Config option, Full and fast is the most used, has all NVT used in OpenVAS.
At this point, save and start the scanning.
Note, this is an in depth and long process.
Depending on the size of your network, this process can take hours, up to days . Relax.
This scan lasted for an hour.
You may install a Metasploitable server on the background and run a second scan.
Top comments (0)