OpenVAS (Open Vulnerability Assessment System)

[Wubi]

OpenVAS is also known as Open Vulnerability Assessment System. This is a vulnerability assessment tool like other (nexpose, Nessus, acunetix, Web Application Attack & Audit Framework, core Impact, IBM Rational scan, Web Inspect), but it’s free software.

All OpenVAS products are free software. The latest version is 5.0 released in May 2012.

OpenVAS was initially named GNessUs as a fork of the Nessus security scanner to allow future free development of the now-proprietary tool.

The first time it was published by pen tester at Portcullis Computer security and it was again published by Tim Brown on Slashdot.

Suppose you are a system admin, IT manager or security engineer and you need to protect your company’s computer or network. Then you are the person who knows all the weaknesses or we can say vulnerability. A key factor to successfully finding and exploiting vulnerabilities in remote / local systems is all about the amount of information you have in hand. Another key factor is hard work; if you rely solely on vulnerability scanners to do your work for you. you’re certain to miss many interesting and critical security holes.

Vulnerability scanners can be so expensive like core-impact. Nessus (which used to be free) is now a paid subscription-based service, and other scanners such as SAINT are not too cheap either. Core-impact is awesome even brilliant software, well worth purchasing if you are a professional pen testing company with lots of clients, but some small companies can’t even consider core impact.

So thanks to open source software, OpenVAS is to the rescue. OpenVAS is another brilliant vulnerability scanner. Configuration of OpenVAS is a bit of a pain in the head but is well worth the hard effort. Here we take a look at the basic setup process, how to use OpenVAS on Backtrack 5 and some scanning types. Kindly go through process very cleanly.

Installing OpenVAS:

The easiest way to installing all required plugins of the OpenVAS suite is to issue the following commands in a terminal window.

The OpenVAS is a good package that holds all information required to download automatically and ready as a full suite tool.

Menu entries of OpenVAS:

After “apt-get install OpenVAS” command you can see the OpenVAS has been installed, and find all the menu entries in this location.

Configuration of OpenVAS:

1. Adding a new user, from the menu bar (list of OpenVAS) select AddUser and follow the instruction.
   
   There are some rules for the user which is admin in backtrack i.e. root. “Openvassd has a rules system which allows you to restrict the hosts that root has the right to test.” Like administrator in a Windows system.
   
   Here we have to give a password that we assign to the root user/account.
   
   
   Suppose the user is not an administrator, then we can write some rules for the user, and after completing the rule writing session press “ctrl+D” to exit.
   
   Here you can see after pressing ctrl+D it shows us Login user (root) and password in asterisk format and last but not least are rules, which we have not created here.
   
   
2. OpenVAS check startup is a very important tool. While running it checks for problems and it gives you advice on how to fix them if necessary.
   
   OpenVAS-check-setup – > test completeness and readiness of OpenVAS-4
   
   It checks step by step, checking OpenVAS scanner…
   
   OpenVAS Scanner version 3.2.3
   
   Then it shows us what error exists and how to fix it.
   
   Like in the below screenshot which shows Error: No CA certificate file of OpenVAS scanner found.
   
   And how to fix it: Run ‘OpenVAS –mkcert’.
   
   
   
   After giving a suggestion to fix this basic error, a final error is shown: “Error: Your OpenVAS – 4 installation is not yet complete!”
   
   At the same time it asks us to provide feedback and report wrong results to help them improve the check routine.
   
   
3. OpenVAS Mkcert (process to create certificate): this process is creating SSL certification for using OpenVAS. It is mandatory; if you think “what is the need of an SSL certificate?” then you should know that without Mkcert you can’t go to next step.
   
   For creating a certificate it will ask you about your time zone, city and your organization, along with some questions about how many days it will work, etc. The questions are easy, just write the answer correctly.
   
   
   As soon as we create our certificate we can later use these files from the following path:
   
   Certification Authority:
   
   Certificate = /usr /local /var /lib /openvas /ca /cacert .pem
   
   Private Key = /usr /local /var /lib /openvas /private /ca /cakey .pem
   
   OpenVAS server:
   
   Certificate = /usr /local /var /lib /openvas /ca /serversert .pem
   
   Private Key = /usr /local /var /lib /openvas /private /ca /cakey .pem
   
   
4. OpenVAS NVT sync: This process is just like updating Metasploit for the latest update, exploit and even payload. After the NVT sync we will get the entire scanner that we will use for scanning. We need to do this process regularly for better results.
   
   
   When we start the NVT sync process, the system updates all NVTs for scanning which takes time, depending upon your Internet connection. In the updating process it uses some script for synchronizing an NVT collection with the ‘OpenVAS NVT feed’. We can find NVTs in the local system “/usr /local /var /lib /openvas /plugins”, and at the same time it also uses wget. Wget is software for downloading and crawling web sites. If you want to use wget, then you can find it on your local system at ” /usr /bin /wget “. You can manually download NVTs from “http:// www. Openvas.org /openvas – nvt – feed –current. Tar .bz2?.
   
   After updating NVTs it will show the screen below:
   
   
   
   This screen shot shows which NVTs are updated and what they are. As I said earlier it takes time as per your Internet connection, so wait for the update.
   
5. Start OpenVAS scanner: We updated our basic scanner package. So it will take some time to recollect it all and to check for and load new NVTs. When we download a newer NVT then we add it to the list.
   
   
   
   After starting OpenVAS scanner it takes time to load all plugins…
   
   
   
   All plugins loaded.
   
   
6. Start OpenVAS manager:
   
   
7. The first thing we need to do is make a client certificate for OpenVAS manager; this is done by clicking on Start OpenVAS Manager in the menu or the following command.
   
   “OpenVAS-mkcert-client –n om –I”
   
   As soon as we give the above command it generate an RSA private key that is 1024 bit long.
   
   All the given information for certification is used here.
   
   
   
   After writing the above command the cert for client has been done.
   
   Now we need to rebuild the database as it is now out of date with newly added NVTs. If we do not rebuild the database then we might face an error.
   
   Rebuild Command for openvasmd: openvasmd –rebuild
   
   Obviously this will take some time to update the version information and database,so be patient.
   
   
8. Start OpenVAS administrator: configuration of administrator is a really big deal. So be careful about this. We need to create an administrator user that we will be using to perform all of our vulnerability assessment activities.
   
   Command for configuration of administrator user:
   
   Openvasad –c ‘add_user’ –n openvasadmin –r admin
   
   As we all know about admin user and password, we need to rememberthem for the next use. So enter the proper username and password.
   

After given the command for creating the user it updates his database with username andpassword, and no rule file is updated.

Start OpenVAS Manager: Now it’s time to start OpenVAS manager. I am using a local system for all service, 127.0.0.1 known as the loopback IP address.

Command for manager: “openvasmd –p 9390 –a 127.0.0.1?

Start OpenVAS Administrator:

Command to start administrator on the local machine: Openvasad –a 127.0.0.1 –p 9393

Start Greenbone Security Assistant:

Time to start the next service, Greenbone Security Assistant. This again runs as a daemon in the background. Again we use our local loopback IP.

Command for Greenbone Security Assistant: “gsad –http-only –listen=127.0.0.1 –p 9392?

Congratulations! You have completed the installation process. I know it seems difficult, but it’s worth it when we use OpenVAS for scanning.

OpenVAS user interfaces:

Greenbone Security Desktop: now it’s time to start the user interface for scanning the product and daemons.

This is the user interface, now you can use this is as a scanner. It is open source and because of this reason we find lots of vulnerabilities in our product.

Web interface:

Web interface is the next method or approach to login and use to scan web applications, like a scan for vulnerabilities.

Open a browser and enter the following address:

127.0.0.1:9392

Then it shows you a login screena web application. But remember once you log in using a web browser your CPU usage goes through the roof and sometimes your system gets stuck for while so be patient.

With the reference to above screenshot, after getting successful a login, at the left hand side bar you can see some option like tasks, new task, notes, overrides, and performance that all are related to scan management.

The next and main thing is configuration, that is really important and I know you will learn this part by yourself. Some rough ideas about this are: scan config for configuration scan types, config which kind of target you have in target options, sometimes we need credentials to scan (web page login, systems user name & password), and we can schedule our tasks.

All the best for your OpenVAS (Open Vulnerability Assessment System). Let me know if you need any assistance with it.

Sursa InfoSec Resources