openvas_logo

 

 

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution

 

 

 

Architecture Overview

 

The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools. The core of this SSL-secured service-oriented architecture is the OpenVAS Scanner. The scanner very efficiently executes the actual Network Vulnerability Tests (NVTs) which are served with daily updates Openvas NVT Feed or via a commercial feed service.

 

 

11

 

 

 

The OpenVAS Manager is the central service that consolidates plain vulnerability scanning into a full vulnerability management solution. The Manager controls the Scanner via OTP (OpenVAS Transfer Protocol) and itself offers the XML-based, stateless OpenVAS Management Protocol (OMP). All intelligence is implemented in the Manager so that it is possible to implement various lean clients that will behave consistently e.g. with regard to filtering or sorting scan results. The Manager also controls a SQL database (sqlite-based) where all configuration and scan result data is centrally stored.

 

 

A couple of different OMP clients are available: The Greenbone Security Assistant (GSA) is a lean web service offering a user interface for web browsers. GSA uses XSL transformation stylesheet that converts OMP responses into HTML.

 

 

The Greenbone Security Desktop (GSD) is a Qt-based desktop client for OMP. It runs on various Linux, Windows and other operating systems.

 

OpenVAS CLI contains the command line tool “omp”  which allows to create batch processes to drive OpenVAS Manager.

 

The OpenVAS Administrator acts as a command line tool or as a full service daemon offering the OpenVAS Administration Protocol (OAP). The most important tasks are the user management and feed management. GSA support OAP and users with the role “Admin” can access the OAP functionality.

 

Most of the tools listed above share functionality that is aggregated in the OpenVAS Libraries.

 

The OpenVAS Scanner offers the communication protocol OTP (OpenVAS Transfer Protocol) which allows to control the scan execution. This protocol is subject to be eventually replaced and thus it is not recommended to develop OTP clients. Traditionally, the desktop- and cli-tool OpenVAS Client acts as a direct OTP client.

 

 

 

Download the Plugins for OpenVAS

 

Go to   the menu   Applications > Kali > Vulnerability Analysis > OpenVAS  > Initial Setup

 

 

Screenshot from 2008-01-01 02:37:44

 

 

 

 

OpenVAS will now download all the plugins required (a few minutes)

 

Screenshot from 2014-04-10 04:43:27

 

 

The default user id is admin.  then enter a your  password as per your wish.

 

 

 

Open your  Iceweasel browser in your  Local Host  Port 9392

 

https://127.0.0.1:9392

or

https://localhost:9392

 

Screenshot from 2014-04-11 09:27:48

 

 

 

 

OpenVAS Login Box

 

openvas4 greenbone login screenDefault username = admin

 

Password (whatever you entered during setup)

 

 

Screenshot from 2014-04-14 11:57:23

 

 

 

 

OpenVAS Security Assistant screen (Hermione Granger wizard appears)

 

Screenshot from 2014-04-14 12:01:09

 

 

 

Update your Vulnerability Database Feeds

Administration > NVT Feed > Synchronise with Feed Now

 

Nvt feedThis step is critical.  if you do not update the vulnerability database feeds, it will generate errors later on.

 

 

Screenshot from 2014-04-14 12:01:09

 

Screenshot from 2014-04-14 12:01:13

 

Like wise update all below field in admin panel

Administration > NVT Feed

Administration  > SCAP Database Feed (these are xml files for the reports)

Administration > Cert Feed

 

 

 

Add Users

Administration > Users

Add Users

 

Screenshot from 2014-04-14 12:08:31

 

Screenshot from 2014-04-14 12:08:49

 

 

 

 

Set Targets to Scan

 

Configuration > Targets

Localhost will be there by default.

 

Add your router as a target eg 192.168.31.1

 

 

Look for the Blue box with a White star  click the  star

White star = New Target

 

Screenshot from 2014-04-14 12:10:04

 

 

New target Enter IP of Router, and port options (eg all TCP)

Create Target Button

 

Screenshot from 2014-04-14 12:10:50

 

 

 

 

Create a Task

Scan Management >  New Task

 

 

Screenshot from 2014-04-14 12:12:26

 

 

 

Create Task Button

Scan Config = Full and Fast

 

Screenshot from 2014-04-14 12:13:25

 

Scan the newly added target  and detail of scan report in the left side

 

Screenshot from 2014-04-14 12:13:39

 

 

Screenshot from 2014-04-14 12:16:49

 

List of Vulnerability found in the target system

 

Screenshot from 2014-04-14 12:25:45

 

Advertisements