Is the previous tutorials Vulnerability Scanning with OpenVAS 9.0 part 1 we’ve gone through the set up manner of OpenVAS on Kali Linux and the set up of the virtual equipment. In this tutorials we are able to learn how to configure and run a vulnerability test. For demonstration purposes we’ve also set up a digital device with Metasploitable 2 which we’ll goal with OpenVAS.
Before we are able to simply start vulnerability scanning with OpenVAS 9, we’ve to complete the subsequent responsibilities:
- Create and configure a target.
- Create and configure a scan venture.
- Run the scan.
At this factor of the tutorial you need to have OpenVAS 9.0 established and configured. If you haven’t done this at this point I propose to follow part 1 of vulnerability scanning with OpenVAS first. To comply with along it is also recommended to have a vulnerable Metasploitable device up and going for walks that is handy from the OpenVAS appliance or the Kali Linux VM you’ve established OpenVAS on. The lab setup used for this tutorial appears as follows:
- Host gadget with VMWare Workstation Pro 12.
- Kali Linux 2018.2 VM with OpenVAS 9.0 installed (192.168.65.128).
- Metasploitable 2 VM (192.168.65.137).
All digital machines use the NAT community which may be configured in the network settings at the community adapter. Now that we’ve got the whole thing up and strolling, permit’s begin with configuring a target and an experiment mission.
1. Creating a target in OpenVAS
The first step is to create and configure a target the usage of the OpenVAS/Greenbone Security Assistant web interface. This newly created target is selected in the following step wherein we configure a scanning undertaking.
To create a goal, we need to follow 2 steps:
- Go to ‘Configuration’ within the top menu and pick ’Targets’.
- Click the blue icon inside the pinnacle left nook to create a new target.
After hitting the new goal button, a dialog screen appears in which we must input the following data:
- Target call, we’ll call it Metasploitable 2
- The goal IP host that’s the IP deal with for our Metasploitable 2 lab gadget.
Keep all different settings default and click on the ‘Create’ button.
The newly created target will now appear inside the listing of to be had target:
Now that we’ve got our target all set up, permit’s retain with developing a test task so one can scan the Metasploitable 2 target for vulnerabilities.
2. Configuring a scanning venture in OpenVAS
In this phase of the educational we are able to create a new scanning venture. A scanning challenge defines which objectives might be scanned and also the scanning options which include a schedule, scanning configuration and concurrently scanned objectives and NVTs according to host. In this educational we are able to just create an experiment task and use default test configurations. In Vulnerability Scanning with OpenVAS 9.0 element 3 (Will be published on: May 25 2018) we will have a more detailed inspect scanning configurations.
To create a new experiment mission, we ought to perform the following steps:
- Go to ‘Scans’ in the pinnacle menu and select ’Tasks’.
- Point to the blue icon in the pinnacle left corner and pick out ‘New Task’.
After clicking the new experiment alternative, a conversation display screen seems where we ought to input the subsequent facts:
- Task name, we’ll call it ‘Scan Metasploitable 2’.
- Make certain that the Metasploitable 2 target we’ve created in advance is selected.
- Tick the schedule as soon as checkbox.
- Keep all different settings default and click on the ‘Create’ button to create the brand new challenge.
The newly created undertaking will now appear inside the undertaking list as follows:
There’s also a few other alternatives to create test duties. We can use the experiment undertaking wizard to right away experiment a target and also the superior test undertaking wizard which gives a few more alternatives to configure. For demonstration purposes we’ll stick with the mission we’ve simply created.
Now that we’ve configured the scan undertaking and introduced the Metasploitable 2 machine to the target list, all that stays is to run the venture and wait for the outcomes.
3. Running the OpenVAS vulnerability scan
To run the newly created undertaking we simply must click the inexperienced start button as follows:
The experiment assignment will now execute against the chosen goal. Please notice that complete scan might also take a while to finish. When you refresh the obligations web page you may be in a position to test the development for the achieved task:
- Reload the page.
- Check assignment reputation/progress.
After ready some time the test challenge is finished and the repute modifications to ‘Done’:
As expected we are able to see that OpenVAS found some of severe vulnerabilities. Let’s have a take a look at the information of the consequences.
4. Interpreting the experiment outcomes
Now that the vulnerability scan is completed we will browse to ‘Scans -> Reports’ within the pinnacle menu. On the reviews web page we will find the record for the completed scanning project:
By clicking the report call we are able to get a top level view of all discovered vulnerabilities on the Metasploitable 2 system, which is a lot as already predicted. The effects are ordered on severity fee by using default:
When we click on at the vulnerability name we will get an outline of the details concerning the vulnerability. The following details follow to a backdoor vulnerability in Unreal IRCD we’ve covered in an earlier tutorial:
Finally, we also can export the report in a diffusion of codecs, such as: XML, HTML and PDF. WE can try this by means of selecting the desired format from the drop-down menu and click the inexperienced export icon as follows:
For now, this will conclude element 2 of the vulnerability scanning with OpenVAS academic. In the subsequent and final part, we will be focusing on custom scanning configurations to high-quality song our scanning wishes. Part 3 of vulnerability scanning with OpenVAS may be posted on May 25.