OpenVAS, an application used to scan endpoints and web applications to identify and detect vulnerabilities. It is commonly used by corporations as part of their mitigation solutions to quickly identify any gaps in their production or even development servers or applications. This is not an end all be all solution but can help to get rid of any common vulnerabilities that may have slipped through the cracks.
From the OpenVAS GitHub repository “This is the Open Vulnerability Assessment Scanner (OpenVAS) of the Greenbone Vulnerability Management (GVM) Solution. It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).”
GVM Framework Architecture:
As previously mentioned OpenVAS is built off the GreenBone Vulnerability Management (GVM) solution and is only one of the appliances that is released from GreenBone.
OpenVAS is a service within a larger framework of services known as Greenbone Vulnerability Management (GVM). In this task we will break down the services that make up the framework and their roles.
Above is a brief visual breakdown of what the GVM framework looks like. There are many components that are apart of the architecture for the GVM framework, but we can break it down into three distinct sections: Front-End, Back-End, and Vulnerability/Information feed. These sections are further explained below.
Vulnerability/Information Feed (NVT, SCAP CERT, User Data, Community Feed)
This section will contain all information and vulnerability tests that come from the Greenbone Community Feed that will be the main baseline for testing against systems. This can also include User Data provided by the user in place of Greenbone NVTs and SCAP CERTs.
Back-End (OSP, OpenVAS, Targets)
The back-end infrastructure is what will be actually conducting all of the vulnerability scanning and processing data and NVTS through OpenVAS and GVM. Greenbone Vulnerability Manager will be the middle man between the scanners and the front-end user interfaces.
Front-End (GSA, Web Interfaces)
This is what you interact with when you navigate to OpenVAS in your browser. The web interfaces are built off of the Greenbone Security Assistant and make life easier
The installation procedure for OpenVAS can vary based on how you decide to install. You can install from Kali/OpenVAS repos, install from source, or run from a docker container. For our purposes, the preferred method is to run it inside a docker container as we don’t have to worry about a lot of the setup or errors that we may run into with other installation methods.
Option 1: Install from Kali/OpenVAS repositories
To install OpenVAS/GVM from the repos you will need to first add the repos to your distro then follow the directions given when the repository is added. To add the repos to your distro run the following command in an elevated shell:
apt-get install software-properties-common && add-apt-repository ppa:mrazavi/openvas
For more information about this installation method check out this guide.
Option 2: Install from Source
Installing from source is the least preferred option for beginners and the least optimized way of installing OpenVAS due to prerequisites and make errors. For more information about installing from source look at the INSTALL.MD.
Option 3: Run from Docker (Preferred)
Docker is by far the easiest of all three installation methods and only requires one command to be run to get the client started. For this installation procedure, you will need docker installed.
apt install docker.io
docker run -d -p 443:443 --name openvas mikesplain/openvas
This command will both pull the docker container and then run the container. It may take a few minutes for the container to fully set up and begin running. Once it is complete you can then navigate to https://127.0.0.1 in your preferred browser and OpenVAS will be setup and ready to go!
Below are the default credentials to access OpenVAS/GVM:
If you successfully logged into OpenVAS you should see a dashboard that looks similar to the one below.
Before we can start scanning and implementing OpenVAS into our vulnerability management solution we need to do a little bit of maintenance and configuration to get OpenVAS properly working. Luckily for us, OpenVAS makes the process very easy and includes a wizard to make the process straightforward.
Begin by navigating to Scans > Tasks and clicking on the purple magic wand icon to begin the basic configuration wizard. We recommend beginning a scan on
127.0.0.1 to test out your installation and ensure it is working properly.
If you successfully navigated to the wizard you should see a pop-up similar to the one above. This is where you will set up your initial scan against your localhost to ensure everything is properly configured.
The scan may take a while to complete, allow OpenVAS enough time to finish the scan, and then you will be met with a new dashboard for monitoring and analyzing your complete and ongoing scans like the one below.
Once your scan has finished you can navigate to Scans > Reports and click on your newly created report from your previous task.
Now that we know that everything is working we can get into the nitty-gritty of OpenVAS and how it works. Deploy the machine and navigate to Scans > Tasks to begin creating a task to scan the provided machine.
Creating a Task
To create a configurable task navigate to the star icon in the upper right-hand corner of the Tasks dashboard and select New Task.
Once you select New Task from the dropdown you will be met with a large pop-up with many options. We will break down each of the options sections and what they can be used for.
For this task, we will be focusing only on the Name, Scan Targets, and Scanner Type, and Scan Config. In later tasks, we will be focusing on the other options for more advanced configuration and implementation/automation.
- Name: Allows us to set the name the scan will be known as inside of OpenVAS
- Scan Targets: The targets to scan, can include Hosts, Ports, and Credentials. To create a new target you will need to follow another pop-up, this will be covered later in this task.
- Scanner: The scanner to use by default will use the OpenVAS architecture however you can set this to any scanner of your choosing in the settings menu.
- Scan Config: OpenVAS has seven different scan types you can select from and will be used based on how you aggressive or what information you want to collect from your scan.
Scoping a New Target
To scope a new target, navigate to the star icon next to Scan Targets.
Above is the menu for configuring a new target. The two main options you will need to configure are the Name and the Hosts. This procedure is fairly straight forward and other options will only be used in advanced vulnerability management solutions. These will be covered in later tasks.
Now that we have our target scoped we can continue to create our task and begin the scan.
Once you create the task you will be brought back to the scan dashboard where you can monitor and start your task. To start the task navigate to the start icon under Actions.
Reporting and Continuous Monitoring:
OpenVAS has very strong reporting and monitoring capabilities that can contribute to an efficient and optimal solution in your build or vulnerability management pipeline.
Download the provided report from a vulnerable machine to get familiar with the automated reporting capabilities of OpenVAS.
Practical Vulnerability Management:
The OpenVAS reports used are created from rooms on TryHackMe, machines used are credited to their respective owners.
Case 001: MS00-What?
In this scenario, you are assigned to a routine vulnerability management pipeline as a SOC analyst. Your automated pipeline has already pulled a scan on the server, it is up to you to analyze and identify risk in this report.
1.When did the scan start in Case 001?
2.When did the scan end in Case 001?
3.How many ports are open in Case 001?
4.How many total vulnerabilities were found in Case 001?
5.What is the highest severity vulnerability found? (MSxx-xxx)
6.What is the first affected OS to this vulnerability?
A:Microsoft Windows 10 x32/x64 Edition
7.What is the recommended vulnerability detection method?
A:Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.
Want to learn more? There are many guides and blogs out on OpenVAS and GVM highlighting various advanced topics and features of the platforms. You can get a lot of information and technical understanding from the Greenbone technologies manual portal and forums.
You can find the Greenbone Technology Documentation, here.
If you want to continue working on your vulnerability management knowledge, check out the rest of the vulnerability management section of the Cyber Defense path on TryHackMe.
please everyone join my telegram channel :https://t.me/hackerwheel
Change the world