OPENVAS – Analyzing vulnerabilities

OPENVAS – Where to start

 

Openvas is a powerful vulnerability assessment tool that has its Community version. It can be obtained by installing it through repositories, from the source code or by downloading an ISO to install in a virtual machine.

For this post we are going to download the ISO and see its installation. The latest version is currently 6.0.10, you can download it at:

https://files.greenbone.net/download/VM/gsm-ce-6.0.10.iso

Once downloaded the ISO we create our virtual machine in the hypervisor that we like, where minimum we would put 2 vcp, 4 GB RAM and 18GB HD which is recommended and we start from the ISO. Depending on the hypervisor take a look at:

https://docs.greenbone.net/

In the case of VirtualBox tells us to disable audio, floppy and usb, so once the machine is created we edit its configuration and in System we disable the floppy, in Audio we disable the audio and in USB the USB. For the installation it is necessary that the machine has internet. Once this is done, we start the machine from the ISO.

openvas select iso

Once the machine has been selected and started, the following menu appears

openvas setup

As we are going to install it, we select Setup and it will indicate us that the disk will be formatted and all the data will be erased, we indicate it yes and we continue. During the installation we will see the following screen.

openvas instalation progress

Until you ask for the administrator user

openvas admin user

And then the password, we write it and continue, asking to restart, we restart without the ISO, selecting yes in the next screen.

openvas eject cd-rom

Once restarted it will indicate us that it continues installing and that you do not try to log in, therefore we wait until it restarts again, it is important that the virtual machine has internet.

openvas shell

After a few minutes it will restart and we log in first by shell and the following screen will appear.

openvas wizard

We press yes and it will ask us if we want to create a global web administrator, we indicate Yes, we write the user and pass and the next screen will be to upload a subscription, in our case we will skip this step to use only the CE version.

openvas key

In the next step we will be asked if we want to download the feed, obviously we indicate Yes to feed the Openvas vulnerability database.

openvas download feeds

This process needs to download a lot of data so it will be slow, if you have any problem, in the menu that will appear go to Setup/Feed/GreenBoneServer/Syncport change the 24 to 443.

We return to the main menu and in Maintenance/Feed we will be able to see

openvas update feeds

Where we can observe that it is currently busy because it is updating, we take a coffee and come back in a while to see that it has finished. Always before any test that is going to be performed later in time launch an update of the feed.

Once this process is done we access by web to the address of your machine with https, we enter user and pass and we will find the Dashboard

openvas dashboard

Explaining everything in a single post is a bit complicated so we will explain something basic like scanning a host and interpreting the data. In this link you can find the complete documentation and if you have any doubt I will be happy to help you.

https://docs.greenbone.net

First we click on the user icon at the top right to set the schedule of our server and in General we adjust the parameters

openvas edit user

We are going to perform a first scan of a host with default values of our Openvas, in the Scans menu we click on tasks

openvas task

Where we have the help, the wizard and the option to add a new task.

In this case we are going to click on Advanced Task Wizard

openvas advanced task wizard

We give it a name, choose the type of scan, the targets, if we want to schedule it and if we want to do it with credentials of the machine to make it more complete.

Here indicate that it is possible that it gives you a failure if you schedule it for the same day or even if you have selected start immediately, in the calendar, select a later date and it will let you create it and start the task.

openvas graphic task

If we click on Reports where it says 1 we will see the process and what is found depending on the type of vulnerability.

openvas report

Once the scan is finished, we can see the vulnerabilities found and an average of the risk of that host in Severity, in this case 7.8.

openvas report scan

If we click on the report we will obtain the detail sorted as follows.

openvas report detail

Clicking on the Results section will show the vulnerabilities

openvas results

If we open each of them we will see information about it and their solutions or how to reduce the risk.

In the case of the Generic format string vulnerability, the solution is to update the operating system.

openvas detail vulnerability

In the case of DC/RPC and MSRPC Services Enumeration Reporting, it recommends filtering incoming traffic.

openvas detail vulnerability

In the other sections we have Hosts, where we get details about the host scanned, Ports the ports detected, Applications applications detected, Operating Systems the operating system, CVEs found, Closed CVEs not vulnerable, in this case being a Windows 2012 it returns us that it is not vulnerable to

openvas vulnerabilities

Tls Certificates TLS certificates, Error Messages, error messages during the scan and the user tags that match the ones we have defined in Configuration/Tags.

Now we are going to do the same scan but providing the credentials of the machine in the task. To do this we first go to Configuration/Credentials and add a new one

openvas task with credentials

After adding the credentials in the task wizard we will have them available for selection, in this case being Windows we will select them in SMB Credentials and launch a scan again. As we can see in the following image the number of vulnerabilities is much higher, since I have previously prepared this scenario to protect this machine from many of them by doing an external scan, now I am giving the credentials.

openvas report

openvas total vulnerabilities

openvas summary

In the upper part of the reports we find the following actions and filters.

openvas report done

These are very useful and we leave it to you to take a look at them. For example the last icon we can export the results in different formats to make any very complete report.

openvas scan report

openvas detail vulnerability scan report

This post is made for educational purposes, do not misuse it, because as I always say do not do what you do not want to be done.

On the other hand, knowing how to handle tools of this type does not imply that you can already do security audits, this is just a grain of sand in a mountain, but if you liked it and you are restless, keep looking and learning new things, there is a universe out there.

TL.

Deja tu comentario

Your email address will not be published. Required fields are marked *

Últimos artículos

seguridad de datos

Zextras Carbonio CE

ZEXTRAS CARBONIO COMMUNITY EDITION, YOUR DATA, YOUR CONTROL We live in a world where data

Más visitados