how to scan for vulnerabilities with openvas _ knowledge base _ scanarch
TRANSCRIPT
main (/main/)account (/account/)
Dashboard
ScanArch guides and tutorials
General guides
Networking
Scanning
How to use masscan to find heartbleedvulnerabilities (/How-to-use-masscan-to-find-heartbleed-vulnerabilities/)How to scan for vulnerabilities withOpenVAS (/How-to-scan-for-vulnerabilities-with-OpenVAS/)
Security guides
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
1 sur 10 21/06/2015 20:34
echo "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/De
bian_7.0/ ./" >> /etc/apt/sources.list
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_
7.0/Release.key
apt-key add ./Release.key
sudo apt-get update
apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-sc
anner openvas-administrator sqlite3 xsltproc rsync
apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended ht
mldoc
apt-get -y install alien rpm nsis fakeroot
test -e /var/lib/openvas/CA/cacert.pem || openvas-mkcert -q
openvas-nvt-sync
test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i
/etc/init.d/openvas-manager stop
/etc/init.d/openvas-scanner stop
openvassd
openvasmd --rebuild
openvas-scapdata-sync
openvas-certdata-sync
test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
2 sur 10 21/06/2015 20:34
killall openvassd
sleep 15
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator restart
/etc/init.d/greenbone-security-assistant restart
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas
openvas-setup
( nothing to do, all is up and running directly after installation )
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum upgrade
yum install openvas
openvas-setup
( nothing to do, all is up and running directly after installation )
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas
openvas-setup
( nothing to do, all is up and running directly after installation )
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
3 sur 10 21/06/2015 20:34
zypper ar -f http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v
6/openSUSE_12.3/ openvas
zypper ref && zypper in -t pattern openvas
openvas-setup
sudo apt-get -y install python-software-properties
sudo add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenV
AS:/UNSTABLE:/v5/xUbuntu_12.04/ ./"
sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54
sudo apt-get update
sudo apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager o
penvas-scanner openvas-administrator sqlite3 xsltproc
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q
sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin
chmod +x openvas-check-setup
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
4 sur 10 21/06/2015 20:34
./openvas-check-setup
./openvas-check-setup [ --v4 | --v5 | --v6 | ... ]
./openvas-check-setup --server
openvas-check-setup 2.0.1
Test completeness and readiness of OpenVAS-4
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pe
m.
OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 3.0.0.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clien
tcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled
.
OK: OpenVAS Manager database is at revision 42.
OK: OpenVAS Manager expects database at revision 42.
OK: Database schema is up to date.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.1.2.
OK: At least one user exists.
ERROR: No admin user found. You need to create at least one admin user to log
in.
FIX: Create a user using 'openvasad -c 'add_user' -n -r Admin'
ERROR: Your OpenVAS-4 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the probl
em.
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
5 sur 10 21/06/2015 20:34
omp -g
openvas-check-setup 2.0.1
Test completeness and readiness of OpenVAS-4
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pe
m.
OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 3.0.0.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clien
tcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled
.
OK: OpenVAS Manager database is at revision 42.
OK: OpenVAS Manager expects database at revision 42.
OK: Database schema is up to date.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.1.2.
OK: At least one user exists.
OK: At least one admin user exists.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 3.0.0.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.1.2.
Step 6: Checking Greenbone Security Desktop (GSD) ...
OK: Greenbone Security Desktop is present in Version 1.1.1.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
OK: OpenVAS Administrator is running and listening on all interfaces.
OK: OpenVAS Administrator is listening on port 9393, which is the default port
.
OK: Greenbone Security Assistant is running and listening on all interfaces.
OK: Greenbone Security Assistant is listening on port 9392, which is the defau
lt port.
It seems like your OpenVAS-4 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the probl
em.
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
6 sur 10 21/06/2015 20:34
$ omp -u <user> -w <password> -g
085569ce-73ed-11df-83c3-002264764cea empty
daba56c8-73ec-11df-a475-002264764cea Full and fast
698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea Full and very deep
74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate
omp --xml='
<create_target>
<name>Target Name</name>
<hosts>172.16.83.130</hosts>
</create_target>'
$ omp -u <user> -w <password> --xml='
<create_target>
<name>Target Name</name>
<hosts>172.16.83.130</hosts>
</create_target>'
<create_target_response id="8618ee57-27c2-4aaa-95f2-218f503a8398" status_text="OK,
resource created" status="201"></create_target_response>
omp --xml=' <create_task>
<name>Daily scan</name>
<comment>Deep scan on Server 3</comment>
<config id=”74db13d6-7489-11df-91b9-002264764cea”/>
<target id=”8618ee57-27c2-4aaa-95f2-218f503a8398”/>
</create_task>’
$ omp -u <user> -w <password> --xml='
<create_task>
<name>Daily scan</name>
<comment>Deep scan on Server 3</comment>
<config id="74db13d6-7489-11df-91b9-002264764cea"/>
<target id="8618ee57-27c2-4aaa-95f2-218f503a8398"/>
</create_task>'
<create_task_response id="c9d0b718-7003-410e-b94b-f1557425c942" status_text="OK,
resource created" status="201"></create_task_response>
omp --xml='<start_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'
omp --xml='<stop_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'
omp --xml='<pause_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'
omp -G
omp -iX '<get_tasks details="1"/>'
omp -iX '<get_tasks task_id="77ba3c2e-ff61-44b7-86ed-f10d213008ee" details="1"/>'
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
7 sur 10 21/06/2015 20:34
omp -iX '<get_report_formats/>'
omp -iX '<get_reports report_id="68d3bf25-591e-4be6-97af-1e66fd8924ab" format_id="c402cc3e-b531-11e1-9163-406186ea4fc5"/>'
https://127.0.0.1:9392
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
8 sur 10 21/06/2015 20:34
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
9 sur 10 21/06/2015 20:34
How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
10 sur 10 21/06/2015 20:34