Try Hack Me — OpenVAS Walkthrough
OpenVAS is a vulnerability scanner that scans endpoints and web apps to locate and find flaws. Corporations often use it as part of their prevention strategies to easily find any holes in their manufacturing or development servers or applications. This isn’t a solution, but it will aid in the elimination of any basic vulnerabilities that might have fallen through the cracks.
From the OpenVAS GitHub repository “This is the Open Vulnerability Assessment Scanner (OpenVAS) of the Greenbone Vulnerability Management (GVM) Solution. It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs)
GVM Framework Architecture
As previously mentioned OpenVAS is built off the GreenBone Vulnerability Management (GVM) solution and is only one of the appliances that is released from GreenBone.
OpenVAS is a service within a larger framework of services known as Greenbone Vulnerability Management (GVM). In this task we will break down the services that make up the framework and their roles.
Above is a brief visual breakdown of what the GVM framework looks like. There are many components that are apart of the architecture for the GVM framework, but we can break it down into three distinct sections: Front-End, Back-End, and Vulnerability/Information feed. These sections are further explained below.
Vulnerability/Information Feed (NVT, SCAP CERT, User Data, Community Feed)
This section will contain all information and vulnerability tests that come from the Greenbone Community Feed that will be the main baseline for testing against systems. This can also include User Data provided by the user in place of Greenbone NVTs and SCAP CERTs.
Back-End (OSP, OpenVAS, Targets)
The back-end infrastructure is what will be actually conducting all of the vulnerability scanning and processing data and NVTS through OpenVAS and GVM. Greenbone Vulnerability Manager will be the middle man between the scanners and the front-end user interfaces.
Front-End (GSA, Web Interfaces)
This is what you interact with when you navigate to OpenVAS in your browser. The web interfaces are built off of the Greenbone Security Assistant and make life easier for an analyst or operator when working with OpenVAS or other forms of scanners through the GVM.
For more information about the GVM framework architecture check out this forum post https://community.greenbone.net/t/about-gvm-10-architecture/1231.
Depending on how you choose to install OpenVAS, the process can differ. You can use the Kali/OpenVAS repositories, build from source, or run from a Docker container to load. For our purposes, running it inside a docker container is the preferred option because we don’t have to care about a lot of the configuration or bugs that we might encounter with other installation methods.
Option 1: Install from Kali/OpenVAS repositories
Installing from libraries can either be very easy or it can be a very painful method. The installation of OpenVAS varies in complexity and can need several modifications to be run. Check out the guides below for more information on this alternative.
Option 2: Install from Source
Installing from source is the least preferred option for beginners and the least optimized way of installing OpenVAS due to prerequisites and make errors. For more information about installing from source look at the INSTALL.MD.
Option 3: Run from Docker (Preferred)
Docker is by far the easiest of all three installation methods and only requires one command to be run to get the client started. For this installation procedure, you will need docker installed
- type apt-get update & upgrade
- apt-get install docker.io
- docker run -d -p 443:443 — name openvas mikesplain/openvas
then it will create a docker container and using this link https://127.0.0.1 you will be able to login to the OpenVAS admin panel
Username — admin Password — admin
Start Docker container
just in case you docker container in not working after restart your machine which mean it service is shutdown there for we need to start the docker container
first we need to type
docker ps -a → To list all containers, both running and stopped, add
to start the container docker start <container_ID>
Now that we know that everything is working we can get into the nitty-gritty of OpenVAS and how it works. Deploy the machine and navigate to Scans > Tasks to begin creating a task to scan the provided machine.
Creating a Task
To create a configurable task navigate to the star icon in the upper right-hand corner of the Tasks dashboard and select New Task.
Once you select New Task from the dropdown you will be met with a large pop-up with many options. We will break down each of the options sections and what they can be used for.
For this task, we will be focusing only on the Name, Scan Targets, and Scanner Type, and Scan Config. In later tasks, we will be focusing on the other options for more advanced configuration and implementation/automation.
- Name: Allows us to set the name the scan will be known as inside of OpenVAS
- Scan Targets: The targets to scan, can include Hosts, Ports, and Credentials. To create a new target you will need to follow another pop-up, this will be covered later in this task.
- Scanner: The scanner to use by default will use the OpenVAS architecture however you can set this to any scanner of your choosing in the settings menu.
- Scan Config: OpenVAS has seven different scan types you can select from and will be used based on how you aggressive or what information you want to collect from your scan.
Scoping a New Target
To scope a new target, navigate to the star icon next to Scan Targets.
Above is the menu for configuring a new target. The two main options you will need to configure are the Name and the Hosts. This procedure is fairly straight forward and other options will only be used in advanced vulnerability management solutions. These will be covered in later tasks.
Now that we have our target scoped we can continue to create our task and begin the scan.
Once you create the task you will be brought back to the scan dashboard where you can monitor and start your task. To start the task navigate to the start icon under Actions.
Read the above and complete your scan on DVWA to test scanning remote infrastructure
Practical Vulnerability Management
below questions are based on above presented report
When did the scan start in Case 001?
Feb 28, 00:04:46
When did the scan end in Case 001?
Feb 28, 00:21:02
How many ports are open in Case 001?
How many total vulnerabilities were found in Case 001?
What is the highest severity vulnerability found? (MSxx-xxx)
What is the first affected OS to this vulnerability?
Microsoft Windows 10 x32/x64 Edition
What is the recommended vulnerability detection method?
Send the crafted SMB transaction request with fid = 0 and check the response to confirm the vulnerability.
reference — https://tryhackme.com/room/openvas