Finding vulnerabilities with OpenVAS

The Open Vulnerability Assessment Scanner (OpenVAS) is something that you would use to perform remote vulnerability scans. You can scan a

The big three security distros are Kali Linux, Parrot Linux, and Black Arch. They're aimed at security researchers and penetration testers, but they contain tools that would also be good for just a normal security administrator of either the Linux or Windows variety. OpenVAS is one such tool. All three of these security distros have their unique advantages and disadvantages, but since Kali is the most popular, we'll go with it for the demos.

You can download Kali Linux from https://www.kali.org/downloads/.

When you go to the Kali download page, you'll see lots of choices. If you're like me and don't like the default Gnome 3 desktop environment, you can choose something else. I'm personally an LXDE guy, so I'll go with it:

Kali is built from Debian Linux, so installing it is pretty much the same as installing Debian. The one exception is that the Kali installer lets you create a password for the root user, but it doesn't let you create a normal, non-root user account. That's because pretty much everything you do with Kali requires you to be logged in as the root user. I know that flies in the face of what I've been telling you about not logging in as root and about using sudo from a normal user account instead. However, most of the stuff you need to do with Kali doesn't work with sudo. Besides, Kali isn't meant to be used as a general-purpose distro, and you'll be okay logging in as root as long as you only use Kali as it was intended to be used.

OpenVAS is a rather memory-hungry program, so if you're installing Kali in a virtual machine, be sure to allocate at least 3 GB of memory.

The first thing you'll want to do after installing Kali is to update it, which is done in the same way that you'd update any Debian/Ubuntu-type of distro. Then, install OpenVAS as follows:

apt update
apt dist-upgrade
apt install openvas

After the OpenVAS installation completes, you'll need to run a script that will create the security certificates and download the vulnerability database:

openvas-setup

This will take a long time, so you might as well go grab a sandwich and a coffee while it's running. When it's finally done, you'll be presented with the password that you'll use to log in to OpenVAS. Write it down and keep it in a safe place:

You can control and update OpenVAS from the applications menu:

On that menu, click on openvas start. Then, open Firefox and navigate to https://localhost:9392. You'll get a security alert because OpenVAS uses a self-signed security certificate, but that's okay. Just click on the Advanced button, and then on Add Exception:

On the login page, enter admin as the user and then enter the password that was generated by the openvas-setup script.

Now, there's all kinds of fancy stuff that you can do with OpenVAS, but for now, we'll just look at how to do a basic vulnerability scan. To begin, select Tasks from the Scans menu on the OpenVAS dashboard:

This makes the following dialog box pop up, telling you to use the wizard (yes, indeed, we're off to see the wizard):

After you close the dialog box, you'll see the purple wizard icon show up in the upper left-hand corner. For now, we'll just select the Task Wizard option, which will choose all of the default scan settings for us:

The only thing you need to do here is enter the IP address of the machine that you want to scan, and then start the scan:

The scan will take some time, so you might as well go grab a drink:

The type of scan that you're doing is named Full and Fast, which isn't the most comprehensive type of scan. To select another type of scan and to configure other scan options, use the Advanced Task Wizard, as shown in the following screenshot:

Here, you can see the drop-down list of the different scan options:

When I did the first scan with the default Full and Fast option, I didn't discover many problems. I had one of medium severity and 18 of low severity, and that was it. I knew that there had to be more problems than that due to the age of the machine that I was scanning, so I tried again with the Full and fast ultimate option.

This time, I found more, including some high severity stuff:

The preceding report shows that my machine is using weak encryption algorithms for Secure Shell, which is classified as medium severity. It also has a print server vulnerability that's classified as a high-severity problem. 

You also want to pay attention to the items that aren't flagged as vulnerabilities. For example, the VNC security types item shows that port 5900 is open. This means that the Virtual Network Computing (VNC) daemon is running, which allows users to remotely log in to this machine's desktop. If this machine were an internet-facing machine, that would be a real problem because there's no real security with VNC like there is with Secure Shell:

By clicking on the print server item, I can see an explanation of this vulnerability:

Keep in mind that the target machine, in this case, is a desktop machine. If it were a server, there's a good chance that we'd see even more problems.

And that pretty much wraps things up for OpenVAS. As I mentioned previously, there's a lot of awesome stuff that you can do with it. However, what I've shown you here should be enough to get you started. Play around with it and try out the different scan options to see the difference in results.

If you want to find out more about Kali Linux, you'll find a great selection of books about it on the Packt Publishing website.

Okay; you now know how to do a vulnerability scan with OpenVAS. Now, let's look at a scanner that's specifically designed for web servers.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.129.23.30