how to scan for vulnerabilities with openvas _ knowledge base _ scanarch

main (/main/)account (/account/)

Dashboard

ScanArch guides and tutorials

General guides

Networking

Scanning

How to use masscan to find heartbleedvulnerabilities (/How-to-use-masscan-to-find-heartbleed-vulnerabilities/)How to scan for vulnerabilities withOpenVAS (/How-to-scan-for-vulnerabilities-with-OpenVAS/)

Security guides

How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/

1 sur 10 21/06/2015 20:34

echo "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/De

bian_7.0/ ./" >> /etc/apt/sources.list

wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_

7.0/Release.key

apt-key add ./Release.key

sudo apt-get update

apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-sc

anner openvas-administrator sqlite3 xsltproc rsync

apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended ht

mldoc

apt-get -y install alien rpm nsis fakeroot

test -e /var/lib/openvas/CA/cacert.pem || openvas-mkcert -q

openvas-nvt-sync

test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i

/etc/init.d/openvas-manager stop

/etc/init.d/openvas-scanner stop

openvassd

openvasmd --rebuild

openvas-scapdata-sync

openvas-certdata-sync

test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin


2 sur 10 21/06/2015 20:34

killall openvassd

sleep 15

/etc/init.d/openvas-scanner start

/etc/init.d/openvas-manager start

/etc/init.d/openvas-administrator restart

/etc/init.d/greenbone-security-assistant restart

wget -q -O - http://www.atomicorp.com/installers/atomic |sh

yum install openvas

openvas-setup

( nothing to do, all is up and running directly after installation )


yum upgrade

yum install openvas

openvas-setup



yum install openvas

openvas-setup



3 sur 10 21/06/2015 20:34

zypper ar -f http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v

6/openSUSE_12.3/ openvas

zypper ref && zypper in -t pattern openvas

openvas-setup

sudo apt-get -y install python-software-properties

sudo add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenV

AS:/UNSTABLE:/v5/xUbuntu_12.04/ ./"

sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54

sudo apt-get update

sudo apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager o

penvas-scanner openvas-administrator sqlite3 xsltproc

test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q

sudo openvas-nvt-sync

test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i

sudo /etc/init.d/openvas-manager stop

sudo /etc/init.d/openvas-scanner stop

sudo openvassd

sudo openvasmd --migrate

sudo openvasmd --rebuild

sudo killall openvassd

sleep 15

sudo /etc/init.d/openvas-scanner start

sudo /etc/init.d/openvas-manager start

sudo /etc/init.d/openvas-administrator restart

sudo /etc/init.d/greenbone-security-assistant restart

test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin

chmod +x openvas-check-setup


4 sur 10 21/06/2015 20:34

./openvas-check-setup

./openvas-check-setup [ --v4 | --v5 | --v6 | ... ]

./openvas-check-setup --server

openvas-check-setup 2.0.1

Test completeness and readiness of OpenVAS-4

Please report us any non-detected problems and

help us to improve this check routine:

http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss

Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

Use the parameter --server to skip checks for client tools

like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...

OK: OpenVAS Scanner is present in version 3.2.3.

OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pe

m.

OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.

Step 2: Checking OpenVAS Manager ...

OK: OpenVAS Manager is present in version 3.0.0.

OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clien

tcert.pem.

OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.

OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled

.

OK: OpenVAS Manager database is at revision 42.

OK: OpenVAS Manager expects database at revision 42.

OK: Database schema is up to date.

OK: xsltproc found.

Step 3: Checking OpenVAS Administrator ...

OK: OpenVAS Administrator is present in version 1.1.2.

OK: At least one user exists.

ERROR: No admin user found. You need to create at least one admin user to log

in.

FIX: Create a user using 'openvasad -c 'add_user' -n -r Admin'

ERROR: Your OpenVAS-4 installation is not yet complete!

Please follow the instructions marked with FIX above and run this

script again.

If you think this result is wrong, please report your observation

and help us to improve this check routine:


Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the probl

em.


5 sur 10 21/06/2015 20:34

omp -g

openvas-check-setup 2.0.1

Test completeness and readiness of OpenVAS-4

Please report us any non-detected problems and

help us to improve this check routine:


Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.

Use the parameter --server to skip checks for client tools

like GSD and OpenVAS-CLI.

Step 1: Checking OpenVAS Scanner ...

OK: OpenVAS Scanner is present in version 3.2.3.

OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pe

m.

OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.

Step 2: Checking OpenVAS Manager ...

OK: OpenVAS Manager is present in version 3.0.0.

OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clien

tcert.pem.

OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.

OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled

.

OK: OpenVAS Manager database is at revision 42.

OK: OpenVAS Manager expects database at revision 42.

OK: Database schema is up to date.

OK: xsltproc found.

Step 3: Checking OpenVAS Administrator ...

OK: OpenVAS Administrator is present in version 1.1.2.

OK: At least one user exists.

OK: At least one admin user exists.

Step 4: Checking Greenbone Security Assistant (GSA) ...

OK: Greenbone Security Assistant is present in version 3.0.0.

Step 5: Checking OpenVAS CLI ...

OK: OpenVAS CLI version 1.1.2.

Step 6: Checking Greenbone Security Desktop (GSD) ...

OK: Greenbone Security Desktop is present in Version 1.1.1.

Step 7: Checking if OpenVAS services are up and running ...

OK: netstat found, extended checks of the OpenVAS services enabled.

OK: OpenVAS Scanner is running and listening on all interfaces.

OK: OpenVAS Scanner is listening on port 9391, which is the default port.

OK: OpenVAS Manager is running and listening on all interfaces.

OK: OpenVAS Manager is listening on port 9390, which is the default port.

OK: OpenVAS Administrator is running and listening on all interfaces.

OK: OpenVAS Administrator is listening on port 9393, which is the default port

.

OK: Greenbone Security Assistant is running and listening on all interfaces.

OK: Greenbone Security Assistant is listening on port 9392, which is the defau

lt port.

It seems like your OpenVAS-4 installation is OK.

If you think it is not OK, please report your observation

and help us to improve this check routine:


Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the probl

em.


6 sur 10 21/06/2015 20:34

$ omp -u <user> -w <password> -g

085569ce-73ed-11df-83c3-002264764cea empty

daba56c8-73ec-11df-a475-002264764cea Full and fast

698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate

708f25c4-7489-11df-8094-002264764cea Full and very deep

74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate

omp --xml='

<create_target>

<name>Target Name</name>

<hosts>172.16.83.130</hosts>

</create_target>'

$ omp -u <user> -w <password> --xml='

<create_target>

<name>Target Name</name>

<hosts>172.16.83.130</hosts>

</create_target>'

<create_target_response id="8618ee57-27c2-4aaa-95f2-218f503a8398" status_text="OK,

resource created" status="201"></create_target_response>

omp --xml=' <create_task>

<name>Daily scan</name>

<comment>Deep scan on Server 3</comment>

<config id=”74db13d6-7489-11df-91b9-002264764cea”/>

<target id=”8618ee57-27c2-4aaa-95f2-218f503a8398”/>

</create_task>’

$ omp -u <user> -w <password> --xml='

<create_task>

<name>Daily scan</name>

<comment>Deep scan on Server 3</comment>

<config id="74db13d6-7489-11df-91b9-002264764cea"/>

<target id="8618ee57-27c2-4aaa-95f2-218f503a8398"/>

</create_task>'

<create_task_response id="c9d0b718-7003-410e-b94b-f1557425c942" status_text="OK,

resource created" status="201"></create_task_response>

omp --xml='<start_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'

omp --xml='<stop_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'

omp --xml='<pause_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'

omp -G

omp -iX '<get_tasks details="1"/>'

omp -iX '<get_tasks task_id="77ba3c2e-ff61-44b7-86ed-f10d213008ee" details="1"/>'


7 sur 10 21/06/2015 20:34

omp -iX '<get_report_formats/>'

omp -iX '<get_reports report_id="68d3bf25-591e-4be6-97af-1e66fd8924ab" format_id="c402cc3e-b531-11e1-9163-406186ea4fc5"/>'

https://127.0.0.1:9392


8 sur 10 21/06/2015 20:34


9 sur 10 21/06/2015 20:34


10 sur 10 21/06/2015 20:34

how to scan for vulnerabilities with openvas _ knowledge base _ scanarch

Documents