How To Scan For Vulnerabilities With OpenVAS - Knowledge Base - ScanArch

How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch
1 sur 10
https://kb.scanarch.com/How-to-scan-for-vulnerabilities-with-OpenVAS/
main (/main/)
account (/account/)
Dashboard
ScanArch guides and tutorials
General guides
Networking
Scanning
How to use masscan to find heartbleed
vulnerabilities (/How-to-use-masscanto-find-heartbleed-vulnerabilities/)
How to scan for vulnerabilities with
OpenVAS (/How-to-scanfor-vulnerabilities-with-OpenVAS/)
Security guides
21/06/2015 20:34
2 sur 10
echo "deb http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/De

bian_7.0/ ./" >> /etc/apt/sources.list
wget http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v6/Debian_
7.0/Release.key
apt-key add ./Release.key
sudo apt-get update
apt-get -y install greenbone-security-assistant openvas-cli openvas-manager openvas-sc

anner openvas-administrator sqlite3 xsltproc rsync
apt-get -y install texlive-latex-base texlive-latex-extra texlive-latex-recommended ht

mldoc
apt-get -y install alien rpm nsis fakeroot
test -e /var/lib/openvas/CA/cacert.pem
|| openvas-mkcert -q
openvas-nvt-sync
test -e /var/lib/openvas/users/om || openvas-mkcert-client -n om -i
/etc/init.d/openvas-manager stop
/etc/init.d/openvas-scanner stop
openvassd
openvasmd --rebuild
openvas-scapdata-sync
openvas-certdata-sync
test -e /var/lib/openvas/users/admin || openvasad -c add_user -n admin -r Admin
21/06/2015 20:34
3 sur 10
killall openvassd
sleep 15
/etc/init.d/openvas-scanner start
/etc/init.d/openvas-manager start
/etc/init.d/openvas-administrator restart
/etc/init.d/greenbone-security-assistant restart
wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install openvas

openvas-setup
( nothing to do, all is up and running directly after installation )
yum upgrade
yum install openvas
openvas-setup
yum install openvas

openvas-setup
21/06/2015 20:34
4 sur 10
zypper ar -f http://download.opensuse.org/repositories/security:/OpenVAS:/UNSTABLE:/v
6/openSUSE_12.3/ openvas
zypper ref && zypper in -t pattern openvas
openvas-setup
sudo apt-get -y install python-software-properties

sudo add-apt-repository "deb http://download.opensuse.org/repositories/security:/OpenV
AS:/UNSTABLE:/v5/xUbuntu_12.04/ ./"
sudo apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys BED1E87979EAFD54
sudo apt-get update
sudo apt-get -y install greenbone-security-assistant gsd openvas-cli openvas-manager o

penvas-scanner openvas-administrator sqlite3 xsltproc
test -e /var/lib/openvas/CA/cacert.pem || sudo openvas-mkcert -q

sudo openvas-nvt-sync
test -e /var/lib/openvas/users/om || sudo openvas-mkcert-client -n om -i
sudo /etc/init.d/openvas-manager stop
sudo /etc/init.d/openvas-scanner stop
sudo openvassd
sudo openvasmd --migrate
sudo openvasmd --rebuild
sudo killall openvassd
sleep 15
sudo /etc/init.d/openvas-scanner start
sudo /etc/init.d/openvas-manager start
sudo /etc/init.d/openvas-administrator restart
sudo /etc/init.d/greenbone-security-assistant restart
test -e /var/lib/openvas/users/admin || sudo openvasad -c add_user -n admin -r Admin
chmod +x openvas-check-setup
21/06/2015 20:34
5 sur 10
./openvas-check-setup
./openvas-check-setup [ --v4 | --v5 | --v6 | ... ]
./openvas-check-setup --server
openvas-check-setup 2.0.1
Test completeness and readiness of OpenVAS-4
Please report us any non-detected problems and
help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pe
m.
OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 3.0.0.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clien
tcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled
.
OK: OpenVAS Manager database is at revision 42.
OK: OpenVAS Manager expects database at revision 42.
OK: Database schema is up to date.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.1.2.
OK: At least one user exists.
ERROR: No admin user found. You need to create at least one admin user to log
in.
FIX: Create a user using 'openvasad -c 'add_user' -n -r Admin'
ERROR: Your OpenVAS-4 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the probl
em.
21/06/2015 20:34
6 sur 10
openvas-check-setup 2.0.1
Test completeness and readiness of OpenVAS-4
Please report us any non-detected problems and
help us to improve this check routine:
Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem.
Use the parameter --server to skip checks for client tools
like GSD and OpenVAS-CLI.
Step 1: Checking OpenVAS Scanner ...
OK: OpenVAS Scanner is present in version 3.2.3.
OK: OpenVAS Scanner CA Certificate is present as /var/lib/openvas/CA/cacert.pe
m.
OK: NVT collection in /var/lib/openvas/plugins contains 20380 NVTs.
Step 2: Checking OpenVAS Manager ...
OK: OpenVAS Manager is present in version 3.0.0.
OK: OpenVAS Manager client certificate is present as /var/lib/openvas/CA/clien
tcert.pem.
OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db.
OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled
.
OK: OpenVAS Manager database is at revision 42.
OK: OpenVAS Manager expects database at revision 42.
OK: Database schema is up to date.
OK: xsltproc found.
Step 3: Checking OpenVAS Administrator ...
OK: OpenVAS Administrator is present in version 1.1.2.
OK: At least one user exists.
OK: At least one admin user exists.
Step 4: Checking Greenbone Security Assistant (GSA) ...
OK: Greenbone Security Assistant is present in version 3.0.0.
Step 5: Checking OpenVAS CLI ...
OK: OpenVAS CLI version 1.1.2.
Step 6: Checking Greenbone Security Desktop (GSD) ...
OK: Greenbone Security Desktop is present in Version 1.1.1.
Step 7: Checking if OpenVAS services are up and running ...
OK: netstat found, extended checks of the OpenVAS services enabled.
OK: OpenVAS Scanner is running and listening on all interfaces.
OK: OpenVAS Scanner is listening on port 9391, which is the default port.
OK: OpenVAS Manager is running and listening on all interfaces.
OK: OpenVAS Manager is listening on port 9390, which is the default port.
OK: OpenVAS Administrator is running and listening on all interfaces.
OK: OpenVAS Administrator is listening on port 9393, which is the default port
.
OK: Greenbone Security Assistant is running and listening on all interfaces.
OK: Greenbone Security Assistant is listening on port 9392, which is the defau
lt port.
It seems like your OpenVAS-4 installation is OK.
If you think it is not OK, please report your observation
and help us to improve this check routine:
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the probl
em.
omp -g
21/06/2015 20:34
7 sur 10
$ omp -u <user> -w <password> -g

085569ce-73ed-11df-83c3-002264764cea
daba56c8-73ec-11df-a475-002264764cea
698f691e-7489-11df-9d8c-002264764cea
708f25c4-7489-11df-8094-002264764cea
74db13d6-7489-11df-91b9-002264764cea
empty
Full and
Full and
Full and
Full and
fast
fast ultimate
very deep
very deep ultimate
omp --xml='
<create_target>
<name>Target Name</name>
<hosts>172.16.83.130</hosts>
</create_target>'
$ omp -u <user> -w <password> --xml='

<create_target>
<name>Target Name</name>
<hosts>172.16.83.130</hosts>
</create_target>'
<create_target_response id="8618ee57-27c2-4aaa-95f2-218f503a8398" status_text="OK,
resource created" status="201"></create_target_response>
omp --xml=' <create_task>

<name>Daily scan</name>
<comment>Deep scan on Server 3</comment>
<config id=74db13d6-7489-11df-91b9-002264764cea/>
<target id=8618ee57-27c2-4aaa-95f2-218f503a8398/>
</create_task>
$ omp -u <user> -w <password> --xml='

<create_task>
<name>Daily scan</name>
<comment>Deep scan on Server 3</comment>
<config id="74db13d6-7489-11df-91b9-002264764cea"/>
<target id="8618ee57-27c2-4aaa-95f2-218f503a8398"/>
</create_task>'
<create_task_response id="c9d0b718-7003-410e-b94b-f1557425c942" status_text="OK,
resource created" status="201"></create_task_response>
omp --xml='<start_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'
omp --xml='<stop_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'

omp --xml='<pause_task task_id="267a3405-e84a-47da-97b2-5fa0d2e8995e"/>'
omp -G
omp -iX '<get_tasks details="1"/>'
omp -iX '<get_tasks task_id="77ba3c2e-ff61-44b7-86ed-f10d213008ee" details="1"/>'
21/06/2015 20:34
8 sur 10
omp -iX '<get_report_formats/>'

omp -iX '<get_reports report_id="68d3bf25-591e-4be6-97af-1e66fd8924ab" format_id="c402cc3e-b531-11e1-9163-406186ea4fc5"/>'
https://127.0.0.1:9392
21/06/2015 20:34
9 sur 10
21/06/2015 20:34
10 sur 10
21/06/2015 20:34

How To Scan For Vulnerabilities With OpenVAS - Knowledge Base - ScanArch

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

How To Scan For Vulnerabilities With OpenVAS - Knowledge Base - ScanArch

Uploaded by

Copyright:

Available Formats

How to scan for vulnerabilities with OpenVAS | Knowledge base | ScanArch