Create an account in TryHackMe

Open this link :

https://tryhackme.com/room/openvas

You will get an idea of OpenVAS and can

practice scanning.

Introduction

OpenVAS is a vulnerability scanner that scans endpoints and web apps

to locate and find flaws. Corporations often use it as part of their
prevention strategies to easily find any holes in their manufacturing or
development servers or applications. This isn’t a solution, but it will aid
in the elimination of any basic vulnerabilities that might have fallen
through the cracks.

From the OpenVAS GitHub repository “This is the Open Vulnerability

Assessment Scanner (OpenVAS) of the Greenbone Vulnerability
Management (GVM) Solution. It is used for the Greenbone Security
Manager appliances and is a full-featured scan engine that executes a
continuously updated and extended feed of Network Vulnerability
Tests (NVTs)

GVM Framework Architecture

As previously mentioned OpenVAS is built off the GreenBone
Vulnerability Management (GVM) solution and is only one of the
appliances that is released from GreenBone.

OpenVAS is a service within a larger framework of services known as

Greenbone Vulnerability Management (GVM). In this task we will
break down the services that make up the framework and their roles.
Above is a brief visual breakdown of what the GVM framework looks
like. There are many components that are apart of the architecture for
the GVM framework, but we can break it down into three distinct
sections: Front-End, Back-End, and Vulnerability/Information feed.
These sections are further explained below.

Vulnerability/Information Feed (NVT, SCAP CERT, User Data,

Community Feed)

This section will contain all information and vulnerability tests that
come from the Greenbone Community Feed that will be the main
baseline for testing against systems. This can also include User Data
provided by the user in place of Greenbone NVTs and SCAP CERTs.

Back-End (OSP, OpenVAS, Targets)

The back-end infrastructure is what will be actually conducting all of

the vulnerability scanning and processing data and NVTS through
OpenVAS and GVM. Greenbone Vulnerability Manager will be the
middle man between the scanners and the front-end user interfaces.

Front-End (GSA, Web Interfaces)

This is what you interact with when you navigate to OpenVAS in your
browser. The web interfaces are built off of the Greenbone Security
Assistant and make life easier for an analyst or operator when working
with OpenVAS or other forms of scanners through the GVM.

For more information about the GVM framework architecture check

out this forum post https://community.greenbone.net/t/about-gvm-
10-architecture/1231.

Installing OpenVAS

Depending on how you choose to install OpenVAS, the process can

differ. You can use the Kali/OpenVAS repositories, build from source,
or run from a Docker container to load. For our purposes, running it
inside a docker container is the preferred option because we don’t have
to care about a lot of the configuration or bugs that we might encounter
with other installation methods.

Option 1: Install from Kali/OpenVAS repositories

Installing from libraries can either be very easy or it can be a very

painful method. The installation of OpenVAS varies in complexity and
can need several modifications to be run. Check out the guides below
for more information on this alternative.

installation documentation link1 , link2

Option 2: Install from Source

Installing from source is the least preferred option for beginners and
the least optimized way of installing OpenVAS due to prerequisites and
make errors. For more information about installing from source look at
the INSTALL.MD.

Option 3: Run from Docker (Preferred)

Docker is by far the easiest of all three installation methods and only
requires one command to be run to get the client started. For this
installation procedure, you will need docker installed

1. type apt-get update & upgrade

2.apt-get install docker.io

3.docker run -d -p 443:443 — name openvas mikesplain/openvas

then it will create a docker container and using this

link https://127.0.0.1 you will be able to login to the OpenVAS admin
panel
Username — admin Password — admin

Start Docker container

just in case you docker container in not working after restart your
machine which mean it service is shutdown there for we need to start
the docker container

first we need to type

docker ps -a → To list all containers, both running and stopped,
add –a :
to start the container docker start <container_ID>

Scanning Infrastructure

Now that we know that everything is working we can get into the nitty-
gritty of OpenVAS and how it works. Deploy the machine and navigate
to Scans > Tasks to begin creating a task to scan the provided machine.

Creating a Task

To create a configurable task navigate to the star icon in the upper

right-hand corner of the Tasks dashboard and select New Task.

Once you select New Task from the dropdown you will be met with a
large pop-up with many options. We will break down each of the
options sections and what they can be used for.
For this task, we will be focusing only on the Name, Scan Targets, and
Scanner Type, and Scan Config. In later tasks, we will be focusing on
the other options for more advanced configuration and
implementation/automation.

1. Name: Allows us to set the name the scan will be known as inside
of OpenVAS
 2.Scan Targets: The targets to scan, can include Hosts, Ports, and
Credentials. To create a new target you will need to follow
another pop-up, this will be covered later in this task.

3.Scanner: The scanner to use by default will use the OpenVAS

architecture however you can set this to any scanner of your
choosing in the settings menu.

4.Scan Config: OpenVAS has seven different scan types you can
select from and will be used based on how you aggressive or
what information you want to collect from your scan.

Scoping a New Target

To scope a new target, navigate to the star icon next to Scan Targets.
Above is the menu for configuring a new target. The two main options
you will need to configure are the Name and the Hosts. This procedure
is fairly straight forward and other options will only be used in
advanced vulnerability management solutions. These will be covered in
later tasks.
Now that we have our target scoped we can continue to create our task
and begin the scan.

Once you create the task you will be brought back to the scan
dashboard where you can monitor and start your task. To start the task
navigate to the start icon under Actions.

Read the above and complete your scan on DVWA to test scanning
remote infrastructure

Practical Vulnerability Management

below questions are based on above presented report

When did the scan start in Case 001?

Feb 28, 00:04:46

When did the scan end in Case 001?

Feb 28, 00:21:02

How many ports are open in Case 001?

How many total vulnerabilities were found in Case 001?

What is the highest severity vulnerability found? (MSxx-xxx)

MS17–010

What is the first affected OS to this vulnerability?

Microsoft Windows 10 x32/x64 Edition

What is the recommended vulnerability detection method?

Send the crafted SMB transaction request with fid = 0 and check the
response to confirm the vulnerability.