上QQ阅读APP看书，第一时间看更新

OpenVAS

OpenVAS is an open source vulnerability scanner that comes in both free and paid versions. The aim of OpenVAS is to be an all-in-one vulnerability scanner that leverages a variety of built-in tests. OpenVAS contains more than 50,000 network vulnerability tests (NVTS) as of January 2019, and it is constantly growing. OpenVAS is not installed by default on Kali Linux, so you will need to install it. To install OpenVAS, you need to follow these steps:

From a Kali Linux Terminal window, download OpenVAS using the apt-get install openvas command. This will connect to the OpenVAS repository and download the required files.

Once the download completes, it's time to install OpenVAS using the openvas-setup command. This will begin the installation process of OpenVAS and download the NVT feeds. Once the installation has completed, there will be a system-generated password presented at the end. Take note of this as you will need it to log in to OpenVAS and change the password to something you desire as shown in Figure 14:

Figure 14: OpenVAS installation completed with login details presented on screen

If you forgotten your OpenVAS username and password, you can change them using the following command:
openvasmd –user=[username]–new-password=[password]
So, for example, you might use openvasmd –user=admin –new-password=Sup3rS3cretPa55w0rd.

Once the installation has completed and you have logged into the user interface of OpenVAS, you can perform a vulnerability scan by clicking on the Scans tab on the top navigation bar. To perform a new scan, you can use the task wizard or create a new task button. These buttons are depicted by the wand (task wizard) and star (create new task). Let's create a task so that we can perform a vulnerability scan on Metasploit 2. Using the create new task function, we can define the name of the task and define the target, as shown in Figure 15:

Figure 15: New OpenVAS task creation

Once the task has been created, you can run it using the green play icon in the Actions section of the task.
Once the task has completed, you will be presented with a dashboard showing you a high-level view of the results. Click on the Reports section, as shown in Figure 16:

Figure 16: High-level overview

Once you are in the Reports overview, to view the full report of the scan, you will need to click on the scan Date, as shown in Figure 17:

Figure 17: Report overview

Now, you will have a full list of all the vulnerabilities that were discovered by OpenVAS, as shown in Figure 18:

Figure 18: A report of found vulnerabilities

Once you have the report, you are able to expand the vulnerability to see the full details of it. OpenVAS provides you with the solution type (such as a vendor fix or workaround) and quality of detection (QoD).

I encourage you to perform a vulnerability scan of your own network or host using OpenVAS so that you can become more familiar with this vulnerability scanner.