An idiot-proof guide to penetration testing using OpenVAS
The purpose of penetration/pen testing is to simulate attacks on any system to look for possible vulnerabilities that an attacker can take advantage of. It is actually a relatively straightforward process to set up once you know how to get up and going. That being said, I have fucked up quite a few times before I got it to run a test for the first time. I attribute this largely to the lack of meaningful and helpful documentation on the internet.
To get a penetration testing setup using OpenVAS, we need a few things setup. OpenVAS “is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution” or better understood as an easy and free way to check your network for weaknesses.
First things first, we need to get a VM setup and running. If you are reading this, you probably know what a VM is. If not, I really do not know what you are doing here. OpenVas recommends a GSM VM. Do not download this as it sucks. Get Kali. Kali is designed specifically for penetration testing and hacking(ethical or otherwise). Head on over to https://www.kali.org/downloads/ and get the ISO. Set it up using VirtualBox or VMWare or whatever you are into and boot up the ISO. Choose to do a graphical install and go through that process. Come back here when you have it up and running.
Open up the terminal. Some housekeeping needs to be done first. Assuming you are logged in as the root user, enter the following commands just in case.
apt-get update && apt-get upgrade -y
Now it is time to edit the sources.list file. You will need to do this to enable 3rd party downloads, which OpenVAS is(obviously). Run:
Uncomment the 3rd line by removing the ‘#’, save, and exit.
In your terminal run:
apt-get install OpenVas
Congrats on downloading OpenVAS, that was too easy. Run openvas-setup and grab a coffee.
This will take a while. Once done, run;
This step is very important as it checks for any major fixes you need to make. You can ignore the warnings and there should not be any errors but if there are, go ahead and fix them(this should be easy since it literally tells you exactly what to do). A common error is that your feed is not synced greenbone. You need to get access to all the exploits on greenbone’s database and this can be done by running nvt-feed-sync. Once you see a message saying that the installation is OK, you are good to go.
It should also create an admin username with a password at this point. Take note of the password. If you want to add your own user run:
openvasmd — create-user=whatever_name_you_want — role=Admin
Almost there, run:
Open up a browser and navigate to https://127.0.0.1:9392 and enter the login credentials you have created. Once there, click on Tasks → Scans. Press the star or wand or whatever glittery icon they have to configure and run a new scan. You can enter just the IP address or more information if you have it. Once it starts, the scan will automatically generate a report of all the problems it finds which you can filter through in order of severity. Once you have what you need, you can close the browser and run openvas-stop to kill the process.
The next time you want to use OpenVAS, just use the following commands
It may be a good idea to run openvas-check-setup if something breaks.
There you go. Simple.