Vulnerability Scanning With OpenVAS and Metasploit Framework
In this article we will be demonstrating briefly how to use OpenVAS and the Metasploit framework to conduct vulnerability scanning on a a target. OpenVAS and Metasploit are powerful open-source softwares which are even more powerful when used together.
First, you will need some form of Kali Linux. I will be using a virtual machine and conducting scans on a virtual network.
Start postgresql to connect to the database, then start OpenVAS with these two commands:
service postgresql start
The information given after start-up will show you which port OpenVAS is running on, which should be 9392.
Next, run msfconsole to start the Metasploit framework, and then run
to begin using OpenVAS within Metasploit.
Here is a website I found helpful that covers how to navigate OpenVAS in Metasploit and some of the commands. Here is a screenshot from that website with some of the basics that we will be using:
openvas_connect admin Pa$$w0rd localhost 9390 ok
to connect with OpenVAS.
Create the target you will be scanning using this command:
openvas_target_create “pc2” 10.1.0.102 “PC2”