OpanVas brief introduction

OpenVas Is an open source vulnerability scanning tool , yes Nessus Project branch , Detect the security of the target network or host . Now based on B/S( browser / The server ) The architecture works , Perform the scan and provide the scan results .
Official website ：http://www.openvas.org/

Installation environment

• Windows The host machine ：Windows 10 Enterprise Edition
• VMware：VMware Workstation Pro 12
• Kali：kali-linux-2020.02

install OpenVas

because OpenVas be based on python, There are many dependent packages Kali It matters , It is recommended before installation Kali Upgrade to the latest version

 upgrade Kali command 
apt update && apt upgrade && apt dist-upgrade

Kali After upgrading, directly enter the following command to install OpenVas

apt-get  install openvas

Then enter download openvas Some of the dependent packages of

openvas-setup

Installation time is quite long , You need to be patient
After installation, you can enter a command to check whether the installation is complete

openvas-check-setup

Other OpenVas Related commands

 view help ：
openvasmd -h
 upgrade OpenVas：
openvas-feed-update

OpenVas start-up

OpenVas It is recommended to modify before starting OpenVas Default password

openvasmd --user=admin --new-password=123456

start-up OpenVas

openvas-start

After startup, we are prompted to Kali Enter https://127.0.0.1:9392 open OpenVas

Because the link is https, We can click... At the bottom AddException

Enter the user name and the password we just changed to log in OpenVas Console

OpenVas Use

Log in and go to OpenVas On the front page Dashboard The instrument cluster displays the page , This page will show some information obtained from the previous scan , Include previously created tasks , And the statistics of the scanned vulnerabilities .

Scan test site

according to 《 Network security law 》 The provisions of the , You cannot launch an attack on a website without authorization , Vulnerability scanning is actually an attack , So we can only do vulnerability scanning on some test websites , The following test website can be used for vulnerability scanning test .

http://testhtml5.vulnweb.com
http://testphp.vulnweb.com
http://testasp.vulnweb.com

http://testfire.net

Or build your own test environment , Environment tutorial portal ：OWASP Broken Web Apps Penetration testing environment setup and installation tutorial

New scan task

Method 1：
Click on Scans Under the targets After that, go to the following page , Then click the purple button in the upper left corner

After clicking the purple button There are two new task modes, namely Task Winzard Fast mode and Advanced Task Winzard Advanced mode

Task Winzard Fast mode We just need to add ip Address or domain name can be used to create a new scanning task

Advanced Task Winzard Advanced mode We can fill in the desired information as required

Method 2：
Click on configuration Under the targets You can create a scan task later

Task scanning will be enabled by default after a new task is created , We can click the button next to the task to pause or start the task , You can also further modify the new task .

View the tasks completed by the scan

Click the task that has been scanned to enter the task details

Click in the details result You can further view the task details after scanning . Including the type of vulnerability Details of each vulnerability

Export scan report

First click on Scans Under the Reports Button

The page will show the approximate result of the scan

Click on a scan task , In the upper left corner, you can select the format of scanning report submission

Click the download button on the side to download the scan report

Some scanning results are as follows