Read Time:5 Minute, 47 Second

Introduction 

If you take a broad view of penetration testing, the first step is information gathering, and after that, every step is closely related to the next one. In fact, all the steps fall into one broad category: exploitation. Vulnerability analysis is one aspect of exploitation; you can also use the tools in the Web Application Analysis category of Kali Linux to test for vulnerabilities. There are many other related tools, and you have already learned about a few of them, so in this chapter, you will learn about the tools in the Vulnerability Analysis category and the Web Application Analysis category. You can hunt for the vulnerabilities in a system manually by writing your own Python scripts using built-in modules to do scanning. Or you can use an already available scanner. A scanner is especially valuable because it can help you to make an assessment quickly.

Overview of Vulnerability Analysis Tools

If you open the Kali Linux Applications list, you will find that there are four subcategories under Vulnerability Analysis: Cisco Tools, Fuzzing Tools, Stress Testing, and VOIP tools. However, one major tool is missing there: OpenVas. In the next section, you will install OpenVas and see how it works.

How to Use OpenVas

OpenVas is a complete vulnerabilities scanning and management solution. You don’t get OpenVas by default in Kali Linux, so you need to install it.

/* //code to install OpenVas
apt-get update && apt-get install -y openvas

It will take some time to install OpenVas.

//output on the terminal
• openvas-manager.service - Open Vulnerability Assessment
System Manager Daemon
Loaded: loaded (/lib/systemd/system/openvas-manager.service;
disabled; vendor preset: disabled)
Active: active (running) since Tue 2018-05-29 05:56:58 IST;
5s ago
Docs: man:openvasmd(8)

http://www.openvas.org/
Process: 8944 ExecStart=/usr/sbin/openvasmd --
listen=127.0.0.1 --port=9390 --database=/var/lib/openvas/mgr/
tasks.db (code=exited, status=0/SUCCESS)
Main PID: 8945 (openvasmd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/openvas-manager.service*/
/* ••8945 openvasmd
May 29 05:56:57 kali systemd[1]: Starting Open Vulnerability
Assessment System Manager Daemon...
May 29 05:56:57 kali systemd[1]: openvas-manager.service: PID
file /var/run/openvasmd.pid not readable (yet?) after start: No
such file or directory
May 29 05:56:58 kali systemd[1]: Started Open Vulnerability
Assessment System Manager Daemon.
Chapter 10 Vulnerability Analysis
261
[*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3...
2... 1...
[>] Checking for admin user
[*] Creating admin user
User created with password '32e2256a-eccf-4639-855f-
8bf6cb9c5f05'.*/

Now you can change the password of the default user named admin. Issue this command:

/* //code to change user and password in OpenVas
[email protected]:~# openvasmd --user=admin –new-password=admin */

Once OpenVas has been installed, it will show up in the Kali Linux Applications listing, as shown in Figure

Now the time has come to start OpenVas, so issue this command:

/* //code to start OpenVas through terminal
openvas-setup */
/* //It will give an output like this:
• openvas-manager.service - Open Vulnerability Assessment
System Manager Daemon
Loaded: loaded (/lib/systemd/system/openvas-manager.service;
disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:openvasmd(8)
http://www.openvas.org/
May 29 05:38:55 kali systemd[1]: Started Open Vulnerability
Assessment System Manager Daemon.
May 29 05:50:44 kali systemd[1]: Stopping Open Vulnerability
Assessment System Manager Daemon...
May 29 05:50:44 kali systemd[1]: openvas-manager.service:
Killing process 7399 (gpg-agent) with signal SIGKILL.
May 29 05:50:44 kali systemd[1]: Stopped Open Vulnerability
Assessment System Manager Daemon.
May 29 05:56:57 kali systemd[1]: Starting Open Vulnerability
Assessment System Manager Daemon...
May 29 05:56:57 kali systemd[1]: openvas-manager.service: PID
file /var/run/openvasmd.pid not readable (yet?) after start: No
such file or directory
May 29 05:56:58 kali systemd[1]: Started Open Vulnerability
Assessment System Manager Daemon.
May 29 06:19:26 kali systemd[1]: Stopping Open Vulnerability
Assessment System Manager Daemon...
May 29 06:19:26 kali systemd[1]: openvas-manager.service:
Killing process 9117 (openvasmd) with signal SIGKILL.

May 29 06:19:26 kali systemd[1]: Stopped Open Vulnerability
Assessment System Manager Daemon.
[>] Starting openvassd
[>] Migrating openvassd
[>] Rebuilding openvassd
*/

Once this code has been executed on the terminal, OpenVas will open in your Kali Firefox browser. It will ask for security certification; just accept the self-signed SSL certificate and enter the credentials for the admin user

 

Enter the password admin and log in to the Dashboard of OpenVas, where you can start scanning the vulnerabilities of any target

The Dashboard shows many categories in the top menu. Click the Scan link to open the Scan page. In the top-left section of the Scan page you will find three small colorful buttons. Click the middle one, which is violet. This will open a new window and ask for the target address

 

Don’t provide any live system’s IP address unless you have the proper

permission to do this. It is better to provide the host machine’s

IP address or your Kali Linux virtual machine’s IP

address here so you can get an immediate scan report

Otherwise, this takes a long time to process.

 

 

 

It usually takes two to three hours to scan a local IP address. In the case of a remote address, it might take even longer to finish the job

If you close the scanning process midway through, you can still go back and restart the scanning. There is another good option to watch how OpenVas is working in your terminal. Use this code

/* //code to know active internet connections
[email protected]:~# netstat -antp */

This will give you a detailed report of all the active and open
connections.

/* //output will be something like this depending on your
connections
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/
Program name
tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 9583/openvasmd
tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 9570/openvassd: Wai
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 9596/gsad */

You can start OpenVas at any time just by typing this: 

/* //code to start OpenVas again
[email protected]:~# openvas-start
Starting OpenVas Services
Starting Greenbone Security Assistant: gsad.
Starting OpenVAS Scanner: openvassd.
Starting OpenVAS Manager: openvasmd.*/

You do not need to point your browser to https://127.0.0.1:9392; it will automatically detect the system after a proper installation. It will open in your Kali Linux Firefox browser, and you can hunt for information that is vulnerable. You can use this tool mainly for gathering knowledge about system vulnerabilities that you can then later rectify.

Thanks For Reading This

About Post Author

Indian Cyber Troops

Indian Cyber Work For Nation's Wellness And Nation's Security We Share new and unique things with you Jai Hind Jai Shri Ram