OpenVAS 再探(完)

恭喜~恭喜~ 新年好!!!

今天是農曆年後上班的第1天，不免俗的先跟大家說聲 "新年快樂"！

希望這個新的一年大家都有不錯的發展。

接下來，我們就接著之前 OpenVAS 的弱點掃描和分析做個說明：

Step 1: Last time we manually to crated a new target and new task. Today show the easy way to do the target scan. First, we open a browser and enter OpenVAS server IP (ex. 192.168.2.69:9392) then log in username as admin and password.

Step 2: Enter a target IP in red then click "Start Scan" in yellow as below.

Step 3: The task in "Requested" then under processing until finish.

Step 4: Check report after finish the scanning.

Scan Management | Reports

Step 5: Result shows 1 low and 2 medium issues then click "Date" in red as below for more details.

Step 6: After click shows more details. (ex. SSL weak on  Medium case and TCP timestamps in Low case)

Step 7: After click "Check for SSL Weak Ciphers" shows "Summary", "Solution" and "Vulnerability Insight" for more details. Then may reconfigure the setting to solve this issue.

Step 8: Click others for rest details show as below. Check "Solution" to follow the instruction to solve those issues.

介紹到這邊，相信大家對於 OpenVAS 都已經有了基本的認識和分析能力。如果以後有遇到 OpenVAS 的問題，也歡迎大家提出來討論。

~ See you ~

參考出處：

http://www.openvas.org/

OpenVAS 的好朋友 "Kali Linux"

卡哩 Linux (Kali Linux) 到底是什麼東東???

相信大家的心裡一定是一頭霧水，跟我一樣充滿了疑問？有聽過 RedHat、Fedora、Debian & Ubuntu 等等... 各式各樣的 Linux，就是沒有聽過 Kali Linux。

其實 "她" 可厲害了！她可以說是全世界駭客們的最愛，此話怎麼說？她是專門設計給 "滲透測試" 專用的系統。當這個系統安裝好後，預設就安裝好各式各樣的滲透掃描工具，這當中當然也包含了 這套 OpenVAS，所以說 Kali 是 OpenVAS 的好朋友，一點都不為過。

接下來的 "圖解" 就是要說明我們這篇所要討論的大致內容：

我們就從 Kali Linux 的安裝開始說起：
Step 1: Download from this official website https://www.kali.org/downloads/

Step 2: After download "kali-linux-1.1.0-amd64.iso" upload to VMware (ex. ESXi 5.5)
VMware vSphere Client | Configuration | Storage | Datastores

Step 3: Create a new Virtual Machine for Kali Linux.

Getting Started | Create a new virtual machine | Typical | Name for VM |  Storage | OS version | Network | Disk size | Select Edit | Select ISO for Connect CD/DVD

 Tips 3-1: Change the disk size to "20 GB".

Step 4: First start VM for install Kail Linux.

 Step 5: Select "Graphical install" then "Enter"

Step 6: "Select a language" for the installation.

Step 7: "Select your location" for your time zone. (ex. Taiwan)

Step 8: "Configure the keyboard" (ex. American English)

Step 9: "Configure the network" for setup a hostname for this system. (ex. kali)

Step 10: Assign a domain name. (ex. openvas.com)

Step 11: "Set up users and passwords" for root password.

Step 12: "Partition disks" for an entire disk.

Step 13: Double check for install disk will be erased.

Step 14: Select the first one for default "All files in the partition"

Step 15: Double check with overwrite the partition and keep for default.

Step 16: Select "Yes" to write the changes to disks.

Step 17: After "Continue" then installing the system.

Step 18: Select "No" for without use a network mirror.

Step 19: Select "Yes" for install the GRUB boot loader to the MBR (Master Boot Record).

Step 20: After "Installation is complete" then click "Continue" for restart and boot into the new system.

Step 21: After reboot as below then log in user name "root" and password set is during installation.

Step 22: Congratulations! As below shows completed installation and running well for Kali Linux.

恭喜你!!! 如上圖，到目前為止已經成功安裝好 Kali Linux ，而且也可以成功 root 登入。接下來我們將繼續說明，如何在 Kali Linux 執行 OpenVAS。讓我們繼續看下去：

Step 1: First start OpenVAS on Kali Linux should check update first.
Application | Kali Linux | Vulnerability Analysis | OpenVAS | openvas feed update

Step 2: Click "openvas initial setup" as below in red.
Application | Kali Linux | Vulnerability Analysis | OpenVAS | openvas initial setup

Step 3: Enable SSH service for remote mode.
# service ssh start

Step 4: Connect via Putty with Kali Linux.

Step 5: Login by user "root" and password.

Step 6: Start OpenVAS via command line.
# openvas-setup

Step 7: Check OpenVAS service up.
# netstat -an |grep '939'

Tips 7-1: OpenVAS use port 9390,9391 & 9392 that why we use command "netstat" to check port service.

Step 8: OpenVAS listen IP only for loaclhost (127.0.0.1), open to others IP then restart OpenVAS service.
# gsad --listen=192.168.2.68 ## Kail Linux eth0 IP
# openvas-stop
# openvas-start

Tips 8-1: Above shows 3 ports of service is all up in blue.

Step 9: Open a browser for login OpenVAS (ex. https://192.168.2.68:9392)

Tips 9-1: Change OpenVAS "admin" login password.
# openvasmd --user=admin --new-password=<New Password>

Step 10: Login by username "admin" and new password.

Tips 10-1: Change GUI Language via Extras | My Settings |User Interface Language

Congratulation!!!
OpenVAS is working on Kali Linux now.

恭喜你!!! 說明到這裡，已經讓 OpenVAS 能正常的在 Kali Linux 上面執行。
或許在安裝過程和啟動服務中，並沒有想像的順利，不過只要稍微注意一下，這些 "提示(Tips)" 的說明，應該都可以迎刃而解。

之所以會運用 Kali Linux 執行 OpenVAS，是因為 OpenVAS 的安裝雖然很容易，但是有些套件並是原生就有， 都需要額外的 tuning ，所以直接使用 Kali 的 OpenVAS 也會相對容易些。

Ok~關於 Kali Linux 的介紹，我們就先說到這裡。等以後有機會，需要用到上面其他不同的測試工具時，我們再來繼續做討論。

先祝福大家 "新年快樂"~ 我們明年見！

~ See you ~

參考出處：
https://www.kali.org/
http://www.openvas.org/