Wednesday, 27 May 2015

Vulnerability Scanning with OpenVAS in Kali Linux

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms.

We have installed 'Metasploitable 2' Virtual Machine in KVM in CentOS7. For Instructions on how to install Metasploitable 2 Virtual Machine in KVM, refer to this post. 

In this tutorial, we will perform a vulnerability scan on the Metasploitable2 Virtual Machine using OpenVAS in Kali Linux.

In the next post, we will hack the Metasploitable 2 VM by exploiting the vulnerabilities found in this scan.



On the Kali Linux Virtual Machine, perform the following steps:

1) Initialize/Start OpenVAS. Run the openvas-setup command to setup OpenVAS, download the latest rules, create an admin user, and start up the various services. Depending on your bandwidth and computer resources, this could take a while. Ensure that the Kali Linux VM has Internet access.

root@kali:~# openvas-setup

After  openvas-setup completes its process, it starts the OpenVAS manager, scanner, and GSAD services.

If you have already configured OpenVAS, you can simply start all the necessary services by running openvas-start.

root@kali:~# openvas-start


2) Connect to the OpenVAS Web Interface. Point your browser to https://127.0.0.1:9392, accept the self signed SSL certificate and plugin the credentials for the admin user. The admin password was generated during the setup phase.


3) Create a 'target' host. In the main menu, select Configuration -> Targets. Click on the icon for New Target (). You will see this icon in various places. It always will lead to dialog to create a new object in the respective context. Enter the address of the computer in the field "Manual" as shown below:

Name: metasploitable2
Hosts: Manual 192.168.122.73 

Click on the button 'Create Target'.


4) Create a scan for the target created above. In the main menu, select Scan Management -> Tasks. Click on the icon for New Task (). Enter the following details.

Name: meta_scan1
Scan Config: Full and Fast 
Scan Target: metasploitable2

Click on the button 'Create Task'.


5) Start the scan. Click on the Icon (Start Task) and the scan begins.


6) View the reports. In the main menu, select Scan Management -> Reports. Click on the report in the list displayed, to view the details.



In the next tutorials, we will hack the Metasploitable 2 Virtual Machine by exploiting the vulnerabilities found in this scan.

17 comments:

  1. Muy buen blog, pasate por el mío http://adf.ly/1dmfoB

    Saludos!
    http://adf.ly/?id=14558207

    ReplyDelete
    Replies
    1. Hi All!

      I'm selling fresh & genuine SSN Leads, with good connectivity. All data properly checked & verified.
      Headers in Leads:

      First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank Name | DL Number | Routing Number | IP Address | Reference | Email | Rental/Owner |

      *You can ask for sample before any deal
      *Each lead will be cost $1
      *Premium Lead will be cost $5
      *If anyone wants in bulk I will negotiate
      *Sampling is just for serious buyers

      Hope for the long term deal
      For detailed information please contact me on:

      Whatsapp > +923172721122
      email > leads.sellers1212@gmail.com
      telegram > @leadsupplier
      ICQ > 752822040

      Delete
  2. Keep up the fantastic piece of work, I read few articles on this website and I believe that your website is real interesting and has got bands of wonderful information.

    earn money online without investment

    ReplyDelete
  3. Great blog... Thanks for providing information about Scan vulnerability.

    ReplyDelete
  4. This website can live streaming , you can join at my site :
    agen judi online terpercaya
    Prediksi Bola

    Thank you
    agenpialaeropa.net
    gamesonline.ga
    beritasemasaterikini.com

    ReplyDelete
  5. Nikmati Promo BOnus Flash Deposit Sepesial Setiap Hari Jumat!!!
    Ayo Gabung sekarang dan langsung Claim Bonus Nya... Hanya setiap Hari Jumat ya...

    Syaratnya mudah kok, Untuk Info Lengkap Hubungi:
    WA : 0812-2222-995
    Line : cs_bolavita
    Link : www,855sm.live

    Ayo Segera Bergabung Bersama kami Dan Nikmati Bonus nya....

    ReplyDelete
  6. Hi All!

    I'm selling fresh & genuine SSN Leads, with good connectivity. All data properly checked & verified.
    Headers in Leads:

    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank Name | DL Number | Routing Number | IP Address | Reference | Email | Rental/Owner |

    *You can ask for sample before any deal
    *Each lead will be cost $1
    *Premium Lead will be cost $5
    *If anyone wants in bulk I will negotiate
    *Sampling is just for serious buyers

    Hope for the long term deal
    For detailed information please contact me on:

    Whatsapp > +923172721122
    email > leads.sellers1212@gmail.com
    telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  7. Alasan Kenapa Kamu Harus Bermain Judi Di Museumbola
    * Permainan Lengkap dari A sampai Z
    * Opsi Deposit Banyak Seperti Bank, E-Cash , PULSA
    * Semua Rekening Bank termasuk Bank Daerah Bisa Di Daftarkan
    * Bonus Banyak
    * Deposit 2 Menit
    * Withdraw 5 Menit Paling Lama
    * Cs Professional 24 Jam Online

    Daftar Museumbola
    Link Alternatif Museumbola
    Judi Bola Online
    Slot pulsa tanpa potongan
    Demo Slot Habanero

    ReplyDelete