Wednesday 27 May 2015

Vulnerability Scanning with OpenVAS in Kali Linux

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. This virtual machine is compatible with VMWare, VirtualBox, and other common virtualization platforms.

We have installed 'Metasploitable 2' Virtual Machine in KVM in CentOS7. For Instructions on how to install Metasploitable 2 Virtual Machine in KVM, refer to this post. 

In this tutorial, we will perform a vulnerability scan on the Metasploitable2 Virtual Machine using OpenVAS in Kali Linux.

In the next post, we will hack the Metasploitable 2 VM by exploiting the vulnerabilities found in this scan.



On the Kali Linux Virtual Machine, perform the following steps:

1) Initialize/Start OpenVAS. Run the openvas-setup command to setup OpenVAS, download the latest rules, create an admin user, and start up the various services. Depending on your bandwidth and computer resources, this could take a while. Ensure that the Kali Linux VM has Internet access.

root@kali:~# openvas-setup

After  openvas-setup completes its process, it starts the OpenVAS manager, scanner, and GSAD services.

If you have already configured OpenVAS, you can simply start all the necessary services by running openvas-start.

root@kali:~# openvas-start


2) Connect to the OpenVAS Web Interface. Point your browser to https://127.0.0.1:9392, accept the self signed SSL certificate and plugin the credentials for the admin user. The admin password was generated during the setup phase.


3) Create a 'target' host. In the main menu, select Configuration -> Targets. Click on the icon for New Target (). You will see this icon in various places. It always will lead to dialog to create a new object in the respective context. Enter the address of the computer in the field "Manual" as shown below:

Name: metasploitable2
Hosts: Manual 192.168.122.73 

Click on the button 'Create Target'.


4) Create a scan for the target created above. In the main menu, select Scan Management -> Tasks. Click on the icon for New Task (). Enter the following details.

Name: meta_scan1
Scan Config: Full and Fast 
Scan Target: metasploitable2

Click on the button 'Create Task'.


5) Start the scan. Click on the Icon (Start Task) and the scan begins.


6) View the reports. In the main menu, select Scan Management -> Reports. Click on the report in the list displayed, to view the details.



In the next tutorials, we will hack the Metasploitable 2 Virtual Machine by exploiting the vulnerabilities found in this scan.

10 comments:

  1. Muy buen blog, pasate por el mío http://adf.ly/1dmfoB

    Saludos!
    http://adf.ly/?id=14558207

    ReplyDelete
    Replies
    1. Hi All!

      I'm selling fresh & genuine SSN Leads, with good connectivity. All data properly checked & verified.
      Headers in Leads:

      First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank Name | DL Number | Routing Number | IP Address | Reference | Email | Rental/Owner |

      *You can ask for sample before any deal
      *Each lead will be cost $1
      *Premium Lead will be cost $5
      *If anyone wants in bulk I will negotiate
      *Sampling is just for serious buyers

      Hope for the long term deal
      For detailed information please contact me on:

      Whatsapp > +923172721122
      email > leads.sellers1212@gmail.com
      telegram > @leadsupplier
      ICQ > 752822040

      Delete
  2. Keep up the fantastic piece of work, I read few articles on this website and I believe that your website is real interesting and has got bands of wonderful information.

    earn money online without investment

    ReplyDelete
  3. Great blog... Thanks for providing information about Scan vulnerability.

    ReplyDelete
  4. Hi All!

    I'm selling fresh & genuine SSN Leads, with good connectivity. All data properly checked & verified.
    Headers in Leads:

    First Name | Last Name | SSN | Dob | Address | State | City | Zip | Phone Number | Account Number | Bank Name | DL Number | Routing Number | IP Address | Reference | Email | Rental/Owner |

    *You can ask for sample before any deal
    *Each lead will be cost $1
    *Premium Lead will be cost $5
    *If anyone wants in bulk I will negotiate
    *Sampling is just for serious buyers

    Hope for the long term deal
    For detailed information please contact me on:

    Whatsapp > +923172721122
    email > leads.sellers1212@gmail.com
    telegram > @leadsupplier
    ICQ > 752822040

    ReplyDelete
  5. FULLZ AVAILABLE

    Fresh & valid spammed USA SSN+Dob Leads with DL available in bulk.

    >>1$ each SSN+DOB
    >>3$ each with SSN+DOB+DL
    >>5$ each for premium fullz (700+ credit score with replacement guarantee)

    Prices are negotiable in bulk order
    Serious buyer contact me no time wasters please
    Bulk order will be preferable

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    OTHER STUFF YOU CAN GET

    SSN+DOB Fullz
    CC's with CVV's (vbv & non-vbv)
    USA Photo ID'S (Front & back)

    All type of tutorials available
    (Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)

    SMTP Linux Root
    DUMPS with pins track 1 and 2
    WU & Bank transfers
    Socks, rdp's, vpn
    Php mailer
    Sql injector
    Bitcoin cracker
    Server I.P's
    HQ Emails with passwords
    All types of tools & tutorials.. & much more

    Looking for long term business
    For trust full vendor, feel free to contact

    CONTACT
    Telegram > @leadsupplier
    ICQ > 752822040
    Email > leads.sellers1212@gmail.com

    ReplyDelete
  6. Articles published in well-known media outlets can significantly boost the reputation and credibility of the authors. What Dark Web Being featured in esteemed publications can open up new opportunities for writers, such as speaking engagements, book deals, and collaborations.

    ReplyDelete