In our previous article, we covered the basics of OpenVAS and its installation on Kali Linux.
Mastering OpenVAS: The Definitive Guide to Vulnerability Assessment
This comprehensive guide delves into mastering OpenVAS, an open-source vulnerability assessment tool. Understanding and effectively utilizing OpenVAS is crucial for identifying and managing security vulnerabilities in systems and networks.
In this article, I'll walk you through the process of scanning a vulnerable web application.
Now, let's delve into how OpenVAS can help scan vulnerable web applications. For this demonstration, I'll be using Metasploitable2.
The IP address of my Metasploitable2 server is 192.168.56.104.
I won't delve into the step-by-step process of discovering the IP address here. To initiate a vulnerability scan, navigate to OpenVAS.
On the OpenVAS dashboard, locate and click on the "Scan" tab. From the context menu, select "Task."
Here, I encounter a welcome message, simply disregard it.
Here, there are two ways to initiate a scan.
The purple-colored wizard icon guides you through the process in a step-by-step manner, asking for details at each stage.
Alternatively, we'll opt for the non-wizard method.
Click on "New task" to create a new scan task.
Clicking on "New Task," A form will appear.
Here, you need to provide a name for the task. Since we're scanning Metasploitable2 in this example, let's name the task "Metasploitable2."
You can leave the comment section blank, as it's optional. Now, let's add the target in the "Scan Target" section. Look for the star icon, which is used to add target details.
Click on it. It will open a new form, where we can add a new target.
In the "Name" section, give it a name. In the "Host" section, input the IP address you wish to scan. No other changes are needed. Click "Create" to proceed.
It will automatically return to the previous form. If you wish to schedule scanning, you can configure it here.
Additionally, there's another important aspect in the scanning section of the form. You can choose between OpenVAS default and CVE. In this instance, I've selected OpenVAS default.
Next, you'll need to configure the scan settings. This will help determine the type of scan you want to perform. For this demonstration, I've opted for "Full and Fast."
No further adjustments are necessary. Click on "Create" to finalize the task creation.
Once the task is created, you'll need to take action to start it.
On the left side of the task, you'll find various options such as start, stop, move to trashcan, edit task, clone, and export task. Choose the appropriate action to proceed.
Click on "Start", to initiate the task.
It may take some time to scan the entire host.
An important feature to note is OpenVAS's auto-refresh function, which updates the progress automatically. Let's set it to refresh every 30 seconds.
After Scan Completed:
Select the Metasploitable2 task, to view details such as, what scan was attempted, how much time it took, what is the result, and many more.
Navigate back to the "Task" tab and select "Results."
Here, you'll find a diagram chart and color-coded pie chart representing different severity levels.
Click on any colored area to view the discovered vulnerabilities and their severity level.
At the bottom of the results page, you'll see the vulnerabilities listed along with the affected machines.
Since only one machine was scanned in this instance, only its results are displayed. Keep in mind, that results will expand as more tasks are run.
Selecting any of these results will give you in-depth information about the vulnerability.
Additionally, you can consult the CVE details in the reference section for further insights.
By clicking on any of these CVEs, you'll be redirected to detailed information about the specific vulnerability.
For further insights, you can also utilize search engines or AI tools. You can sort the severity levels by clicking here.
On the scan tab, click on “reports” to get the detailed report based on the date when you scan. Click on it.
Upon clicking on a report will display a chart diagram depicting the severity of the vulnerabilities. Beneath the diagram, you'll find a list of vulnerabilities that occurred, when you start scanning on the same date.
Click on it, and it will show you a list of a list of vulnerabilities that occurred when you start scanning on the same date.
Clicking any of these vulnerabilities will display detailed information about it.
Similar to what I've previously shown you on the results page, you also have the option to download the reported data in various formats.
Select your preferred format and click on the download icon to save the report.
The Anonymous XML format is recommended as it is compatible with popular web scanners and can also be used with msfconsole.
This data can be utilized in different applications for thorough analysis.
In both articles, we covered a lot of ground. We utilized the Docker program to swiftly and seamlessly install OpenVAS, a program that can be challenging to set up. Toward the end, I demonstrated the most efficient way to use OpenVAS. With practice, you'll become more accustomed to it.
If you have any doubts or questions related to this article, feel free to leave them in the comments section.