1. Operation purpose and application scenarios
OpenVAS (Open Vulnerability Assessment System) is an open source vulnerability scanner developed on the basis of nessus. Its core component is a set of vulnerability testing programs that can detect security issues in remote systems and applications.
Generally speaking, there are several ways to use openvas: one is to use a linux distribution installed with openvas, such as parrotsec, backbox, etc., the other is to use the virtual machine officially made by openvas, and the third is to manually install openvas in the linux system. It uses the docker version of openvas. One of the most convenient and efficient is docker, so today I will introduce you to use docker to run openvas for vulnerability scanning.
2. Platform and tool version
host system: linux mint
Software: docker, openvas
Computer hardware: laptop
3. Operation steps
(1) Install docker in linux mint system
apt install docker.io //install docker online
systemctl start docker //Start docker service
systemctl enable docker //Set up automatic startup
docker version //View the docker version
The version information can be displayed normally, indicating that the installation is successful.
(2) Download and run the docker image of openvas
1. Download the openvas image
docker search openvas //Search openvas image on docker hub
The first mirror is what we need.
docker pull mikesplain/openvas //Download the openvas image to the local
docker images | grep openvas //View the local docker image
2. Run the openvas image
docker run -d -p 443:443 –name openvas mikesplain/openvas
The run command loads the docker image into memory to form a container.
-d //Run the container in the background
-p //Map the 443 port of the host to the 443 port of the container
–name // Give the container a name
After the image is run for the first time, wait a few minutes before accessing it, because openvas needs to perform NVT scanning and database construction.
docker ps //View the running docker container, you can see that the openvas container is already running
(3) Use openvas for vulnerability scanning
1. Log in
Open the operating interface of openvas in the browser: https://127.0.0.1
User name/password: admin/admin
2. Create a scan task
Let’s create a simple scanning task to scan the Metasploitable 2 target machine for vulnerabilities.
(1) Create scan task
Click the box with a five-pointed star on the left, and click the pop-up “New Tasks” item:
Name: Specify the scan name, such as scan metasploitable 2
Comment: Fill in the description text about the scan task (optional)
Scan Targets: Click the five-pointed star on the right, the New Target form will pop up, specify the target IP address, and click the Create button to submit after filling in:
Keep the other options as default:
Click the Create button below to create a scan task.
3. Start scanning
In the task list, click the Start button in the Actions on the right to start scanning.
Capture packets on the target machine, you can see the traffic generated by openvas scanning:
4. Download the scan report
Click the date in the lower left corner, for example, click the date corresponding to the task of “Scanning for Metasploitable2 Targets”:
On the Results page, click the small downward arrow to the left of the Report: Results text, and select the content of the report, such as Report: Summary and Download. At the bottom of the page, there are two formats of reports, one is a full report (Full report), and the other is a filtered report (filtered report), choose according to your needs. Click the drop-down list box under Download on the right to select the format of the report file, such as PDF. Click the small downward arrow on the right to download the document:
(4) Management container
1. View the processes running in the container
docker top openvas
2. Enter the command line in the container
docker exec -it openvas bash
3. Use data volume
Mount the data directory to /var/lib/openvas/mgr/:
docker run -d -p 443:443 -v $(pwd)/data:/var/lib/openvas/mgr/ –name openvas mikesplain/openvas
Note that the local directory must exist before starting the container.
4. Set the administrator password
By modifying the environment variable OV_PASSWORD, specify the admin password at runtime:
docker run -d -p 443:443 -e OV_PASSWORD=securepassword41 –name openvas mikesplain/openvas
5. Update NVT
openvas uses vulnerability signatures for scanning, so the signature database needs to be updated regularly.
docker exec -it openvas bash //Enter the container and execute the following command in the container
openvasmd –rebuild –progress
openvasmd –update –verbose –progress
6. Stop the container
docker stop openvas
7, delete the container
If the container is no longer needed, you can delete it. Deleting a container will not affect the image. Use the previous command to run the image to create a new container.
docker ps –all //View all containers, including running and stopped
docker rm openvas //Delete the container named openvas
(5) Manage mirroring
1. Export image
docker save -o openvas-image.tar mikesplain/openvas //Export to the current directory, named openvas-image.tar
2. Import the image
docker load <openvas-image.tar
3. Delete the mirror
docker rmi mikesplain/openvas
//When deleting an image, the container created by the image cannot exist
I have worked in a security company for many years, and I often use openvas to scan for vulnerabilities in risk assessment work. The scan results are satisfactory. I hope that today’s article can help you in your work.