Run openvas as a Docker container

Category: Tags: ,

1. Operation purpose and application scenarios

OpenVAS (Open Vulnerability Assessment System) is an open source vulnerability scanner developed on the basis of nessus. Its core component is a set of vulnerability testing programs that can detect security issues in remote systems and applications.

Generally speaking, there are several ways to use openvas: one is to use a linux distribution installed with openvas, such as parrotsec, backbox, etc., the other is to use the virtual machine officially made by openvas, and the third is to manually install openvas in the linux system. It uses the docker version of openvas. One of the most convenient and efficient is docker, so today I will introduce you to use docker to run openvas for vulnerability scanning.

2. Platform and tool version

host system: linux mint

Software: docker, openvas

Computer hardware: laptop

3. Operation steps
(1) Install docker in linux mint system
apt install docker.io //install docker online

systemctl start docker //Start docker service

systemctl enable docker //Set up automatic startup

docker version //View the docker version

The version information can be displayed normally, indicating that the installation is successful.

(2) Download and run the docker image of openvas
1. Download the openvas image

docker search openvas //Search openvas image on docker hub

The first mirror is what we need.

docker pull mikesplain/openvas //Download the openvas image to the local

docker images | grep openvas //View the local docker image

2. Run the openvas image

docker run -d -p 443:443 –name openvas mikesplain/openvas

The run command loads the docker image into memory to form a container.

-d //Run the container in the background

-p //Map the 443 port of the host to the 443 port of the container

–name // Give the container a name

After the image is run for the first time, wait a few minutes before accessing it, because openvas needs to perform NVT scanning and database construction.

docker ps //View the running docker container, you can see that the openvas container is already running

(3) Use openvas for vulnerability scanning
1. Log in

Open the operating interface of openvas in the browser: https://127.0.0.1

User name/password: admin/admin

2. Create a scan task

Let’s create a simple scanning task to scan the Metasploitable 2 target machine for vulnerabilities.

(1) Create scan task

Scans—Tasks

Click the box with a five-pointed star on the left, and click the pop-up “New Tasks” item:

Name: Specify the scan name, such as scan metasploitable 2

Comment: Fill in the description text about the scan task (optional)

Scan Targets: Click the five-pointed star on the right, the New Target form will pop up, specify the target IP address, and click the Create button to submit after filling in:

Keep the other options as default:

Click the Create button below to create a scan task.

3. Start scanning

In the task list, click the Start button in the Actions on the right to start scanning.

Capture packets on the target machine, you can see the traffic generated by openvas scanning:

4. Download the scan report

Click Scans—Reports

Click the date in the lower left corner, for example, click the date corresponding to the task of “Scanning for Metasploitable2 Targets”:

On the Results page, click the small downward arrow to the left of the Report: Results text, and select the content of the report, such as Report: Summary and Download. At the bottom of the page, there are two formats of reports, one is a full report (Full report), and the other is a filtered report (filtered report), choose according to your needs. Click the drop-down list box under Download on the right to select the format of the report file, such as PDF. Click the small downward arrow on the right to download the document:

(4) Management container
1. View the processes running in the container

docker top openvas

2. Enter the command line in the container

docker exec -it openvas bash

3. Use data volume

Mount the data directory to /var/lib/openvas/mgr/:

mkdir data

docker run -d -p 443:443 -v $(pwd)/data:/var/lib/openvas/mgr/ –name openvas mikesplain/openvas

Note that the local directory must exist before starting the container.

4. Set the administrator password

By modifying the environment variable OV_PASSWORD, specify the admin password at runtime:

docker run -d -p 443:443 -e OV_PASSWORD=securepassword41 –name openvas mikesplain/openvas

5. Update NVT

openvas uses vulnerability signatures for scanning, so the signature database needs to be updated regularly.

docker exec -it openvas bash //Enter the container and execute the following command in the container

greenbone-nvt-sync

openvasmd –rebuild –progress

greenbone-certdata-sync

greenbone-scapdata-sync

openvasmd –update –verbose –progress

/etc/init.d/openvas-manager restart

/etc/init.d/openvas-scanner restart

6. Stop the container

docker stop openvas

7, delete the container

If the container is no longer needed, you can delete it. Deleting a container will not affect the image. Use the previous command to run the image to create a new container.

docker ps –all //View all containers, including running and stopped

docker rm openvas //Delete the container named openvas

(5) Manage mirroring
1. Export image

docker save -o openvas-image.tar mikesplain/openvas //Export to the current directory, named openvas-image.tar

2. Import the image

docker load <openvas-image.tar

3. Delete the mirror

docker rmi mikesplain/openvas

//When deleting an image, the container created by the image cannot exist

Four, summary
I have worked in a security company for many years, and I often use openvas to scan for vulnerabilities in risk assessment work. The scan results are satisfactory. I hope that today’s article can help you in your work.

Reviews

There are no reviews yet.

Be the first to review “Run openvas as a Docker container”

Your email address will not be published. Required fields are marked *