Post on 08-Jan-2017
OpenVAS_Group4_Chandrak-Melbin 1
OPENVAS: VULNERABILITY
ASSESSMENT SCANNER By
Chandrak Trivedi_101015275Melbin Sunny_101013552
OpenVAS_Group4_Chandrak-Melbin 2
Learning Objective•Understand the importance of Vulnerability Assessment (VA).
•Explain how OpenVAS is used for VA.•Understand the logical architecture of OpenVAS framework.
•Conduct VA using OpenVAS.•Evaluate the purpose and value of OpenVAS report.•Determine how to mitigate vulnerabilities.
OpenVAS_Group4_Chandrak-Melbin 3
Vulnerability Assessment (VA)•What is Vulnerability Assessment (VA)?
•Why we need Vulnerability Assessment (VA)?
•RISK = ASSET * THREAT * VULNERABILITY
OpenVAS_Group4_Chandrak-Melbin 4
OpenVAS_Group4_Chandrak-Melbin 5
OpenVASBenefits
•Open Source and uses Nessus V2 as its plugin engine.
•Compatible with different Operating System.
•Keeps a history of past scans.
Limitations•False negatives may be reported.
•Determine/find less vulnerabilities as compared is Nexpose or Nessus.
•Requires 2-3 services to perform vulnerability assessment.
OpenVAS_Group4_Chandrak-Melbin 6
An overview of OpenVASThe Open Vulnerability Assessment Scanner known more commonly as OpenVAS, is a suite of tools that work together to run tests against client computers using a database of known exploits and weaknesses. The goal is to learn about how well your servers are guarded against known attack vectorsOpenVAS is be used as VULNERALABILITY ASSESSMENT tool and but also can be used as PENETRATION TESTING tool.
OpenVAS_Group4_Chandrak-Melbin 7
OpenVAS Architecture Clients
Services
Data
OpenVAS_Group4_Chandrak-Melbin 8
Clients Components •OpenVAS CLI: is a set of tools that allow administration of OpenVAS through the shell.
•Greenbone Security Assistant: is a web-based tool with an intuitive interface for various VA that you are making.
•Greenbone Desktop Security: is the tool that allows us to manage everything through the GUI interface on the desktop.
OpenVAS_Group4_Chandrak-Melbin 9
Services Components•OpenVAS Scanner: is the component that allows us the scan of hostname/ip, port range “from-to” or entire networks such as “192.168.1.0/28”.
•OpenVAS Manager: is the heart of OpenVAS, the manager receives task/information from the OpenVAS Administrator and the various administration tools CLI/WEB/GUI, then use the OpenVAS Scanner that will perform the Vulnerability Assessment. Also includes component that processes the results of the scans, so it also generates the final report.
•OpenVAS Administrator: is the component through which users can manage and the feed (i.e. the updates).
OpenVAS_Group4_Chandrak-Melbin 10
Data Components•NVT’s: it is the container of feed, i.e. test cases that detect the vulnerabilities, which are currently over 20,000.
•Results, config: is the database (PostgreSQL) where reports are collected and where the entire configuration of OpenVAS is stored.
OpenVAS_Group4_Chandrak-Melbin 11
OpenVAS Feeds
OpenVAS_Group4_Chandrak-Melbin 12
Conducting VA using OpenVAS
OpenVAS_Group4_Chandrak-Melbin 13
Step 1: Setting up Kali for Vulnerability Scanning
https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/
OpenVAS_Group4_Chandrak-Melbin 14
Step 1: Starting the OpenVAS services
• Once openvas-setup completes its process, the OpenVAS manager, scanner, and GSAD services should be listening:
• If you have already configured OpenVAS, you can simply start all the necessary services by running openvas-start.
OpenVAS_Group4_Chandrak-Melbin 15
Step 1: Connecting to the OpenVAS Web Interface• Point your browser to https://127.0.0.1:9392, accept the self signed SSL certificate and plugin the credentials for the admin user. The admin password was generated during the setup phase.
OpenVAS_Group4_Chandrak-Melbin 16
OpenVAS_Group4_Chandrak-Melbin 17
Step 2: Tabs•Explanation of Administration Tab -
•Adding Users, Groups and Roles.
•Updating Network Vulnerability Tests (NVTs), Security Content Automation Protocol (SCAP) and Computer Emergency Response Team (CERT) Feeds.
OpenVAS_Group4_Chandrak-Melbin 18
Administration tab
OpenVAS_Group4_Chandrak-Melbin 19
Add New Users
OpenVAS_Group4_Chandrak-Melbin 20
New User details
OpenVAS_Group4_Chandrak-Melbin 21
NVT Feed
OpenVAS_Group4_Chandrak-Melbin 22
Step 2: Tabs•Explanation of Configuration tab -
•Targets, Port lists and Credentials
•Scan Config
•Alerts and Schedules
•Permissions
OpenVAS_Group4_Chandrak-Melbin 23
Configuration tab
OpenVAS_Group4_Chandrak-Melbin 24
Targets
OpenVAS_Group4_Chandrak-Melbin 25
Port List
OpenVAS_Group4_Chandrak-Melbin 26
Scan Configuration
OpenVAS_Group4_Chandrak-Melbin 27
Permissions
OpenVAS_Group4_Chandrak-Melbin 28
Step 2: Tabs•Explanation of SecInfo Management tab -
•SecInfo Dashboard
•Network Vulnerability tests (NVTs)
•Common Vulnerabilities and Exposures (CVEs)
OpenVAS_Group4_Chandrak-Melbin 29
SecInfo Management
OpenVAS_Group4_Chandrak-Melbin 30
SecInfo Dashboard
OpenVAS_Group4_Chandrak-Melbin 31
NVTs – Network Vulnerability test
OpenVAS_Group4_Chandrak-Melbin 32
CVEs – Common Vulnerabilities and Exposure
OpenVAS_Group4_Chandrak-Melbin 33
Step 2: Tabs•Explanation of Scan Management -
•Tasks
•Reports
•Results
OpenVAS_Group4_Chandrak-Melbin 34
Scan Management tab
OpenVAS_Group4_Chandrak-Melbin 35
New Tasks
OpenVAS_Group4_Chandrak-Melbin 36
Reports
OpenVAS_Group4_Chandrak-Melbin 37
Results
OpenVAS_Group4_Chandrak-Melbin 38
Step 3: Scanning•Explanation for Scanning a Target to find Vulnerabilities.
•Procedures•I: New Target (Creating Target)•II: New Task (Creating Task)•III: Scanning
OpenVAS_Group4_Chandrak-Melbin 39
I. New Target
OpenVAS_Group4_Chandrak-Melbin 40
Port List Options
OpenVAS_Group4_Chandrak-Melbin 41
Target Added
OpenVAS_Group4_Chandrak-Melbin 42
II. New Task
OpenVAS_Group4_Chandrak-Melbin 43
Scan Config Options
OpenVAS_Group4_Chandrak-Melbin 44
Task Created
OpenVAS_Group4_Chandrak-Melbin 45
III. Start Scanning
OpenVAS_Group4_Chandrak-Melbin 46
Total Task List
OpenVAS_Group4_Chandrak-Melbin 47
Scanned Target Summary Report
OpenVAS_Group4_Chandrak-Melbin 48
Results of Target
OpenVAS_Group4_Chandrak-Melbin 49
Step 4: Export report of VA conducted•Explanation on Exporting the scanned target vulnerabilities into file.
•Different extension are possible to export like .pdf, .xml etc.•PDF will be used to submit to your higher management.•XML can be used to import in Metasploit for doing pen testing.
•Also you can study by just clicking the vulnerability.
OpenVAS_Group4_Chandrak-Melbin 50
Studying Vulnerability
OpenVAS_Group4_Chandrak-Melbin 51
Exporting as file
OpenVAS_Group4_Chandrak-Melbin 52
PDF file
OpenVAS_Group4_Chandrak-Melbin 53
Exploitation on Vulnerable System•Using NVTs, CVEs and Metasploit
•Video on Denial of Service (DOS) on scanned results.
OpenVAS_Group4_Chandrak-Melbin 54
Windows XP – No Firewall and Updates
OpenVAS_Group4_Chandrak-Melbin 55
Windows XP - No Firewall and Updates
OpenVAS_Group4_Chandrak-Melbin 56
VA
OpenVAS_Group4_Chandrak-Melbin 57
Metasploit
OpenVAS_Group4_Chandrak-Melbin 58
Metasploit
OpenVAS_Group4_Chandrak-Melbin 59
OpenVAS_Group4_Chandrak-Melbin 60
Step 5: Mitigation• As per references provided by OpenVAS,
• Patching the updates and Firewall protected.
OpenVAS_Group4_Chandrak-Melbin 61
Windows XP – Firewall and Auto Updates
OpenVAS_Group4_Chandrak-Melbin 62
VA
OpenVAS_Group4_Chandrak-Melbin 63
Metasploit
OpenVAS_Group4_Chandrak-Melbin 64
Question ???