OpenVAS_Group4_Chandrak-Melbin 1

OPENVAS: VULNERABILITY

ASSESSMENT SCANNER By

Chandrak Trivedi_101015275Melbin Sunny_101013552

OpenVAS_Group4_Chandrak-Melbin 2

Learning Objective•Understand the importance of Vulnerability Assessment (VA).

•Explain how OpenVAS is used for VA.•Understand the logical architecture of OpenVAS framework.

•Conduct VA using OpenVAS.•Evaluate the purpose and value of OpenVAS report.•Determine how to mitigate vulnerabilities.

OpenVAS_Group4_Chandrak-Melbin 3

Vulnerability Assessment (VA)•What is Vulnerability Assessment (VA)?

•Why we need Vulnerability Assessment (VA)?

•RISK = ASSET * THREAT * VULNERABILITY

OpenVAS_Group4_Chandrak-Melbin 4

OpenVAS_Group4_Chandrak-Melbin 5

OpenVASBenefits

•Open Source and uses Nessus V2 as its plugin engine.

•Compatible with different Operating System.

•Keeps a history of past scans.

Limitations•False negatives may be reported.

•Determine/find less vulnerabilities as compared is Nexpose or Nessus.

•Requires 2-3 services to perform vulnerability assessment.

OpenVAS_Group4_Chandrak-Melbin 6

An overview of OpenVASThe Open Vulnerability Assessment Scanner known more commonly as OpenVAS, is a suite of tools that work together to run tests against client computers using a database of known exploits and weaknesses. The goal is to learn about how well your servers are guarded against known attack vectorsOpenVAS is be used as VULNERALABILITY ASSESSMENT tool and but also can be used as PENETRATION TESTING tool.

OpenVAS_Group4_Chandrak-Melbin 7

OpenVAS Architecture Clients

Services

Data

OpenVAS_Group4_Chandrak-Melbin 8

Clients Components •OpenVAS CLI: is a set of tools that allow administration of OpenVAS through the shell.

•Greenbone Security Assistant: is a web-based tool with an intuitive interface for various VA that you are making.

•Greenbone Desktop Security: is the tool that allows us to manage everything through the GUI interface on the desktop.

OpenVAS_Group4_Chandrak-Melbin 9

Services Components•OpenVAS Scanner: is the component that allows us the scan of hostname/ip, port range “from-to” or entire networks such as “192.168.1.0/28”.

•OpenVAS Manager: is the heart of OpenVAS, the manager receives task/information from the OpenVAS Administrator and the various administration tools CLI/WEB/GUI, then use the OpenVAS Scanner that will perform the Vulnerability Assessment. Also includes component that processes the results of the scans, so it also generates the final report.

•OpenVAS Administrator: is the component through which users can manage and the feed (i.e. the updates).

OpenVAS_Group4_Chandrak-Melbin 10

Data Components•NVT’s: it is the container of feed, i.e. test cases that detect the vulnerabilities, which are currently over 20,000.

•Results, config: is the database (PostgreSQL) where reports are collected and where the entire configuration of OpenVAS is stored.

OpenVAS_Group4_Chandrak-Melbin 11

OpenVAS Feeds

OpenVAS_Group4_Chandrak-Melbin 12

Conducting VA using OpenVAS

OpenVAS_Group4_Chandrak-Melbin 13

Step 1: Setting up Kali for Vulnerability Scanning

https://www.kali.org/penetration-testing/openvas-vulnerability-scanning/

OpenVAS_Group4_Chandrak-Melbin 14

Step 1: Starting the OpenVAS services

• Once openvas-setup completes its process, the OpenVAS manager, scanner, and GSAD services should be listening:

• If you have already configured OpenVAS, you can simply start all the necessary services by running openvas-start.

OpenVAS_Group4_Chandrak-Melbin 15

Step 1: Connecting to the OpenVAS Web Interface• Point your browser to https://127.0.0.1:9392, accept the self signed SSL certificate and plugin the credentials for the admin user. The admin password was generated during the setup phase.

OpenVAS_Group4_Chandrak-Melbin 16

OpenVAS_Group4_Chandrak-Melbin 17

Step 2: Tabs•Explanation of Administration Tab -

•Adding Users, Groups and Roles.

•Updating Network Vulnerability Tests (NVTs), Security Content Automation Protocol (SCAP) and Computer Emergency Response Team (CERT) Feeds.

OpenVAS_Group4_Chandrak-Melbin 18

Administration tab

OpenVAS_Group4_Chandrak-Melbin 19

Add New Users

OpenVAS_Group4_Chandrak-Melbin 20

New User details

OpenVAS_Group4_Chandrak-Melbin 21

NVT Feed

OpenVAS_Group4_Chandrak-Melbin 22

Step 2: Tabs•Explanation of Configuration tab -

•Targets, Port lists and Credentials

•Scan Config

•Alerts and Schedules

•Permissions

OpenVAS_Group4_Chandrak-Melbin 23

Configuration tab

OpenVAS_Group4_Chandrak-Melbin 24

Targets

OpenVAS_Group4_Chandrak-Melbin 25

Port List

OpenVAS_Group4_Chandrak-Melbin 26

Scan Configuration

OpenVAS_Group4_Chandrak-Melbin 27

Permissions

OpenVAS_Group4_Chandrak-Melbin 28

Step 2: Tabs•Explanation of SecInfo Management tab -

•SecInfo Dashboard

•Network Vulnerability tests (NVTs)

•Common Vulnerabilities and Exposures (CVEs)

OpenVAS_Group4_Chandrak-Melbin 29

SecInfo Management

OpenVAS_Group4_Chandrak-Melbin 30

SecInfo Dashboard

OpenVAS_Group4_Chandrak-Melbin 31

NVTs – Network Vulnerability test

OpenVAS_Group4_Chandrak-Melbin 32

CVEs – Common Vulnerabilities and Exposure

OpenVAS_Group4_Chandrak-Melbin 33

Step 2: Tabs•Explanation of Scan Management -

•Tasks

•Reports

•Results

OpenVAS_Group4_Chandrak-Melbin 34

Scan Management tab

OpenVAS_Group4_Chandrak-Melbin 35

New Tasks

OpenVAS_Group4_Chandrak-Melbin 36

Reports

OpenVAS_Group4_Chandrak-Melbin 37

Results

OpenVAS_Group4_Chandrak-Melbin 38

Step 3: Scanning•Explanation for Scanning a Target to find Vulnerabilities.

•Procedures•I: New Target (Creating Target)•II: New Task (Creating Task)•III: Scanning

OpenVAS_Group4_Chandrak-Melbin 39

I. New Target

OpenVAS_Group4_Chandrak-Melbin 40

Port List Options

OpenVAS_Group4_Chandrak-Melbin 41

Target Added

OpenVAS_Group4_Chandrak-Melbin 42

II. New Task

OpenVAS_Group4_Chandrak-Melbin 43

Scan Config Options

OpenVAS_Group4_Chandrak-Melbin 44

Task Created

OpenVAS_Group4_Chandrak-Melbin 45

III. Start Scanning

OpenVAS_Group4_Chandrak-Melbin 46

Total Task List

OpenVAS_Group4_Chandrak-Melbin 47

Scanned Target Summary Report

OpenVAS_Group4_Chandrak-Melbin 48

Results of Target

OpenVAS_Group4_Chandrak-Melbin 49

Step 4: Export report of VA conducted•Explanation on Exporting the scanned target vulnerabilities into file.

•Different extension are possible to export like .pdf, .xml etc.•PDF will be used to submit to your higher management.•XML can be used to import in Metasploit for doing pen testing.

•Also you can study by just clicking the vulnerability.

OpenVAS_Group4_Chandrak-Melbin 50

Studying Vulnerability

OpenVAS_Group4_Chandrak-Melbin 51

Exporting as file

OpenVAS_Group4_Chandrak-Melbin 52

PDF file

OpenVAS_Group4_Chandrak-Melbin 53

Exploitation on Vulnerable System•Using NVTs, CVEs and Metasploit

•Video on Denial of Service (DOS) on scanned results.

OpenVAS_Group4_Chandrak-Melbin 54

Windows XP – No Firewall and Updates

OpenVAS_Group4_Chandrak-Melbin 55

Windows XP - No Firewall and Updates

OpenVAS_Group4_Chandrak-Melbin 56

VA

OpenVAS_Group4_Chandrak-Melbin 57

Metasploit

OpenVAS_Group4_Chandrak-Melbin 58

Metasploit

OpenVAS_Group4_Chandrak-Melbin 59

OpenVAS_Group4_Chandrak-Melbin 60

Step 5: Mitigation• As per references provided by OpenVAS,

• Patching the updates and Firewall protected.

OpenVAS_Group4_Chandrak-Melbin 61

Windows XP – Firewall and Auto Updates

OpenVAS_Group4_Chandrak-Melbin 62

VA

OpenVAS_Group4_Chandrak-Melbin 63

Metasploit

OpenVAS_Group4_Chandrak-Melbin 64

Question ???