Join Malcolm Shore for an in-depth discussion in this video Scanning targets with OpenVAS, part of Penetration Testing Essential Training.
- [Instructor] Identifying vulnerabilities is a key part of a pen tester's role. And one way to do this is with Open Vas. Open Vas does not come as part of the bundled Kali release so we need to add it. Now that Open Vas has completed its installation, we can run its set up script. Note that we only need to do this once. We'll just need to run the Open Vas start script in the future.
Okay this will take a while so I'll return once it's complete. We're now set up and we can start scanning. To access the Open Vas system, we need to connect to the web portal on port 9392 using Firefox. Before we do that we should take note of the admin password. I've logged in to the web portal using the user ID admin and the password that looked like a UUID. And I've created myself a new user with more manageable credentials.
We're at the dashboard and I can now run a scan. I'll use the task wizard, the purple wand at the top left to do a simple scan. I've got my metasploitable system running on 10.0.2.8. So let's do a scan on that. If we scroll down the screen we can see the scan is showing 1% progress. It takes a while to run so we'll come back to this when it's finished.
Okay that took a while but we're finished running all the tests now and I can select the link in the reports column to look at the scan results. This opens a new webpage showing the summary of 21 high severity issues, 42 medium severity, and four low. There's also 78 issues which have been logged. These are not problems as such but indicate ways in which an adversary could gain information about the system. I'll right click on the date in the first column to get the detailed report.
I've now got a listing of all the alerts raised. Providing a link to the specific alert and then a solution type where a solution exists. In the third column a severity rating is provided followed by its rated quality or reliability of detection. The host address is shown which links to a full analysis of the host, the port relevant to this issue, and a couple of action buttons which allow me to firstly add a note to the issue, and secondly, to override it as a false alarm.
I'll look at the details of the fourth entry which is called possible backdoor ingress lock. When I click this a page is shown describing the issue that's been detected. Open Vas has detected at a 99% level of confidence that a backdoor has been installed on the system which is accessible through port 1524. Should we want to look into exactly how this has been detected, there's a link to the network vulnerability test, NVT details. I'll go back to the report now.
The solution type when I hover over it shows that a workaround exists to correct the issue. Other options in this column include solutions, which may avoid the problem, and vendor fixes. I'll leave Open Vas there. This is sufficient for our refresh. Running an Open Vas scan provides a pretty good idea of the vulnerabilities that exist in our target systems and point to where we might want to investigate further to find exploitable weaknesses.
Cybersecurity expert Malcolm Shore reviews popular pen testing tools, as well as the Bash and Python scripting skills required to be able to acquire, modify, and re-use exploit code. He also provides a refresher on Kali Linux and introduces techniques for testing web services. At the end of this course, you'll be prepared to take more advanced training, and to pursue the popular Offensive Security Certified Professional (OSCP) certification.
- Pen testing overview
- Pen testing tools
- Bash scripting
- Python scripting
- Kali and Metasploit
- Web testing
- Finding exploit code