I want to continually scan some systems and generate reports I can diff to see if any jokers have added services or change rules that expose network services I don't want exposed. So, I'm installing OpenVAS on a VM instance that I'm going to use to scan my infrastructure. I'm not going to use the GUI client because I want this to be scripted. The way OpenVAS works is, you have an OpenVAS server, which you connect to with clients and tell it what to do. So, you could install the software on a system in a data center or EC2 or whatever, then run the client from your desktop and have it do you're bidding.
In this case, my client - is the command line client which is going to run on the same system as the server.
To install on Ubuntu 10.10, simply do:
# Update your distro apt-get update && apt-get dist-upgrade # Install openvas server and client software + security plugins apt-get install openvas-server openvas-client \ openvas-plugins-base openvas-plugins-dfsg # Update the vuln. database openvas-nvt-sync
Add a user that you're going to use from the client, to login:
Here, you'll add a user/pass combination.
When prompted to add a 'rule' - I allow my user to do everything. The rules allow/disallow scanning of hosts. If you want you can let bob scan 192.168.0.0/24 or whatever. I want my user to scan all, so when prompted, simply enter
Now, fire up the server. Note that the first time you run, it loads all those checks into memory so it takes a LONG time for the server to actually start.
Now, you can start scanning. Create a file with IP's and/or hostnames that your client will feed to the server to scan. Something like this:
The server listens on port: 9390 by default so you'll want to tell your client to connect there. Once you have the file created, you can kick off your scan like this:
OpenVAS-Client -q 127.0.0.1 9390 admin scanme.txt -T html \ ~/Desktop/openvas-output-`date`.html
You'll be prompted to accept the SSL certificate, go ahead, it's automagically created by the pkg when it's installed. Then, open that file in a browser when it's done and start going through it. Be warned, scanning is very hostile so you should really only scan your own systems.. and those of your enemies.