不多說,直接上干貨!
本博文,是在Kali 2.0 linux里,安裝OpenVAS。
前言
OpenVAS是一款開放式的漏洞評估工具,主要用來檢測目標網絡或主機的安全性。與安全焦點的X-Scan工具類似,OpenVAS系統也采用了Nessus較早版本的一些開放插件。OpenVAS能夠基於C/S(客戶端/服務器),B/S(瀏覽器/服務器)架構進行工作,管理員通過瀏覽器或者專用客戶端程序來下達掃描任務,服務器端負載授權,執行掃描操作並提供掃描結果。
一套完整的OpenVAS系統包括服務器端,客戶端的多個組件。
1、服務器層組件
openvas-scanner(掃描器):負責調用各種漏洞檢測插件,完成實際的掃描操作。
openvas-manager(管理器):負責分配掃描任務,並根據掃描結果生產評估報告。
openvas-administrator(管理者):負責管理配置信息,用戶授權等相關工作。
2、客戶層組件
openvas-cli(命令行接口):負責提供從命令行訪問OpenVAS服務層程序。
greenbone-security-assistant(安裝助手):負責提供訪問OpenVAS服務層的web接口,便於通過瀏覽器來執行掃描任務,是使用最簡便的客戶層組件。
Greenbone-Desktop-Suite(桌面套件):負責提供訪問OpenVAS服務層的圖形程序界面,主要允許在Windows客戶機中。
除了上述各工作組件以外,還有一個核心環節,那就是漏洞測試插件更新。OpenVAS系統的插件來源有兩個途徑,一、官方提供的NVT免費插件,二、Greenbone Sec公司提供的商業插件。
注意啦:
最新版本 Kali Linux 2016.2 中不再自帶OpenVAS,需要自己安裝和配置
也許,大家會網上看到一些博客和文檔,別人的kali里有。(比如:http://blog.chinaunix.net/uid-26349264-id-4455664.html)
博主我用的是這款。
為什么要在Kali 2.0 linux里安裝OpenVAS?
在kali 2.0預裝的OpenVAS好像只能通過msfconsole使用(在msfconsole中load openvas),但是這樣無法創建賬號,要執行db_connect時就沒有賬號密碼去連接。如下
root@kali:~# msfconsole msf > load openvas [*] Welcome to OpenVAS integration by kost and averagesecurityguy. [*] [*] OpenVAS integration requires a database connection. Once the [*] database is ready, connect to the OpenVAS server using openvas_connect. [*] For additional commands use openvas_help. [*] [*] Successfully loaded plugin: OpenVAS msf >
msf > openvas_connect admin admin 202.193.58.13 9390 ok [*] Connecting to OpenVAS instance at 202.193.58.13:9390 with username admin... [-] Error while running command openvas_connect: uninitialized constant OpenVASOMP::OMPConnectionError Call stack: /usr/share/metasploit-framework/plugins/openvas.rb:196:in `rescue in cmd_openvas_connect' /usr/share/metasploit-framework/plugins/openvas.rb:190:in `cmd_openvas_connect' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:428:in `run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:390:in `block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:384:in `each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:384:in `run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:203:in `run' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' /usr/bin/msfconsole:48:in `<main>' msf >
基於此,所以,要在kali 2.0linux里安裝OpenVAS。
本博文主要介紹如何在kali Linux下對openvas 的初始安裝(開始正文)
安裝過程
Kali 2.0 linux里,先需要安裝OpenVAS。
系統要求
- 源配置正確 參考
Kali Linux 最新版本為 2016.2 ,包括 2016.1 都屬於 Kali Rolling Distribution ,源是相同的 建議默認使用官方源,會自動跳轉到國內快速的源
1、設置源
編輯 /etc/apt/sources.list
nano /etc/apt/sources.list
清空文件內所有內容后添加
deb http://http.kali.org/kali kali-rolling main contrib non-free
保存退出。
- 也可以使用中科大的源
deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
2、更新
依次運行以下命令
apt-get update apt-get upgrade apt-get dist-upgrade
完成
安裝
1、更新系統
apt-get update apt-get upgrade apt-get dist-upgrade
2、安裝OpenVAS
apt-get install openvas
安裝配置OpenVAS (這一步需要的時間非常久,需要下載很多文件,建議最好掛個國外代理進行這一步操作,不然你可以喝10幾杯咖啡了,嘿嘿)
openvas-setup
檢查安裝 (如有提示錯誤的請按提示修復)
openvas-check-setup
比如,我
如我安裝時運行 openvas-check-setup 后 step 2 有報錯 ...... OK: OpenVAS Manager database is at revision 146. OK: OpenVAS Manager expects database at revision 146. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 51943 NVTs. OK: At least one user exists. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. ERROR: No OpenVAS CERT database found. (Tried: /var/lib/openvas/cert-data/cert.db) FIX: Run a CERT synchronization script like openvas-certdata-sync or greenbone-certdata-sync. ERROR: Your OpenVAS-8 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. 根據提示運行 openvas-check-setup 后解決 root@kalitest:~# openvas-certdata-sync [i] This script synchronizes a CERT advisory directory with the OpenVAS one. [i] This script is for the SQLite3 backend. [i] CERT dir: /var/lib/openvas/cert-data [i] Will use rsync [i] Using rsync: /usr/bin/rsync [i] Configured CERT data rsync feed: rsync://feed.openvas.org:/cert-data OpenVAS community feed server - http://www.openvas.org/ This service is hosted by Greenbone Networks - http://www.greenbone.net/ All transactions are logged. If you have any questions, please use the OpenVAS mailing lists or the OpenVAS IRC chat. See http://www.openvas.org/ for details. By using this service you agree to our terms and conditions. Only one sync per time, otherwise the source ip will be blocked. receiving incremental file list ./ CB-K13.xml 1,430,197 100% 24.15kB/s 0:00:57 (xfr#1, to-chk=34/36) CB-K13.xml.asc 181 100% 176.76kB/s 0:00:00 (xfr#2, to-chk=33/36) CB-K14.xml 4,772,286 100% 22.20kB/s 0:03:29 (xfr#3, to-chk=32/36) CB-K14.xml.asc 181 100% 176.76kB/s 0:00:00 (xfr#4, to-chk=31/36) CB-K15.xml 6,117,922 100% 22.58kB/s 0:04:24 (xfr#5, to-chk=30/36) CB-K15.xml.asc 181 100% 176.76kB/s 0:00:00 (xfr#6, to-chk=29/36) ..... 修復后再次運行 openvas-check-setup 檢查安裝 ..... 看到 It seems like your OpenVAS-8 installation is OK. 安裝完成
還記得在運行 openvas-setup 這步最后一行顯示的 User created with password '47a7baeb-2f48-4fb9-9177-f6ba1fb058d8'. 嘛,這個密碼顯然不符合我們的使用習慣,改之
openvasmd --user admin --new-password xxxxxx
升級
openvas-feed-update
啟動OpenVAS
openvas-start
查看 GSAD services,OpenVAS manager, OpenVAS manager 端口情況
netstat -antp | grep 939* tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 20764/gsad tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 20769/openvasmd tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 20773/openvassd: Wa
一切OK后使用瀏覽器訪問 https://127.0.0.1:9392 應該可以看到。
登錄賬號 admin 和你前面設置的密碼
配置
設置OpenVAS服務器的地址
OpenVAS 在默認配置下,僅允許 127.0.0.1 地址本地連接
openvas-stop
編輯 /lib/systemd/system/greenbone-security-assistant.service
nano /lib/systemd/system/greenbone-security-assistant.service [Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service [Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390 [Install] WantedBy=multi-user.target
修改 --listen=127.0.0.1 為 --listen=0.0.0.0
[Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service [Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390 [Install] WantedBy=multi-user.target
啟動服務查看
systemctl daemon-reload openvas-start netstat -antp | grep 9392 tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN 23158/gsad
參考博客
https://www.yagami.info/kali-linux-2016-2-rolling-an-zhuang-openvas/