安裝并啟動(dòng)openvas
apt-get install openvas
# 設(shè)置openvas,下載最新的規(guī)則,需要很長時(shí)間
openvas-setup
# 創(chuàng)建賬號(hào)
root@kali:~# openvasmd --create-user=adminroot --role=Admin
User created with password 'f99fe72f-26cb-40e6-9b58-4f83fa0f41ae'.
# 啟動(dòng)openvas服務(wù)
openvas-start
msf加載并使用openvas
# 加載openvas
msf > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*]
[*] OpenVAS integration requires a database connection. Once the
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*]
[*] Successfully loaded plugin: OpenVAS
# 查看幫助
msf > openvas_help
[*] openvas_help Display this help
[*] openvas_debug Enable/Disable debugging
[*] openvas_version Display the version of the OpenVAS server
[*]
[*] CONNECTION
[*] ==========
[*] openvas_connect Connects to OpenVAS
[*] openvas_disconnect Disconnects from OpenVAS
[*]
[*] TARGETS
[*] =======
[*] openvas_target_create Create target
[*] openvas_target_delete Deletes target specified by ID
[*] openvas_target_list Lists targets
[*]
[*] TASKS
[*] =====
[*] openvas_task_create Create task
[*] openvas_task_delete Delete a task and all associated reports
[*] openvas_task_list Lists tasks
[*] openvas_task_start Starts task specified by ID
[*] openvas_task_stop Stops task specified by ID
[*] openvas_task_pause Pauses task specified by ID
[*] openvas_task_resume Resumes task specified by ID
[*] openvas_task_resume_or_start Resumes or starts task specified by ID
[*]
[*] CONFIGS
[*] =======
[*] openvas_config_list Lists scan configurations
[*]
[*] FORMATS
[*] =======
[*] openvas_format_list Lists available report formats
[*]
[*] REPORTS
[*] =======
[*] openvas_report_list Lists available reports
[*] openvas_report_delete Delete a report specified by ID
[*] openvas_report_import Imports an OpenVAS report specified by ID
[*] openvas_report_download Downloads an OpenVAS report specified by ID
# 連接openvas
msf > openvas_connect adminroot f99fe72f-26cb-40e6-9b58-4f83fa0f41ae 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username adminroot...
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful
# 創(chuàng)建一個(gè)目標(biāo)
openvas_target_create "給目標(biāo)取一個(gè)名字" 目標(biāo)IP 目標(biāo)的簡(jiǎn)單描述
msf > openvas_target_create "winXP" 192.168.10.122 "windows targe"
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] 4ee16ae0-0350-4597-98e2-de46ccc7ca0b
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of targets
ID Name Hosts Max Hosts In Use Comment
-- ---- ----- --------- ------ -------
4ee16ae0-0350-4597-98e2-de46ccc7ca0b winXP 192.168.10.122 1 0 windows targe
# 查看掃描配置項(xiàng)
msf > openvas_config_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configs
ID Name
-- ----
085569ce-73ed-11df-83c3-002264764cea empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery
698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea Full and very deep
74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery
bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery
daba56c8-73ec-11df-a475-002264764cea Full and fast
# 創(chuàng)建一個(gè)任務(wù)
openvas_task_create "任務(wù)名稱" "描述" 配置項(xiàng)ID 目標(biāo)ID
msf > openvas_task_create "task_of_winXP" "xp_comment" daba56c8-73ec-11df-a475-002264764cea 4ee16ae0-0350-4597-98e2-de46ccc7ca0b
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] 5fd5fc77-e7f2-4031-8061-559b4eb772cc
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks
ID Name Comment Status Progress
-- ---- ------- ------ --------
5fd5fc77-e7f2-4031-8061-559b4eb772cc task_of_winXP xp_comment New -1
# 開始任務(wù)
openvas_task_start 任務(wù)ID
msf > openvas_task_start 5fd5fc77-e7f2-4031-8061-559b4eb772cc
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='202' status_text='OK, request submitted'><report_id>3e7be1de-bcc3-47f9-8753-30901914d68f</report_id></start_task_response></X>
# 查看任務(wù)
msf > openvas_task_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks
ID Name Comment Status Progress
-- ---- ------- ------ --------
9f53f3c2-7f4b-46fb-9fe6-c5273f7183d4 task_xp dis Running 1
# 查看openvas報(bào)告類型
msf > openvas_format_list
[+] OpenVAS list of report formats
ID Name Extension Summary
-- ---- --------- -------
5057e5cc-b825-11e4-9d0e-28d24461215b Anonymous XML xml Anonymous version of the raw XML report
50c9950a-f326-11e4-800c-28d24461215b Verinice ITG vna Greenbone Verinice ITG Report, v1.0.1.
5ceff8ba-1f62-11e1-ab9f-406186ea4fc5 CPE csv Common Product Enumeration CSV table.
6c248850-1f62-11e1-b082-406186ea4fc5 HTML html Single page HTML report.
77bd6c4a-1f62-11e1-abf0-406186ea4fc5 ITG csv German "IT-Grundschutz-Kataloge" report.
9087b18c-626c-11e3-8892-406186ea4fc5 CSV Hosts csv CSV host summary.
910200ca-dc05-11e1-954f-406186ea4fc5 ARF xml Asset Reporting Format v1.0.0.
9ca6fe72-1f62-11e1-9e7c-406186ea4fc5 NBE nbe Legacy OpenVAS report.
9e5e5deb-879e-4ecc-8be6-a71cd0875cdd Topology SVG svg Network topology SVG image.
a3810a62-1f62-11e1-9219-406186ea4fc5 TXT txt Plain text report.
a684c02c-b531-11e1-bdc2-406186ea4fc5 LaTeX tex LaTeX source file.
a994b278-1f62-11e1-96ac-406186ea4fc5 XML xml Raw XML report.
c15ad349-bd8d-457a-880a-c7056532ee15 Verinice ISM vna Greenbone Verinice ISM Report, v3.0.0.
c1645568-627a-11e3-a660-406186ea4fc5 CSV Results csv CSV result list.
c402cc3e-b531-11e1-9163-406186ea4fc5 PDF pdf Portable Document Format report.
# 查看任務(wù)結(jié)束之后的報(bào)告
msf > openvas_report_list
[+] OpenVAS list of reports
ID Task Name Start Time Stop Time
-- --------- ---------- ---------
a6f037de-489e-4e9a-b5de-eafd8b723635 task_xp 2018-12-06T07:38:09Z 2018-12-06T08:11:22Z
# 導(dǎo)入報(bào)告
openvas_report_import 報(bào)告ID 報(bào)告類型ID
msf > openvas_report_import a6f037de-489e-4e9a-b5de-eafd8b723635 9ca6fe72-1f62-11e1-9e7c-406186ea4fc5
[*] Importing report to database.
# 查看結(jié)果,之后就是根據(jù)CVE編碼來選擇合適的攻擊模塊了
msf > vulns
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=ICMP Timestamp Detection refs=CVE-1999-0524
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=Linux Kernel IGMP Remote Denial Of Service Vulnerability refs=CVE-2012-0207,BID-51343
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=Microsoft IIS FTP Server 'ls' Command DOS Vulnerability refs=CVE-2009-2521,BID-36273
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389) refs=CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148,BID-96703,BID-96704,BID-96705,BID-96707,BID-96709,BID-96706
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection refs=CVE-2016-0800,CVE-2014-3566
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: Report Vulnerable Cipher Suites for HTTPS refs=CVE-2016-2183,CVE-2016-6329
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: Report Weak Cipher Suites refs=CVE-2013-2566,CVE-2015-2808,CVE-2015-4000
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK) refs=CVE-2015-0204,BID-71936
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE) refs=BID-70574
[*] Time: 2018-12-06 08:21:25 UTC Vuln: host=192.168.10.122 name=Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote refs=CVE-2008-4114,CVE-2008-4834,CVE-2008-4835,BID-31179
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請(qǐng)聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成��,瀏覽時(shí)請(qǐng)結(jié)合常識(shí)與多方信息審慎甄別。
平臺(tái)聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布�����,文章內(nèi)容僅代表作者本人觀點(diǎn)�����,簡(jiǎn)書系信息發(fā)布平臺(tái)���,僅提供信息存儲(chǔ)服務(wù)����。
