Open Vas web vulnerability scanner
Hello friends
today we are going to discuss how to install and use open vas. which is a open source web vulnerability scanner.
we will be doing this on kali linux.
now i guess you have installed the kali linux distribution.
if not do install it. if you don't know
how to install the kali linux this tutorial might be not for you. still
you cal learn how to install kali linux here.
now to install the open vas go here
applications> kali linux > vulnerability analysis > openvas >openvas-setup
it will download some stuff. like latest vulnerability database.
and the initiate some things which are required by it to work.
now it will start some plugins.
guys you might have heared about the GUI version of it but i am not gonna use it.
as it is not as good as what we are gonna use. it is the web version of the tool.
the default username is admin
it will take some time to start so don't panic due to it.
after a while it will ask you to enter a password.
remember to enter a strong a password as it will be a super user as root is in the linux.
Now open your browser.
and go to url https://127.0.0.1:9392
it will show you an error that it is and untrusted connection
just click on the i understand the risk as it is a self signed certificate of the error is genuine.
and add an exception in your browser.
now a login page will come in front of you
enter admin as username and password what you wrote in the command prompt.
now go to administration>NVT feed and
click on synchronize with feed. it will update the vulnerability
database of your application.
do same with SCAP and CERT feeds too.
now if you want to add users click on administration > users
write name password role and click on create user.
now you can see the user in the list of users.
now go to extras and click on target.
which is the first step in attacking.
name the target and set the ip address
or select a file with a list of ip address.
keep the port list untouched.
and click on create target.
now go to scan management and click on new task.
again enter the name of the scan and select the scan target.
the lower you select the more time it will take as it will become more detailed.
you can also schedule the scan.
and you can also add the observer.
no click on create task.
now you can see in your task a scan.
now in actions click on start.
now choose 10sec auto refresh. and click on refresh.
now when the bar reaches to 100 percent click on the date in the last section.
and you will get the report of it.
select the full report and you can download it in html.
the pdf is not working. so you have only one option which is better the n others it is html.
so use it as you can also edit it the way you want.
now edit it the way you want and give it to your client.
this post is written by ManishBeingNegative.he is a Security Researcher and Penetration Testor. He is also the owner of the XgenSecurity.
