Nessus から派生した脆弱性スキャナー。
Nessus は2005年のVer.3 以降商用化されたが、OpenVASはオープンソースで公開されていたVer.2系をベースに拡張されている。
コミュニティーベースで開発され、脆弱性データベースも日々更新されている。 開発を支援するドイツの Greenbone により商用サポートも提供されている。
OpenVAS - OpenVAS - Open Vulnerability Assessment Scanner
Kali Linux 起動
# apt update # apt upgrade # apt autoremove # apt install openvas
OpenVAS では脆弱性情報やそれをテストするための設定情報をNVT(Network Vulnerability Tests)と呼ぶ。NVTは日々更新されており、NVTフィードという形式で配信される。
NVTフィードはOpenVASによって無償で配信されており、OpenVASの利用前には更新されたNVTをダウンロードしておく必要がある。
OpenVASはNVTだけでなく、SCAP(Security Content Automation Protocol)という仕様に基づいて記述された脆弱性情報も利用している。
これらのダウンロードや、OpenVASを利用するためのユーザー情報の登録なども必要になる。
これらの設定は個別に行うこともできるが、OpenVASパッケージに含まれるopenvas-setup
というコマンドでまとめて実行することもできる。
【Udemy【サイバーセキュリティ完全攻略】ホワイトハッカー養成講座(ハッキングツール、Webアプリ攻略、不正侵入検知)】より
# openvas-setup
セットアップに軽く数時間はかかった(2,30分で終わったことがあったが、セットアップエラーとなった下記)。
セットアップの最後に出てくる UserID と Password をログイン時に使うので覚えておくこと。
セットアップが正しく行われたかのチェック
# openvas-check-setup openvas-check-setup 2.3.7 Test completeness and readiness of OpenVAS-9 ~(中略)~ Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.1.3. OK: redis-server is present in version v=5.0.5. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock ~(中略)~ It seems like your OpenVAS-9 installation is OK. If you think it is not OK, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
ここで、すべてOKとならず、次のエラーが出たことがある。
root@kali:~# openvas-check-setup openvas-check-setup 2.3.7 Test completeness and readiness of OpenVAS-9 (add '--v6' or '--v7' or '--v8' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.1.3. OK: redis-server is present in version v=5.0.5. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock. OK: redis-server configuration is OK and redis-server is running. OK: NVT collection in /var/lib/openvas/plugins contains 52474 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). WARNING: The initial NVT cache has not yet been generated. SUGGEST: Start OpenVAS Scanner for the first time to generate the cache. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 7.0.3. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 184. OK: OpenVAS Manager expects database at revision 184. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 52474 NVTs. OK: At least one user exists. ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db) FIX: Run a SCAP synchronization script like greenbone-scapdata-sync. ERROR: Your OpenVAS-9 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
Kali Linux の左上のメニューから「アプリケーション」→「System Service」→「OpenVas」→「openVas feed update」を実行する。
[>] Updating OpenVAS feeds [*] [1/3] Updating: NVT Greenbone community feed server - http://feed.community.greenbone.net/ This service is hosted by Greenbone Networks - http://www.greenbone.net/ All transactions are logged. If you have any questions, please use the Greenbone community portal. See https://community.greenbone.net for details. By using this service you agree to our terms and conditions. Only one sync per time, otherwise the source ip will be temporarily blocked. receiving incremental file list plugin_feed_info.inc 985 100% 961.91kB/s 0:00:00 (xfr#1, to-chk=0/1) sent 43 bytes received 1,097 bytes 253.33 bytes/sec total size is 985 speedup is 0.86 [*] [2/3] Updating: Scap Data Greenbone community feed server - http://feed.community.greenbone.net/ This service is hosted by Greenbone Networks - http://www.greenbone.net/ All transactions are logged. If you have any questions, please use the Greenbone community portal. See https://community.greenbone.net for details. By using this service you agree to our terms and conditions. Only one sync per time, otherwise the source ip will be temporarily blocked. receiving incremental file list ./ nvdcve-2.0-2012.xml 45,261,751 100% 323.69kB/s 0:02:16 (xfr#1, to-chk=30/43) nvdcve-2.0-2013.xml 46,162,392 100% 115.99kB/s 0:06:28 (xfr#2, to-chk=29/43) nvdcve-2.0-2014.xml 46,301,815 100% 109.97kB/s 0:06:51 (xfr#3, to-chk=28/43) nvdcve-2.0-2015.xml 42,960,952 100% 121.00kB/s 0:05:46 (xfr#4, to-chk=27/43) nvdcve-2.0-2016.xml 60,794,481 100% 132.18kB/s 0:07:29 (xfr#5, to-chk=26/43) nvdcve-2.0-2017.xml 177,817,137 100% 143.55kB/s 0:20:09 (xfr#6, to-chk=25/43) nvdcve-2.0-2018.xml 273,484,853 100% 144.31kB/s 0:30:50 (xfr#7, to-chk=24/43) nvdcve-2.0-2019.xml 153,695,062 100% 244.13kB/s 0:10:14 (xfr#8, to-chk=23/43) official-cpe-dictionary_v2.2.xml 125,338,296 100% 213.99kB/s 0:09:31 (xfr#9, to-chk=22/43) sha1sums 2,034 100% 2.49kB/s 0:00:00 (xfr#10, to-chk=21/43) sha256sums 2,754 100% 3.35kB/s 0:00:00 (xfr#11, to-chk=20/43) sha256sums.asc 819 100% 0.99kB/s 0:00:00 (xfr#12, to-chk=19/43) timestamp 13 100% 0.02kB/s 0:00:00 (xfr#13, to-chk=18/43) oval/ oval/5.10/ oval/5.10/org.mitre.oval/ oval/5.10/org.mitre.oval/c/oval.xml 268,150 100% 143.72kB/s 0:00:01 (xfr#14, to-chk=9/43) oval/5.10/org.mitre.oval/i/oval.xml 9,480,204 100% 174.16kB/s 0:00:53 (xfr#15, to-chk=8/43) oval/5.10/org.mitre.oval/m/oval.xml 143,834 100% 197.56kB/s 0:00:00 (xfr#16, to-chk=7/43) oval/5.10/org.mitre.oval/p/oval.xml 90,911,155 100% 167.03kB/s 0:08:51 (xfr#17, to-chk=6/43) oval/5.10/org.mitre.oval/v/ oval/5.10/org.mitre.oval/v/family/ios.xml 2,012,118 100% 93.14kB/s 0:00:21 (xfr#18, to-chk=4/43) oval/5.10/org.mitre.oval/v/family/macos.xml 453,775 100% 112.27kB/s 0:00:03 (xfr#19, to-chk=3/43) oval/5.10/org.mitre.oval/v/family/pixos.xml 10,014 100% 12.33kB/s 0:00:00 (xfr#20, to-chk=2/43) oval/5.10/org.mitre.oval/v/family/unix.xml 31,372,831 100% 160.68kB/s 0:03:10 (xfr#21, to-chk=1/43) oval/5.10/org.mitre.oval/v/family/windows.xml 51,773,463 100% 112.16kB/s 0:07:30 (xfr#22, to-chk=0/43) sent 35,549 bytes received 1,130,665,252 bytes 156,379.34 bytes/sec total size is 1,490,170,345 speedup is 1.32 part 0 Done part 1 Done part 0 Done part 1 Done part 0 Done part 1 Done part 2 Done part 0 Done part 1 Done part 2 Done part 3 Done part 4 Done part 0 Done part 1 Done part 2 Done /usr/sbin/openvasmd [*] [3/3] Updating: Cert Data Greenbone community feed server - http://feed.community.greenbone.net/ This service is hosted by Greenbone Networks - http://www.greenbone.net/ All transactions are logged. If you have any questions, please use the Greenbone community portal. See https://community.greenbone.net for details. By using this service you agree to our terms and conditions. Only one sync per time, otherwise the source ip will be temporarily blocked. receiving incremental file list timestamp 13 100% 12.70kB/s 0:00:00 (xfr#1, to-chk=0/1) sent 43 bytes received 113 bytes 44.57 bytes/sec total size is 13 speedup is 0.08 root@kali:~#
再度# openvas-check-setup
を実行してみる。
今度は全部OK
root@kali:~# openvas-check-setup openvas-check-setup 2.3.7 Test completeness and readiness of OpenVAS-9 (add '--v6' or '--v7' or '--v8' if you want to check for another OpenVAS version) Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Send us the log-file (/tmp/openvas-check-setup.log) to help analyze the problem. Use the parameter --server to skip checks for client tools like GSD and OpenVAS-CLI. Step 1: Checking OpenVAS Scanner ... OK: OpenVAS Scanner is present in version 5.1.3. OK: redis-server is present in version v=5.0.5. OK: scanner (kb_location setting) is configured properly using the redis-server socket: /var/run/redis-openvas/redis-server.sock OK: redis-server is running and listening on socket: /var/run/redis-openvas/redis-server.sock. OK: redis-server configuration is OK and redis-server is running. OK: NVT collection in /var/lib/openvas/plugins contains 52474 NVTs. WARNING: Signature checking of NVTs is not enabled in OpenVAS Scanner. SUGGEST: Enable signature checking (see http://www.openvas.org/trusted-nvts.html). WARNING: The initial NVT cache has not yet been generated. SUGGEST: Start OpenVAS Scanner for the first time to generate the cache. Step 2: Checking OpenVAS Manager ... OK: OpenVAS Manager is present in version 7.0.3. OK: OpenVAS Manager database found in /var/lib/openvas/mgr/tasks.db. OK: Access rights for the OpenVAS Manager database are correct. OK: sqlite3 found, extended checks of the OpenVAS Manager installation enabled. OK: OpenVAS Manager database is at revision 184. OK: OpenVAS Manager expects database at revision 184. OK: Database schema is up to date. OK: OpenVAS Manager database contains information about 52474 NVTs. OK: At least one user exists. OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db. OK: OpenVAS CERT database found in /var/lib/openvas/cert-data/cert.db. OK: xsltproc found. Step 3: Checking user configuration ... WARNING: Your password policy is empty. SUGGEST: Edit the /etc/openvas/pwpolicy.conf file to set a password policy. Step 4: Checking Greenbone Security Assistant (GSA) ... OK: Greenbone Security Assistant is present in version 7.0.3. OK: Your OpenVAS certificate infrastructure passed validation. Step 5: Checking OpenVAS CLI ... OK: OpenVAS CLI version 1.4.5. Step 6: Checking Greenbone Security Desktop (GSD) ... SKIP: Skipping check for Greenbone Security Desktop. Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled. OK: OpenVAS Scanner is running and listening on a Unix domain socket. WARNING: OpenVAS Manager is running and listening only on the local interface. This means that you will not be able to access the OpenVAS Manager from the outside using GSD or OpenVAS CLI. SUGGEST: Ensure that OpenVAS Manager listens on all interfaces unless you want a local service only. OK: Greenbone Security Assistant is listening on port 9392, which is the default port. Step 8: Checking nmap installation ... WARNING: Your version of nmap is not fully supported: 7.80 SUGGEST: You should install nmap 5.51 if you plan to use the nmap NSE NVTs. Step 10: Checking presence of optional tools ... OK: pdflatex found. OK: PDF generation successful. The PDF report format is likely to work. OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work. WARNING: Could not find rpm binary, LSC credential package generation for RPM and DEB based targets will not work. SUGGEST: Install rpm. WARNING: Could not find makensis binary, LSC credential package generation for Microsoft Windows targets will not work. SUGGEST: Install nsis. It seems like your OpenVAS-9 installation is OK. If you think it is not OK, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem. root@kali:~#
ブラウザが立ち上がるので、セットアップ時に表示されたユーザーIDとパスワードでログインする。
パスワードを忘れてしまった場合、下記を参考にパスワードを変更する。
OpenVAS - 授業のメモ
ブラウザが開いた際に「Your connection is not secure」と出た場合「Advanced」→「Add Exception」→「Confirm Security Exception」と進み例外登録する。
メニュータブ → [Scans] → [Tasks]
最初に自分自身をスキャンしてみる
スキャン進行中。4.5分待つ
スキャン終了。脆弱性は検出されず
ブラウザを閉じる。
# openvas-stop