Premise
In this video walkthrough, I demonstrated the use of Openvas to scan for web application vulnerabilities. I explained the target, port, and credentials configurations in addition to breaking down the structure of the report.

Get OSCP Certificate Notes

Description

OpenVAS, an application used to scan endpoints and web applications to identify and detect vulnerabilities. It is commonly used by corporations as part of their mitigation solutions to quickly identify any gaps in their production or even development servers or applications. This is not an end all be all solution but can help to get rid of any common vulnerabilities that may have slipped through the cracks.

From the OpenVAS GitHub repository “This is the Open Vulnerability Assessment Scanner (OpenVAS) of the Greenbone Vulnerability Management (GVM) Solution. It is used for the Greenbone Security Manager appliances and is a full-featured scan engine that executes a continuously updated and extended feed of Network Vulnerability Tests (NVTs).”

Challenge Questions

  • When did the scan start in Case 001?
  • When did the scan end in Case 001?
  • How many ports are open in Case 001?
  • How many total vulnerabilities were found in Case 001?
  • What is the highest severity vulnerability found? (MSxx-xxx)
  • What is the first affected OS to this vulnerability?
  • What is the recommended vulnerability detection method?

 

Walkthrough