We covered how to use OpenVas vulnerability scanner to scan for vulnerabilities. OpenVAS, an application used to scan endpoints and web applications to identify and detect vulnerabilities. It is commonly used by corporations as part of their mitigation solutions to quickly identify any gaps in their production or even development servers or applications. This was part of TryHackMe OpenVas room.
Introduction to OpenVAS
OpenVAS is a vulnerability scanner used to identify security weaknesses in systems by performing network scans and reporting on vulnerabilities. It is comparable to other vulnerability scanners like Nessus.
Setting up OpenVAS
Installation:
- OpenVAS can be installed easily using Docker. Once installed, the scanner is accessed via a web interface.
- After logging in with default credentials (
admin), users are presented with a dashboard showing recent scans, vulnerabilities, and their severity levels.
Configuring Scans:
- Before initiating a scan, users need to configure targets, set the IP address, and decide on the ports to scan. There are pre-configured port lists, but users can choose to scan all ports or specific ones, depending on the scenario.
- Schedules and Alerts:
- Users can set up scheduled scans to run at specified intervals (e.g., daily) and create alerts to notify them via email when vulnerabilities with certain severity levels (e.g., high or critical) are found.
Running a Vulnerability Scan with OpenVas
Creating a Task:
- To begin a scan, users need to create a task, assign a target to it, and configure the scan type. OpenVAS offers several scan configurations, such as full and fast, discovery, and deep scans.
- The scan types are selected based on the target system’s resources and the level of detail needed. For instance, full and fast scans may generate more noise, while deep scans provide thorough results but take longer.
Starting the Scan:
- Once the task is created, users can initiate the scan and monitor its progress through the dashboard. After completion, the scan’s status will be marked as “done.”
Viewing Scan Reports
After a scan is complete, the results can be viewed through the Reports section. Reports provide details on the vulnerabilities found, their severity levels, and other relevant information.The report includes sections such as:
- Host Summary: Lists the systems that were scanned.
- Port Summary: Shows open ports found on the target systems.
- Vulnerabilities: Lists vulnerabilities found, along with their severity (e.g., low, medium, high).
For example, a scan may reveal medium severity vulnerabilities like missing HTTP-only cookies or TCP timestamps. In higher severity cases, vulnerabilities like MS17-010 (a critical vulnerability related to SMB) could be identified, making the system exploitable.
Vulnerability Management & Other Features in OpenVas
- Users can configure alerts to receive notifications when new vulnerabilities are found.
- The video shows how to tie alerts to schedules and customize the severity levels that trigger these notifications.
Other Features:
- Credential Management: OpenVAS supports scanning targets that require authentication. Credentials can be added during the scan setup.
- Scan Configurations: Users can choose between different scan configurations based on their needs. Options include CVE-based scans, custom port scans, and more.
- User Roles and Permissions: OpenVAS allows setting roles and permissions for different users, making it useful for teams working together on vulnerability management.
TryHackMe OpenVas | Room Answers
When did the scan end in Case 001?
How many ports are open in Case 001?
How many total vulnerabilities were found in Case 001?
What is the highest severity vulnerability found? (MSxx-xxx)
What is the first affected OS to this vulnerability?
What is the recommended vulnerability detection method?
