kali安装openvas全过程
本博文,是在Kali 2.0 linux里,安装OpenVAS。
前言
OpenVAS是一款开放式的漏洞评估工具,主要用来检测目标网络或主机的安全性。与安全焦点的X-Scan工具类似,OpenVAS系统也采用了Nessus较早版本的一些开放插件。OpenVAS能够基于C/S(客户端/服务器),B/S(浏览器/服务器)架构进行工作,管理员通过浏览器或者专用客户端程序来下达扫描任务,服务器端负载授权,执行扫描操作并提供扫描结果。
一套完整的OpenVAS系统包括服务器端,客户端的多个组件。
1、服务器层组件
openvas-scanner(扫描器):负责调用各种漏洞检测插件,完成实际的扫描操作。
openvas-manager(管理器):负责分配扫描任务,并根据扫描结果生产评估报告。
openvas-administrator(管理者):负责管理配置信息,用户授权等相关工作。
2、客户层组件
openvas-cli(命令行接口):负责提供从命令行访问OpenVAS服务层程序。
greenbone-security-assistant(安装助手):负责提供访问OpenVAS服务层的web接口,便于通过浏览器来执行扫描任务,是使用最简便的客户层组件。
Greenbone-Desktop-Suite(桌面套件):负责提供访问OpenVAS服务层的图形程序界面,主要允许在Windows客户机中。
除了上述各工作组件以外,还有一个核心环节,那就是漏洞测试插件更新。OpenVAS系统的插件来源有两个途径,一、官方提供的NVT免费插件,二、Greenbone Sec公司提供的商业插件。
注意啦:
最新版本 Kali Linux 2016.2 中不再自带OpenVAS,需要自己安装和配置
也许,大家会网上看到一些博客和文档,别人的kali里有。(比如:http://blog.chinaunix.net/uid-26349264-id-4455664.html)
博主我用的是这款。
为什么要在Kali 2.0 linux里安装OpenVAS?
在kali 2.0预装的OpenVAS好像只能通过msfconsole使用(在msfconsole中load openvas),但是这样无法创建账号,要执行db_connect时就没有账号密码去连接。如下
root@kali:~# msfconsolemsf > load openvas [*] Welcome to OpenVAS integration by kost and averagesecurityguy. [*] [*] OpenVAS integration requires a database connection. Once the [*] database is ready, connect to the OpenVAS server using openvas_connect. [*] For additional commands use openvas_help. [*] [*] Successfully loaded plugin: OpenVAS msf >
msf > openvas_connect admin admin 202.193.58.13 9390 ok [*] Connecting to OpenVAS instance at 202.193.58.13:9390 with username admin... [-] Error while running command openvas_connect: uninitialized constant OpenVASOMP::OMPConnectionErrorCall stack: /usr/share/metasploit-framework/plugins/openvas.rb:196:in `rescue in cmd_openvas_connect' /usr/share/metasploit-framework/plugins/openvas.rb:190:in `cmd_openvas_connect' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:428:in `run_command' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:390:in `block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:384:in `each' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:384:in `run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:203:in `run' /usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in `start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:in `start' /usr/bin/msfconsole:48:in `<main>' msf >
基于此,所以,要在kali 2.0linux里安装OpenVAS。
本博文主要介绍如何在kali Linux下对openvas 的初始安装(开始正文)
安装过程
Kali 2.0 linux里,先需要安装OpenVAS。
系统要求
- 源配置正确 参考
Kali Linux 最新版本为 2016.2 ,包括 2016.1 都属于 Kali Rolling Distribution ,源是相同的 建议默认使用官方源,会自动跳转到国内快速的源
1、设置源
编辑 /etc/apt/sources.list
nano /etc/apt/sources.list
清空文件内所有内容后添加
deb http://http.kali.org/kali kali-rolling main contrib non-free
保存退出。
- 也可以使用中科大的源
deb http://mirrors.ustc.edu.cn/kali kali-rolling main non-free contrib
2、更新
依次运行以下命令
apt-get update apt-get upgrade apt-get dist-upgrade
完成
安装
1、更新系统
apt-get update apt-get upgrade apt-get dist-upgrade
2、安装OpenVAS
apt-get install openvas
安装配置OpenVAS (这一步需要的时间非常久,需要下载很多文件,建议最好挂个国外代理进行这一步操作,不然你可以喝10几杯咖啡了,嘿嘿)
openvas-setup
检查安装 (如有提示错误的请按提示修复)
openvas-check-setup
比如,我
如我安装时运行 openvas-check-setup 后 step 2 有报错 ...... OK: OpenVAS Manager database is at revision 146.
OK: OpenVAS Manager expects database at revision 146.
OK: Database schema is up to date.
OK: OpenVAS Manager database contains information about 51943 NVTs.
OK: At least one user exists.
OK: OpenVAS SCAP database found in /var/lib/openvas/scap-data/scap.db.
ERROR: No OpenVAS CERT database found. (Tried: /var/lib/openvas/cert-data/cert.db)
FIX: Run a CERT synchronization script like openvas-certdata-sync or greenbone-certdata-sync.
ERROR: Your OpenVAS-8 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.
If you think this result is wrong, please report your observation
and help us to improve this check routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
根据提示运行 openvas-check-setup 后解决 root@kalitest:~# openvas-certdata-sync
[i] This script synchronizes a CERT advisory directory with the OpenVAS one. [i] This script is for the SQLite3 backend. [i] CERT dir: /var/lib/openvas/cert-data [i] Will use rsync [i] Using rsync: /usr/bin/rsync [i] Configured CERT data rsync feed: rsync://feed.openvas.org:/cert-data OpenVAS community feed server - http://www.openvas.org/
This service is hosted by Greenbone Networks - http://www.greenbone.net/
All transactions are logged.
If you have any questions, please use the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
By using this service you agree to our terms and conditions.
Only one sync per time, otherwise the source ip will be blocked.
receiving incremental file list
./ CB-K13.xml
1,430,197 100% 24.15kB/s 0:00:57 (xfr#1, to-chk=34/36) CB-K13.xml.asc
181 100% 176.76kB/s 0:00:00 (xfr#2, to-chk=33/36) CB-K14.xml
4,772,286 100% 22.20kB/s 0:03:29 (xfr#3, to-chk=32/36) CB-K14.xml.asc
181 100% 176.76kB/s 0:00:00 (xfr#4, to-chk=31/36) CB-K15.xml
6,117,922 100% 22.58kB/s 0:04:24 (xfr#5, to-chk=30/36) CB-K15.xml.asc
181 100% 176.76kB/s 0:00:00 (xfr#6, to-chk=29/36) ..... 修复后再次运行 openvas-check-setup 检查安装 ..... 看到 It seems like your OpenVAS-8 installation is OK. 安装完成
我实在step1和step7中出现了错误,具体错误如果不知道如何解决,可搜索引擎。
Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled.ERROR: OpenVAS Scanner is NOT running!FIX: Start OpenVAS Scanner (openvassd).ERROR: OpenVAS Manager is NOT running!FIX: Start OpenVAS Manager (openvasmd).ERROR: OpenVAS Administrator is NOT running!FIX: Start OpenVAS Administrator (openvasad).ERROR: Greenbone Security Assistant is NOT running!FIX: Start Greenbone Security Assistant (gsad).ERROR: Your OpenVAS-6 installation is not yet complete!
Please follow the instructions marked with FIX above and run this
script again.Start OpenVAS Scanner
#/etc/init.d/openvas-scanner startStart OpenVAS Manager
#openvasmd --rebuild take around 10 minutes, you can execute below command
#openvasmdStart OpenVAS Administrator
#openvasad -c add_user -n praveend --role=Admin
if the username is already created just execute openvasadStart Greenbone Security Assistant
#gsadOnce the configuration is done execute
root@kali-praveend:~# openvas-check-setup
........
........
Step 5: Checking OpenVAS CLI ... OK: OpenVAS CLI version 1.2.0.
Step 6: Checking Greenbone Security Desktop (GSD) ... OK: Greenbone Security Desktop is present in Version 1.2.2.
Step 7: Checking if OpenVAS services are up and running ... OK: netstat found, extended checks of the OpenVAS services enabled.OK: OpenVAS Scanner is running and listening only on the local interface.OK: OpenVAS Scanner is listening on port 9391, which is the default port.OK: OpenVAS Manager is running and listening on all interfaces.OK: OpenVAS Manager is listening on port 9390, which is the default port.OK: OpenVAS Administrator is running and listening on all interfaces.OK: OpenVAS Administrator is listening on port 9393, which is the default port.OK: Greenbone Security Assistant is running and listening on all interfaces.OK: Greenbone Security Assistant is listening on port 443, which is the default port.
Step 8: Checking nmap installation ...WARNING: Your version of nmap is not fully supported: 6.47SUGGEST: You should install nmap 5.51.
Step 9: Checking presence of optional tools ...OK: pdflatex found.OK: PDF generation successful. The PDF report format is likely to work.OK: ssh-keygen found, LSC credential generation for GNU/Linux targets is likely to work.OK: rpm found, LSC credential package generation for RPM based targets is likely to work.OK: alien found, LSC credential package generation for DEB based targets is likely to work.OK: nsis found, LSC credential package generation for Microsoft Windows targets is likely to work.
It seems like your OpenVAS-6 installation is OK.还记得在运行 openvas-setup 这步最后一行显示的 User created with password '47a7baeb-2f48-4fb9-9177-f6ba1fb058d8'. 嘛,这个密码显然不符合我们的使用习惯,改之
openvasmd --user admin --new-password xxxxxx
升级
openvas-feed-update
启动OpenVAS
openvas-start
查看 GSAD services,OpenVAS manager, OpenVAS manager 端口情况
netstat -antp | grep 939* tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 20764/gsad tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 20769/openvasmd tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 20773/openvassd: Wa
一切OK后使用浏览器访问 https://127.0.0.1:9392 应该可以看到。
登录账号 admin 和你前面设置的密码
配置
设置OpenVAS服务器的地址
OpenVAS 在默认配置下,仅允许 127.0.0.1 地址本地连接
openvas-stop
编辑 /lib/systemd/system/greenbone-security-assistant.service
nano /lib/systemd/system/greenbone-security-assistant.service [Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service[Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390[Install] WantedBy=multi-user.target
修改 --listen=127.0.0.1 为 --listen=0.0.0.0
[Unit] Description=Greenbone Security Assistant Documentation=man:gsad(8) http://www.openvas.org/ Wants=openvas-manager.service[Service] Type=simple PIDFile=/var/run/gsad.pid ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390[Install] WantedBy=multi-user.target
启动服务查看
systemctl daemon-reload openvas-start netstat -antp | grep 9392 tcp 0 0 0.0.0.0:9392 0.0.0.0:* LISTEN 23158/gsad
参考博客
https://www.yagami.info/kali-linux-2016-2-rolling-an-zhuang-openvas/
kali安装openvas全过程相关推荐
- Kali安装openVAS (GVM)
给Kali - 2021-3安装GVM的兄弟们2021/11/15出错的问题的解决办法 原文链接 ---------------- 版权声明:本文为CSDN博主「林超男」的原创文章,遵循CC 4.0 ...
- Kali Linux安装OpenVAS
Kali Linux安装OpenVAS OpenVAS是一个开放式漏洞评估系统,可以用来实施各种漏洞扫描.但是,大部分系统默认没有安装.一些用户在安装过程中,会碰到各种问题,如扫描服务丢失.初始化失败 ...
- kali linux重启网络服务报错,Web安全学习笔记之在Kali Linux上安装Openvas以及启动失败修复...
现在用的kali linux是2018.1的版本,在安装openvas的时候报错,无法通过网络下载和安装openvas. 主要错误是源配置错误,可能现在用的kali很久没更新了. 一.解决和配置更新源 ...
- Kali linux 2016.2(Rolling)里安装OpenVAS
不多说,直接上干货! 本博文,是在Kali 2.0 linux里,安装OpenVAS. 前言 OpenVAS是一款开放式的漏洞评估工具,主要用来检测目标网络或主机的安全性.与安全焦点的X-Scan工具 ...
- 记一次Kali linux安装OpenVAS失败的入坑日记
一,前景: 由于本人心血来潮想去研究openvas的使用,所以在以一个"绿骨"小白的身份来使用该工具.毫无疑问,小白上阵,必定掉坑!刚拿到全新的Kali linux就发现,这玩意是 ...
- kali2020.3安装openvas(gvm11)附gvm修改amdin密码以及gvm创建账号
kali2020.3安装openvas(gvm11) openvas在kali新版本下已被取代,执行openvas-start.openvas-feed-update命令会报错,显示没有该命令. 这里 ...
- kali安装w3af出现的问题及解决方法(附w3af安装)
kali安装软件出现下面的情况的解决方法 文末有惊喜 Running updmap-sys. This may take some time... done. Running mktexlsr /va ...
- (亲测可行)ubuntu16.04+Opencv3.4.3+opencv_contrib3.4.3安装编译全过程
ubuntu16.04+Opencv3.4.3+Opencv_contrib3.4.3安装编译全过程 1.资源下载 opencv3.4.3+opencv_contrib3.4.3下载链接: https ...
- kali linux提示安装系统失败,kali“安装系统”失败分析及解决
昨天打算把kali安装在硬盘上,因而便去下载了一个amd64位的1.06版本的kali linux.linux 而后就这样一直放着,过一段时间后,下载完成.我是放在D盘根目录,那时只有一个kali-l ...
最新文章
- R语言ggplot2可视化:将dataframe和数据列名称传递给函数通过函数进行ggplot2可视化输出
- java包含点_Java的21个核心技术点,你知道吗
- 【机器学习基础】数学推导+纯Python实现机器学习算法28:CRF条件随机场
- python版本的服务器
- OpenCASCADE绘制测试线束:数据交换命令之XDE 形状命令
- vue2.0框架认识
- aws lambda_带有API网关的AWS Lambda
- 模拟聊天室显示语句保持最新显示
- EMC 电磁兼容测试项目
- MFC通过sql访问excel的方法
- mysql 相同分数排名
- 从小学到大学到出社会以后我的感受(出社会时间不长)
- Beaglebone Black–I2C 接 BMP280 获取当前温度
- 3.2.CPU中的实模式
- 发布APP到腾讯应用宝
- 使用 python 压缩 png 图片,高达 80% 压缩率,肉眼无差异!
- 什么是嵌入式服务器?为什么使用嵌入式服务器?
- (转载)(官方)UE4--图像编程----着色器开发----HLSL 交叉编译器
- MySQL - 21查询分析器EXPLAIN
- 人工智能基础必备知识