Giter VIP home page Giter VIP logo

openvas-sandbox's Introduction

openvas-sandbox

Travis (.com) branch: Build Status

Deploy openVAS on kali linux

>vagrant init --template scripts/Vagrantfile.erb
>vagrant up vg-kali-02
>vagrant ssh vg-kali-02


apt-get update -y
apt-get upgrade -y
apt-get install -yq gvm
gvm-setup
gvm-start

browse the local host 
“https://127.0.0.1:9392”

>vagrant destroy -f vg-kali-02
>del Vagrantfile


>vagrant init --template scripts/Vagrantfile.erb
>vagrant up "vg-openvas-01"


Login with admin and the password in the script output

total size is 63,121,109  speedup is 1.00
/usr/sbin/openvasmd

ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=0.0.0.0 --mport=9390 --allow-header-host 192.168.22.12

User created with password 'b124cb71-220b-4f0b-8308-005187a3828b'.


check that gsad is running and listening
# netstat -apn | grep LISTEN
# netstat -anp | grep gsad

vagrant@vg-openvas-02:~$ sudo netstat -apn | grep LISTEN
tcp        0      0 127.0.0.1:9390          0.0.0.0:*               LISTEN      889/openvasmd
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN      737/gsad
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      900/gsad

vagrant@vg-openvas-02:~$ sudo netstat -anp | grep gsad
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN      737/gsad
tcp        0      0 127.0.0.1:80            0.0.0.0:*               LISTEN      900/gsad
unix  3      [ ]         STREAM     CONNECTED     18405    737/gsad

vagrant@vg-openvas-02:~$ sudo netstat -anp | grep openvas
tcp        0      0 127.0.0.1:9390          0.0.0.0:*               LISTEN      889/openvasmd
unix  2      [ ACC ]     STREAM     LISTENING     23023    1488/openvassd: Wai  /var/run/openvassd.sock
unix  2      [ ACC ]     STREAM     LISTENING     21878    863/redis-server 12  /var/run/redis-openvas/redis-server.sock
unix  3      [ ]         STREAM     CONNECTED     28186    863/redis-server 12  /var/run/redis-openvas/redis-server.sock
unix  3      [ ]         STREAM     CONNECTED     25910    1488/openvassd: Wai
unix  3      [ ]         STREAM     CONNECTED     20133    889/openvasmd

wget -p http://192.168.22.12
--2019-11-27 16:26:54--  http://192.168.22.12/
Connecting to 192.168.22.12:80... connected.
HTTP request sent, awaiting response... 303 See Other
Location: https://192.168.22.12:9392/login/login.html [following]
--2019-11-27 16:26:54--  https://192.168.22.12:9392/login/login.html
Connecting to 192.168.22.12:9392... connected.
ERROR: cannot verify 192.168.22.12's certificate, issued by ‘C=DE,L=Osnabrueck,O=OpenVAS Users,OU=Certificate Authority for vg-openvas-01’:
 Unable to locally verify the issuer's authority.
   ERROR: certificate common name ‘vg-openvas-01’ doesn't match requested host name ‘192.168.22.12’.
To connect to 192.168.22.12 insecurely, use `--no-check-certificate'.

https://192.168.22.12:9392/login/login.html

# vi /lib/systemd/system/greenbone-security-assistant.service

# systemctl daemon-reload
vagrant@vg-openvas-01:~$ sudo systemctl restart greenbone-security-assistant.service
vagrant@vg-openvas-01:~$ sudo systemctl status greenbone-security-assistant.service

# omp --help

password change
vg-openvas-01:~$ sudo openvasmd --user=admin --new-password=admin

$ sudo openvas-stop
Stopping OpenVas Services
$ sudo openvas-start
Starting OpenVas Services


Web UI
Menu - Configuration - Targets
Menu - Scans - Tasks


Network Targets
    Single IPv4 address: 192.168.300.10
    IPv4 address range in short format: 192.168.200.100-11
    IPv4 address range in long format: 192.168.200.100-192.168.200.110
    IPv4 address range in CIDR notation: 192.168.100.0/24


https://github.com/greenbone/openvas

openvas-sandbox's People

Contributors

githubfoam avatar

Watchers

avatar

openvas-sandbox's Issues

Security Policy violation SECURITY.md

This issue was automatically created by Allstar.

Security Policy Violation
Security policy not enabled.
A SECURITY.md file can give users information about what constitutes a vulnerability and how to report one securely so that information about a bug is not publicly visible. Examples of secure reporting methods include using an issue tracker with private issue support, or encrypted email with a published key.

To fix this, add a SECURITY.md file that explains how to handle vulnerabilities found in your repository. Go to https://github.com/githubfoam/openvas-sandbox/security/policy to enable.

For more information, see https://docs.github.com/en/code-security/getting-started/adding-a-security-policy-to-your-repository.

This issue will auto resolve when the policy is in compliance.

Issue created by Allstar. See https://github.com/ossf/allstar/ for more information. For questions specific to the repository, please contact the owner or maintainer.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.