OpenVASVulnerability Assessment Group 5 IgibekKoishybayev; Yingchao Zhu ChenQian; XingyuWu; XuZhuo Zhang
OpenVAS • The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. • Founded 1999, Osnabrück, Germany
Why Vulnerability Assessment? • Unnecessary open shares • Unused user accounts • Unnecessary open ports • Rogue devices connected to your systems • Dangerous script configurations • Servers allowing use of dangerous protocols • Incorrect permissions on important system files • Running of unnecessary, potentially dangerous services
Architecture • Core: Network Vulnerability Tests (NVTs), the security scanner accompanied with a daily updated feed
OpenVAS Elements: • OpenVAS Software (Server, Client, VulerabilityTests): GNU General Public • OpenVAS Management tools • NVT(Network Vulnerability Tests) Feed service: daily updated tests, unrestricted access
Feature overview • Greenbone Security Assistant (GSA) • Client for OMP and OAP • HTTP and HTTPS • Web server on its own (microhttpd), thus no extra web server required • Integrated online-help system • Multi-language support • OpenVAS CLI • Client for OMP • Runs on Windows, Linux, etc. • Plugin for Nagios OpenVAS Scanner • Many target hosts are scanned concurrently • OpenVAS Transfer Protocol (OTP) • SSL support for OTP (always) • WMI support (optional) OpenVAS Manager • OpenVAS Management Protocol (OMP) • SQL Database (sqlite) for configurations and scan results • SSL support for OMP (always) • Many concurrent scans tasks (many OpenVAS Scanners) • Notes management for scan results • False Positive management for scan results • Scheduled scans • Master-Slave Mode to control many instances from a central one • Reports Format Plugin Framework with various plugins for: XML, HTML, LateX, etc.
Lab Generation 1. Setting up and Pre-work • Get familiar with the OpenVAS software/Backtrack/CentOS System. • Learn some successful examples using OpenVAS in the past. • Learn some leak patterns. • Set up the environment for the test
Lab Generation 2. Find targets Software-Based • Create our own mailbox application • Use the real mailbox application with open source --Protocol: SMTP(send)/IMAP(receive)/POP3(receive)
Lab Generation 2. Find targets Web-Based • Open Source Web Browser (EX: The Chromium Projects) • Server with some vulnerabilities (EX: old version CGI)
Lab Generation 3. Penetration Test/Problem solve • Using OpenVAS to do the test, find some vulnerabilities of the software/web browser/server • Attack the software/web browser/server • Try to fix the vulnerability
Lab Generation 4. Re-test • Retest using OpenVAS after leaks fixing • Attack again to check if the vulnerabilities are solved
Lab Generation 5. Report • Give a detailed idea of these assessment • Give a tutorial of how to use the OpenVAS for the assessment
Extra Points (if time permitted) • Develop the mobile platform application to do the whole process above
Thank you & Happy Hacking!