metasploit + openvas

最新推荐文章于 2024-11-03 21:42:49 发布

Nixawk

最新推荐文章于 2024-11-03 21:42:49 发布

阅读量2k

点赞数

CC 4.0 BY-SA版权

分类专栏： Pentesting

本文链接：https://blog.youkuaiyun.com/nixawk/article/details/37940091

Pentesting 专栏收录该内容

160 篇文章

订阅专栏

本文介绍了如何在Metasploit环境中使用OpenVAS漏洞扫描器。包括启动OpenVAS服务、连接到OpenVAS服务器、创建和管理目标、配置及任务等操作。

安装openvas后，使用命令openvas_start开启对应的服务。

root@gnu:~# openvas-start
Starting OpenVas Services
Starting Greenbone Security Assistant: gsad.
Starting OpenVAS Scanner: openvassd.
Starting OpenVAS Administrator: openvasad.
Starting OpenVAS Manager: ERROR.

开启服务后，开放端口 9390/9391/9392/9393, 9390 供metasploit的openvas插件使用， 9392可用https://localhost:9392/ 访问图形接口。

root@gnu:~# netstat -ant
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 127.0.0.1:9390          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9391          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9392          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:9393          0.0.0.0:*               LISTEN

下面介绍如何在metasploit环境中使用openvas扫描器

root@gnu:~# msfconsole
_                                                    _
/ \    /\         __                         _   __ /_/ __
| |\ / | _____   \ \           ___   _____ | | / \ _   \ \
| | \/| | | ___\ |- -|   /\    / __\ | -__/ | || | || | |- -|
|_|   | | | _|__ | |_ / -\ __\ \   | |    | | \__/| | | |_
      |/ |____/ \___\/ /\ \\___/   \/     \__|    |_\ \___\

Save your shells from AV! Upgrade to advanced AV evasion using dynamic
exe templates with Metasploit Pro -- type 'go_pro' to launch it now.

       =[ metasploit v4.8.2-2014010101 [core:4.8 api:1.0]
+ -- --=[ 1246 exploits - 678 auxiliary - 198 post
+ -- --=[ 324 payloads - 32 encoders - 8 nops

msf > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*]
[*] OpenVAS integration requires a database connection. Once the
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*]
[*] Successfully loaded plugin: OpenVAS
msf >

msf > openvas_help
[*] openvas_help                  Display this help
[*] openvas_debug                 Enable/Disable debugging
[*] openvas_version               Display the version of the OpenVAS server
[*]
[*] CONNECTION
[*] ==========
[*] openvas_connect               Connects to OpenVAS
[*] openvas_disconnect            Disconnects from OpenVAS
[*]
[*] TARGETS
[*] =======
[*] openvas_target_create         Create target
[*] openvas_target_delete         Deletes target specified by ID
[*] openvas_target_list           Lists targets
[*]
[*] TASKS
[*] =====
[*] openvas_task_create           Create task
[*] openvas_task_delete           Delete a task and all associated reports
[*] openvas_task_list             Lists tasks
[*] openvas_task_start            Starts task specified by ID
[*] openvas_task_stop             Stops task specified by ID
[*] openvas_task_pause            Pauses task specified by ID
[*] openvas_task_resume           Resumes task specified by ID
[*] openvas_task_resume_or_start Resumes or starts task specified by ID
[*]
[*] CONFIGS
[*] =======
[*] openvas_config_list           Lists scan configurations
[*]
[*] FORMATS
[*] =======
[*] openvas_format_list           Lists available report formats
[*]
[*] REPORTS
[*] =======
[*] openvas_report_list           Lists available reports
[*] openvas_report_delete         Delete a report specified by ID
[*] openvas_report_import         Imports an OpenVAS report specified by ID
[*] openvas_report_download       Downloads an OpenVAS report specified by ID

msf > openvas_connect
[*] Usage:
[*] openvas_connect username password host port <ssl-confirm>
msf > openvas_connect admin password localhost 9390 openvas_test
[*] Connecting to OpenVAS instance at localhost:9390 with username admin...
[+] OpenVAS connection successful
msf > openvas_target_list
[+] OpenVAS list of targets

ID Name       Hosts          Max Hosts In Use Comment
-- ----       -----          --------- ------ -------
0   101        192.168.1.101 1          1       localhost-101
1   Localhost localhost      1          0

msf > openvas_config_list
[+] OpenVAS list of configs

ID Name
-- ----
0   empty
1   Full and fast
2   Full and fast ultimate
3   Full and very deep
4   Full and very deep ultimate

msf > openvas_task_create
[*] Usage: openvas_task_create <name> <comment> <config_id> <target_id>
msf > openvas_task_create test001 test001 2 0
[*] OK, resource created: 4158e9ff-d115-4090-9d13-620e7120618b
[+] OpenVAS list of tasks

ID Name     Comment        Status   Progress
-- ----     -------        ------   --------
0   101      localhost-101 Stopped 1
1   test001 test001        New      -1

关于 openvas 的主机管理、任务管理、配置管理、报告管理等，有待大家深入研究。

=================================================
参考链接:
http://resources.infosecinstitute.com/vulnerability-scanning-metasploit-part-2/
http://resources.infosecinstitute.com/vulnerability-scanning-metasploit-part-ii/