Noirchapeau's Gitbook
Noirchapeau
NoirchapeauEsau
Noirchapeau
NoirchapeauEsau
  • Welcome to NoirChapeau Gitbook
  • Network Mapping and Security Auditing Tool
  • Footprinting - Enumeration and Information Gathering Notes
    • FTP Pentesting Notes
    • SMB Pentesting Notes
    • SSH Pentesting Notes
    • IPMI Pentesting Notes
    • Oracle TNS Pentesting Notes
    • MSSQL Pentesting Notes
    • MySQL Pentesting Notes
    • SNMP Pentesting Notes
    • IMAP/POP3 Pentesting Notes
    • SMTP Pentesting Notes
    • DNS Pentesting Notes
    • NFS Pentesting Notes
  • Web Reconnaissance Notes
  • Vulnerability Assessment Notes
    • Nessus Vulnerability Scanner Notes
    • OpenVAS (GVM) Vulnerability Scanner Notes
  • File Transfer Techniques for Pentesting
    • Advanced File Transfer Techniques
    • File Transfer Detection & Evasion Techniques
  • Shells & Payloads: Shell Overview
    • Shells & Payloads: Payloads Overview
    • Shells & Payloads: Web Shells Overview
    • Shells & Payloads: Detection & Prevention
  • Metasploit
    • Working with Metasploit Modules
    • Targets and Payloads
    • Encoders & Msfvenom: Advanced Exploitation Techniques
    • Database Management in Metasploit
    • Sessions and Jobs
    • Writing and Importing Custom Modules into Metasploit
    • Firewall and IDS/IPS Evasion
  • Password Attacks
    • Remote Password Attacks
    • Windows Local Password Attacks
    • Linux Local Password Attacks
    • Windows Lateral Movement
    • Files & Archives Cracking
    • Password Management
  • Interacting with Common Services
    • Protocol Specific Attacks
Powered by GitBook
On this page
  • Installation and Initial Setup
  • Basic Installation
  • Post-Installation Tasks
  • Scan Configuration
  • 1. Target Setup
  • 2. Scan Profiles
  • 3. Authentication Setup
  • Running Scans
  • 1. Basic Scan Setup
  • 2. Advanced Scan Options
  • Results Analysis
  • 1. Viewing Results
  • 2. Export Commands
  • Best Practices
  • 1. Pre-Scan Checklist
  • 2. Performance Optimization
  • 3. Resource Management
  • Troubleshooting
  • 1. Common Issues
  • 2. Debug Commands
  • Maintenance
  • 1. Regular Tasks
  • 2. Database Management
  • Security Considerations
  • 1. Scanner Security
  • 2. Safe Scanning
  • 3. Compliance Integration
  • Integration Options
  • 1. API Usage
  • 2. Automation
  1. Vulnerability Assessment Notes

OpenVAS (GVM) Vulnerability Scanner Notes

Installation and Initial Setup

Basic Installation

# Update system
sudo apt update && sudo apt upgrade

# Install GVM and OpenVAS
sudo apt install gvm openvas

# Run initial setup (takes ~30 minutes)
gvm-setup

# Start OpenVAS
gvm-start

Post-Installation Tasks

1. Access web interface: https://localhost:9392
2. Default credentials: admin/admin
3. Change default password immediately
4. Verify NVT feed is updated

Scan Configuration

1. Target Setup

Navigate: Configurations > Targets

Target Configuration Options:
1. Single host: 192.168.1.1
2. Multiple hosts: 192.168.1.1, 192.168.1.2
3. Range: 192.168.1.1-192.168.1.254
4. CIDR: 192.168.1.0/24

2. Scan Profiles

Available Configurations:

1. Base
   - Purpose: Host/OS enumeration
   - No vulnerability checks
   
2. Discovery
   - Purpose: Service/hardware/port detection
   - Software enumeration
   - No vulnerability checks
   
3. Host Discovery
   - Purpose: Host alive check
   - Ping only
   - No vulnerability checks
   
4. System Discovery
   - Purpose: Detailed OS/hardware info
   - More comprehensive than Discovery
   
5. Full and Fast
   - Purpose: Complete vulnerability scan
   - Optimized NVT checks
   - Port-based vulnerability testing

3. Authentication Setup

Credentials Configuration:
1. SSH (Linux):
   - Username/Password
   - Public key authentication
   
2. SMB (Windows):
   - Domain
   - Username
   - Password
   
3. ESXi:
   - Username
   - Password

Running Scans

1. Basic Scan Setup

Steps:
1. Navigate to Scans tab
2. Click "Wizard" icon
3. Select target(s)
4. Choose scan configuration
5. Set schedule (if needed)
6. Start scan

2. Advanced Scan Options

Configure:
1. Port Range:
   - Default
   - All ports
   - Custom range

2. Timing:
   - Concurrent IPs
   - Concurrent checks
   - Network timeout

3. QoS:
   - Scan intensity
   - Auto-adjust

Results Analysis

1. Viewing Results

Navigate: Scans > Reports

Information Available:
1. Host Details
   - OS information
   - Open ports
   - Running services
   
2. Vulnerabilities
   - Severity levels
   - CVE references
   - CVSS scores
   
3. Compliance
   - Policy checks
   - Failed rules

2. Export Commands

# Export to XML
gvm-cli --protocol OSP export_report --report-id <report-id> --format xml > report.xml

# Available formats:
- XML
- PDF
- CSV
- TXT
- ITG

Best Practices

1. Pre-Scan Checklist

1. Verify target accessibility
2. Check credentials
3. Confirm scan window
4. Test network connectivity
5. Verify system resources

2. Performance Optimization

Scan Settings:
1. Adjust concurrent checks
2. Set appropriate timeouts
3. Configure host alive test
4. Optimize port scanning

3. Resource Management

Monitor:
1. Scanner CPU usage
2. Network bandwidth
3. Target system load
4. Disk space for results

Troubleshooting

1. Common Issues

Connection Problems:
1. Check firewall rules
2. Verify target availability
3. Test authentication
4. Review SSL/TLS settings

Performance Issues:
1. Reduce concurrent scans
2. Adjust timeout values
3. Check system resources
4. Optimize scan scope

2. Debug Commands

# Check service status
systemctl status gvmd
systemctl status ospd-openvas

# View logs
tail -f /var/log/gvm/gvmd.log
tail -f /var/log/gvm/ospd-openvas.log

# Test connectivity
nc -vz target_ip port

Maintenance

1. Regular Tasks

# Update NVT feed
greenbone-nvt-sync

# Update SCAP data
greenbone-scapdata-sync

# Update CERT data
greenbone-certdata-sync

2. Database Management

# Backup database
gvmd --backup

# Restore database
gvmd --restore

Security Considerations

1. Scanner Security

1. Regular updates
2. Strong authentication
3. Access control
4. Network isolation
5. Log monitoring

2. Safe Scanning

1. Use "Full and Fast" profile
2. Enable safe checks
3. Schedule during maintenance
4. Monitor target health
5. Document exceptions

3. Compliance Integration

Map findings to:
1. PCI DSS
2. HIPAA
3. ISO 27001
4. Custom policies

Integration Options

1. API Usage

# Basic API request
curl -k -H "X-API-KEY: your-api-key" \
  https://localhost:9392/gmp \
  -d "<get_tasks/>"

2. Automation

Automate:
1. Scan scheduling
2. Report generation
3. Result analysis
4. Remediation tracking
PreviousNessus Vulnerability Scanner NotesNextFile Transfer Techniques for Pentesting