kali工具箱

openvas-scanner Package Description

The Open Vulnerability Assessment System is a modular security auditing tool, used for testing remote systems for vulnerabilities that should be fixed. It is made up of two parts: a scan server, and a client. The scanner/daemon, openvassd, is in charge of the attacks, whereas the client, OpenVAS-Client, provides an X11/GTK+ user interface. This package provides the scanner.

openvas-scanner Homepage | Kali openvas-scanner Repo

Author: OpenVAS
License: GPLv2

Tools included in the openvas-scanner package

greenbone-nvt-sync – Updates the OpenVAS security checks

Updates the OpenVAS security checks from Greenbone Security Feed.

openvas-adduser – Add an OpenVAS user

Add a user in the openvassd userbase.

openvas-mkcert – Creates a scanner certificate

Creates a scanner certificate.

openvas-mkcert-client – Create SSL client certificates for OpenVAS

[email protected]:~# openvas-mkcert-client -h

Usage:

  openvas-mkcert-client [OPTION...] - Create SSL client certificates for OpenVAS.



Options:

  -h           Display help

  -n <name>    Run non-interactively, create certificates for user <name>

               and register user <name> with the OpenVAS scanner

  -i           Install client certificates for use with OpenVAS manager

openvas-nvt-sync – Sync NVTs using different protocols

[email protected]:~# openvas-nvt-sync --help

/usr/sbin/openvas-nvt-sync: Sync NVTs using different protocols

 --rsync    sync with rsync (default)

 --wget     sync with wget

 --curl     sync with curl

 --check    just checksum check

OpenVAS administrator functions:

 --selftest  perform self-test

 --identify  display information

 --version   display version

 --describe  display current feed info

 --feedversion   display current feed version info

 --nvt-dir <dir> set directory of the NVT collection for this run

 --migrate-to-private   migrate unsigned files to private directory



Environment variables:

NVT_DIR     where to extract plugins (absolute path)

PRIVATE_SUBDIR  subdirectory of $NVT_DIR to migrate unsigned files to

OV_RSYNC_FEED   URL of rsync feed

OV_HTTP_FEED    URL of http feed

TMPDIR      temporary directory used to download the files

Note that you can use standard ones as well (e.g. http_proxy) for wget/curl

openvas-rmuser – Removes an OpenVAS user

Removes a user from the openvassd userbase.

openvassd – The OpenVAS scanner

[email protected]:~# openvassd --help

Usage:

  openvassd [OPTION...] - Scanner of the Open Vulnerability Assessment System



Help Options:

  -h, --help                      Show help options



Application Options:

  -V, --version                   Display version information

  -f, --foreground                Do not run in daemon mode but stay in foreground

  -a, --listen=<address>          Listen on <address>

  -S, --src-ip=<ip[,ip...]>       Send packets with a source IP of <ip[,ip...]>

  -p, --port=<number>             Use port number <number>

  -c, --config-file=<.rcfile>     Configuration file

  -q, --quiet                     Quiet (do not issue any messages to stdout)

  -s, --cfg-specs                 Print configuration settings

  -y, --sysconfdir                Print system configuration directory (set at compile time)

  -C, --only-cache                Exit once the NVT cache has been initialized or updated

openvas-adduser Usage Example

[email protected]:~# openvas-adduser

Using /var/tmp as a temporary file holder.



Add a new openvassd user

---------------------------------





Login : dookie

Authentication (pass/cert) [pass] : 

Login password : 

Login password (again) : 



User rules

---------------

openvassd has a rules system which allows you to restrict the hosts that dookie has the right to test.

For instance, you may want him to be able to scan his own host only.



Please see the openvas-adduser(8) man page for the rules syntax.



Enter the rules for this user, and hit ctrl-D once you are done:

(the user can have an empty rules set)





Login             : dookie

Password          : ***********



Rules             : 





Is that ok? (y/n) [y] y

user added.

openvas-nvt-sync Usage Example

[email protected]:~# openvas-nvt-sync

[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.

[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.

[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.

[i] NVT dir: /var/lib/openvas/plugins

[i] Will use rsync

[i] Using rsync: /usr/bin/rsync

[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed

[w] Private directory '/var/lib/openvas/plugins/private' not found.

[w] Non-feed NVTs not migrated there will be deleted by rsync.

Run migration now ([y/n], any other input aborts)? y

openvas-rmuser Usage Example

[email protected]:~# openvas-rmuser dookie

user removed.

openvassd Usage Example

Start the OpenVAS scanner daemon in the foreground (-f) on 192.168.1.202 (-a 192.168.1.202), port 8888 (-p 8888):

[email protected]:~# openvassd -f -a 192.168.1.202 -p 8888

All plugins loaded