viernes, 20 de septiembre de 2013

HOWTO: Installing GoLismero + OpenVAS


What's this post about?

In this first HOWTO we'll explain how to integrate the OpenVAS  vulnerability scanner with GoLismero.

What is OpenVAS?

OpenVAS was branched from the early versions of Nessus, as a way to provide a free alternative for vulnerability analysis.

Both OpenVAS and Nessus are mostly focused on the detection of missing patches and outdated software that may have security issues.

The trouble with OpenVAS

If you've ever attempted to install and try out OpenVAS on your own, you'll know it can get quite messy, as you have to:
  • Configure and install several daemons...
  • Create and manager users...
  • Generate and configure certificates...
  • Install a gazillion dependencies...
The folks from OpenVAS know all this and, luckily, help us out by providing a ready-to-use virtual machine with everything preinstalled and configured. In this post we'll explain how to install this virtual machine and configure GoLismero to use it.

Installing OpenVAS

Downloading the virtual machine

There are several available virtual machines for download at the OpenVAS website, one of each version of the scanner. GoLismero currently requires the latest version: OpenVAS 6. So that's the one we must pick for download.

You can get the VM image directly from this link: http://openvas-mirror.binarysignals.net/OpenVAS-6-DEMO-1.0.ova

Installing the virtual machine

The virtual machine file is in OVA format, following the OVF (Open Virtualization Format) standard, and can be imported directly from Virtualbox..

Let's open up VirtualBox and import the virtual machine:


Just follow the wizard instructions until the process is complete. Once that's over you should see the OpenVAS virtual machine in the VirtualBox VM Manager:

Configuring the virtual machine

Although we said earlier that the virtual machine is ready to use, in reality it's best to do some tweaking first:

Adding a host-only network interface

In order to be able to connect to OpenVAS from your computer you'll need to add a new virtual network interface to the VM. By default it's configured with a single network interface in NAT mode, which is good enough for connecting to the Internet from the VM, but won't let you connect back to the VM. 

To solve this we must follow these steps:

1 - Open the VM Configuration pane.


2 - Add a new network interface, pick the "Host-Only Adapter" attachment.

Changing the root password

This is not required for OpenVAS to work, but it's a good idea not to leave the root password blank. For this we must start up the VM and log in with the default username and password (openvas/openvas). 

Now we have to log in as root using the "su" command. Like we said the root password is blank right now, so at the password prompt just hit "enter".

Finally we change the password with the "passwd" command.

Updating OpenVAS

We'll want the latest version of all plugins, to improve the detection of vulnerabilities. For that, we must run the following command as root:
openvas-nvt-sync

Acessing the control panel

As a last step we'll find out the IP address of the VM and make sure we can access it by logging in to the control panel.

* The user/password combination to access the control panel is: admin/admin.

First, we'll log in to the VM as root and list the network interfaces with the "ifconfig" command:
If we don't see any network interfaces with an IP address in the form 192.168.x.x (should normally be the eth1 interface) we must run the ifconfig again with the -a flag:
ifconfig -a
Once we located the network interface we'll force it to get an IP address using DHCP:
dhclient eth1 
After that we should be able to see the IP address by running the "ifconfig" command again normally.

In this example we can see the assigned IP address of the host-only network interface is 192.168.51.101.

Open a browser and navigate to:

https://192.168.51.101

The control panel login page should appear. We log in with the username and password: admin/admin. We should now be seeing the OpenVAS control panel.

Integration with GoLismero 2.0

Now that we finished setting up OpenVAS, we just need to integrate it with GoLismero.

To install GoLismero and learn its use you can check out the README at the Github repository: https://github.com/golismero/golismero

Configuring over the command line

Let's see what arguments are taken by the OpenVAS plugin with the following command:
python golismero.py info openvas
Since by default the plugin uses the "admin/admin" user and password combination and port number 9390 just like the VM, we won't have to change anything here.

All we need to do is tell GoLismero the IP address of our VM. For this we can write:
python golismero.py -a openvas:host=192.168.51.101 -e openvas -o report.html TARGET
The -a option tells the OpenVAS plugin what IP address to connect to, and the -e option tells GoLismero to only run the OpenVAS plugin. (If you omit -e a full scan will be run instead). The -o option tells GoLismero to produce an HTML report when the scan is finished.

Persisting the settings in the configuration file

It would be rather uncomfortable to have to specify the IP address of OpenVAS every time we run GoLismero, so we'll store the IP address in the configuration file instead.

The main configuration file, golismero.conf, is located in the root of the GoLismero directory, and already has several settings ready to use and comment lines explaining each one of them, like a mini tutorial. One such case is the OpenVAS configuration section. We'll uncomment the relevant lines and fill in the IP address:


From now on GoLismero will connect to 192.168.56.101 whenever you command it to launch an OpenVAS scan.