OpenVAS
Vulnerability Assessment
Group 5
Igibek Koishybayev;Yingchao Zhu
ChenQian; XingyuWu; XuZhuo Zhang
OpenVAS

The Open Vulnerability Assessment System (OpenVAS)
is a framework of several services and tools offering a
comprehensive and powerful vulnerability scanning and
vulnerability management solution.

Founded 1999, Osnabrück, Germany
Why Vulnerability Assessment?
Unnecessary open shares
 Unused user accounts
 Unnecessary open ports
 Rogue devices connected to your systems
 Dangerous script configurations
 Servers allowing use of dangerous protocols
 Incorrect permissions on important system files
 Running of unnecessary, potentially dangerous services

Architecture

Core: Network Vulnerability Tests (NVTs), the security scanner
accompanied with a daily updated feed
OpenVAS Elements:

OpenVAS Software (Server, Client,VulerabilityTests): GNU General Public

OpenVAS Management tools

NVT(Network Vulnerability Tests) Feed service: daily updated tests,
unrestricted access
Feature overview
OpenVAS Scanner
 Many target hosts are scanned concurrently
 OpenVAS Transfer Protocol (OTP)
 SSL support for OTP (always)
 WMI support (optional)
OpenVAS Manager
 OpenVAS Management Protocol (OMP)
 SQL Database (sqlite) for configurations and scan
results
 SSL support for OMP (always)
 Many concurrent scans tasks (many OpenVAS
Scanners)
 Notes management for scan results
 False Positive management for scan results
 Scheduled scans
 Master-Slave Mode to control many instances from a
central one
 Reports Format Plugin Framework with various
plugins for: XML, HTML, LateX, etc.
Greenbone Security Assistant (GSA)

Client for OMP and OAP

HTTP and HTTPS

Web server on its own (microhttpd), thus no extra web
server required

Integrated online-help system

Multi-language support
OpenVAS CLI

Client for OMP

Runs on Windows, Linux, etc.

Plugin for Nagios
Sample Test Report
Lab Generation
1. Setting up and Pre-work
Get familiar with the OpenVAS software/Backtrack/CentOS
System.
 Learn some successful examples using OpenVAS in the past.
 Learn some leak patterns.
 Set up the environment for the test

Lab Generation
2. Find targets
Software-Based
• Create our own mailbox application
• Use the real mailbox application with open source
--Protocol: SMTP(send)/IMAP(receive)/POP3(receive)
Lab Generation
2. Find targets
Web-Based
• Open Source Web Browser (EX: The Chromium
Projects)
• Server with some vulnerabilities (EX: old version CGI)
Lab Generation
3. Penetration Test/Problem solve
• Using OpenVAS to do the test, find some
vulnerabilities of the software/web browser/server
• Attack the software/web browser/server
• Try to fix the vulnerability
Lab Generation
4. Re-test
• Retest using OpenVAS after leaks fixing
• Attack again to check if the vulnerabilities are solved
Lab Generation
5. Report
• Give a detailed idea of these assessment
• Give a tutorial of how to use the OpenVAS for the
assessment
Extra Points (if time permitted)
• Develop the mobile platform application to do the
whole process above
Thank you
&
Happy Hacking!