using a vulnerability scanner in it’s graphical interface is not a hard thing and all the pen-testers are able to do it while in this post we’ll practice on a different and easy exercise which is using a vulnerability management tool in the CLI mode from inside a great exploiting framework like Metasploit.
Based on some pen-testers experiences, using any security tool (in this example it is a vulnerability scanning tool) in it’s command mode is preferable specially if the system used in the pentesting purposes is non accessible by it’s graphical interface or even web access to this tool and only ssh/telnet is available (and either they don’t want to use vnc) also using the security tool in cli most probably provides more speed, reliability and flexibility.
What is OpenVAS
The Open Vulnerability Assessment System (OpenVAS) is an open source framework with several services provide a vulnerability scanning and management solutions.
Steps for using OpenVAS inside Metasploit
Metasploit has a module allows you to connect to OpenVAS server, in the following it’s explained in details how to use this module to perform vulnerability scans on a specific targets then downloading the scan results in a various kind of reports.
Opening Metasploit framework
as we knew before from this post we’ll open the Metasploit console using the command msfconsol
Loading OpenVAS plugin
we’ll load the OpenVAS module using the command load openvas , note that this module will provide you the basic features of openVAS not all the features.
Connect to OpenVAS
once the plugin is loaded successfully as mentioned in the below image you should connect to openVAS server using the command openvas_connect <username> <password> <OpenVAS server IP> <Port>
if the OpenVAS installed on a different system other the metasploit installed on then you should add the server’s IP while usually both are installed on the same system so we’ll add localhost or 127.0.0.1
you can list all the commands provided by the plugin , they are all starting with openvas_ as the following
Create a new targets
once you have connected successfully to the openVAS server as mentioned before, now you can start creating your target list using the command openvas_target_create <scan name> <target IP> <any comments>
Create a new scan task
at the following steps we’ll create a scan task adding in it the configured targets and choosing the scan mode.
we have 4 available scan modes as mentioned below.
the following step is how to create a scan task, you’ll add the config_id from the list mentioned previously and the id of the target that you created before
Starting a scan task
you can start a configured before scan with the command openvas_task_start <task ID>
Listing the scan tasks
to check the scan progress or even list the old scans use the command openvas_task_list
and the below is the list of scans when our scan has been done.
Listing the scan reports
once the scan has been finished it’s result is added in a report and can be found in the list of reports, use openvas_report_list command to list all the reports
you have the 7 report formats mentioned below and can be listed with the command openvas_format_list
you can download a report with various format types using the command openvas_report_download <report_id> <format_type> <path_of_the_download> <report_name>
following images shows how you open the OpenVAS in the gui mode in kali linux, and you’ll find all the scans made via the openvas module inside the metasploit.