Kickin' VAS with OpenVAS!
Looking for a scanner to replace Nessus? Look no furtherBy JimmyRay
Twitter can be used for a bunch of useless, time killing things. Things like what a goober celebrity thinks of grooming a cat with a dog brush or the endless string of folks posting lines to songs. OK, I get it! you like Spandau Ballet (UNFOLLOW). If you follow me on Twitter, I also do my fair share (and then some) of stupid tweets. From my love affair with In N Out Burger and Popeye's Chicken to the ramblings of a sleep deprived, caffeine fueled mind.
The real reason I tweet is so I can share technical info I find doing research or stuff I come across in the field and hopefully glean some back from others. Stuff like cool tools or bugs, etc. Twitter is great for honest real time information. The other day, I got a tweet from one of my favs and highly recommended follow; Charles Wyble (twitter handle:charlesnw) Now ole Charles is a smart Dude even if he disagrees with me on fireworks... He's from SoCal so I cut him some slack. We trade info back and forth all the time. He sent me a tweet and asked if I have tried OpenVAS yet. At first I thought he meant OpenVMS and I thought, ummmm...yeah Dude back in the 90's love that DCL! (I still believe that OpenVMS clustering is some of the best out there)
A quick trip to http://www.openvas.org/ made me start to see why Charles was so jammed on this code base. OpenVAS is a fork of the infamous Nessus project and at one time was called GNessus. Instead of downloading it, I took a short cut and just config'ed it up on my BackTrack4 machine. http://www.backtrack-linux.org/downloads/ I have seen OpenVAS in the BackTrack4 menu options before but I am not to big on noisy scanners. I do more with NMAP Metasploit and W3af but when it comes to a broad noisy assessment, customers (goober managers and bean counters) like the cool print outs that Nessus along with some custom NASL scripts gives me. However with Nessus going to a commercial licensing model folks like me have been using version 2.2 for a loooooooooong time! I can use a replacement for sure. To be honest, I ain't paying for Nessus when I can pay Core Impact.
Come on OpenVAS!!!
OpenVAS is a client-server design, which I like for a vuln scanner. There are 3 mandatory components; Client, Server and Libraries plus two optional modules but you also should install; administrator and management. Remember OpenVAS is a fork of Nessus so some of the stuff you already know carries over. The only real OpenVAS bummer is that is has quite a few dependencies and it is not packaged. Being integrated in BT4 is just what I am looking for to keep out of dependency jail which is equal to discussing politics with your in-laws.
I started config'ing. The documentation for developing on OpenVAS is excellent, getting it up and going is a different animal. Lucky for me there is a great You Tube video on getting OpenVAS up and kicking by a Dude named; H34dcr4b http://www.youtube.com/watch?v=wpVSdXfmAYU plus he has some...other things you may like...
After getting the server started; which can take some time depending upon how many Network Vulnerability Test (NVT) you have. NVT's are kinda like NASL scripts which is very cool since I do not have to learn a new methodology for scripting. NASL sucks enough as it is. I launched the client and connected to the server on port 9390. The GUI interface is very nice, snappy and super easy to use.
I used the client scan assistant tool to run a few test in safe mode. I ran the MS RPC buffer overflow, A bunch of PHP test because I loathe PHP, SPAM and DNS Zone Transfers. OpenVAS passed with flying colors. I am still testing a few other things but I think I have found my new scanner! I am very impressed with OpenVAS and can see why Charles was so pumped up about it. I would highly recommend any security geek type person to give OpenVAS a test drive. It has a strong community behind it and I believe it is going to keep getting better and better.
Now it is time for me Tweet about my breakfast cereal choice this morning and how I like to spell out network terms with my Alpha Bits...I just wish they had a hexadecimal version...
Jimmy Ray Purser
Trivia File Transfer Protocol
The saltiest lake in the world is not the Dead Sea it is actually Lake Asaal in Djibouti. Man, I wish it was in a place I know how to pronounce..