Kickin' VAS with OpenVAS!
Looking for a scanner to replace Nessus? Look no further
By JimmyRay on Thu, 03/04/10 - 11:11am.Twitter can be used for a bunch of useless, time killing things. Things like what a goober celebrity thinks of grooming a cat with a dog brush or the endless string of folks posting lines to songs. OK, I get it! you like Spandau Ballet (UNFOLLOW). If you follow me on Twitter, I also do my fair share (and then some) of stupid tweets. From my love affair with In N Out Burger and Popeye's Chicken to the ramblings of a sleep deprived, caffeine fueled mind.
The real reason I tweet is so I can share technical info I find doing research or stuff I come across in the field and hopefully glean some back from others. Stuff like cool tools or bugs, etc. Twitter is great for honest real time information. The other day, I got a tweet from one of my favs and highly recommended follow; Charles Wyble (twitter handle:charlesnw) Now ole Charles is a smart Dude even if he disagrees with me on fireworks... He's from SoCal so I cut him some slack. We trade info back and forth all the time. He sent me a tweet and asked if I have tried OpenVAS yet. At first I thought he meant OpenVMS and I thought, ummmm...yeah Dude back in the 90's love that DCL! (I still believe that OpenVMS clustering is some of the best out there)
A quick trip to http://www.openvas.org/ made me start to see why Charles was so jammed on this code base. OpenVAS is a fork of the infamous Nessus project and at one time was called GNessus. Instead of downloading it, I took a short cut and just config'ed it up on my BackTrack4 machine. http://www.backtrack-linux.org/downloads/ I have seen OpenVAS in the BackTrack4 menu options before but I am not to big on noisy scanners. I do more with NMAP Metasploit and W3af but when it comes to a broad noisy assessment, customers (goober managers and bean counters) like the cool print outs that Nessus along with some custom NASL scripts gives me. However with Nessus going to a commercial licensing model folks like me have been using version 2.2 for a loooooooooong time! I can use a replacement for sure. To be honest, I ain't paying for Nessus when I can pay Core Impact.
Come on OpenVAS!!!
OpenVAS is a client-server design, which I like for a vuln scanner. There are 3 mandatory components; Client, Server and Libraries plus two optional modules but you also should install; administrator and management. Remember OpenVAS is a fork of Nessus so some of the stuff you already know carries over. The only real OpenVAS bummer is that is has quite a few dependencies and it is not packaged. Being integrated in BT4 is just what I am looking for to keep out of dependency jail which is equal to discussing politics with your in-laws.
I started config'ing. The documentation for developing on OpenVAS is excellent, getting it up and going is a different animal. Lucky for me there is a great You Tube video on getting OpenVAS up and kicking by a Dude named; H34dcr4b http://www.youtube.com/watch?v=wpVSdXfmAYU plus he has some...other things you may like...
After getting the server started; which can take some time depending upon how many Network Vulnerability Test (NVT) you have. NVT's are kinda like NASL scripts which is very cool since I do not have to learn a new methodology for scripting. NASL sucks enough as it is. I launched the client and connected to the server on port 9390. The GUI interface is very nice, snappy and super easy to use.
I used the client scan assistant tool to run a few test in safe mode. I ran the MS RPC buffer overflow, A bunch of PHP test because I loathe PHP, SPAM and DNS Zone Transfers. OpenVAS passed with flying colors. I am still testing a few other things but I think I have found my new scanner! I am very impressed with OpenVAS and can see why Charles was so pumped up about it. I would highly recommend any security geek type person to give OpenVAS a test drive. It has a strong community behind it and I believe it is going to keep getting better and better.
Now it is time for me Tweet about my breakfast cereal choice this morning and how I like to spell out network terms with my Alpha Bits...I just wish they had a hexadecimal version...
Jimmy Ray Purser
Trivia File Transfer Protocol
The saltiest lake in the world is not the Dead Sea it is actually Lake Asaal in Djibouti. Man, I wish it was in a place I know how to pronounce..
- About Networking Geek to Geek
Jimmy Ray Purser is the technical co-host for Cisco's TechWise and BizWise TV. Jimmy Ray also conducts advanced training for engineers across North America and Europe and regularly speaks at industry conferences such as VON, CeBIT, N+I, and Networkers. As a field engineer, Jimmy Ray experiences networking first hand behind the console or in the rack. He is an active member in the IEEE and the Ethernet Alliance and has designed, installed and tested numerous networks for Fortune 500 companies, the United States military and other institutions worldwide. He holds 3 U.S. patents for Ethernet security algorithms with two others pending and one defensive publication, as well as numerous other vendor certifications in networking and security.
Purser holds a Bachelor of Science degree in electrical engineering from Southern Illinois University is currently pursuing a master of science degree in electrical engineering.
Most Discussed Posts
-
Network World, Inc
The Connected Enterprise