Metasploit Framework, the Metasploit Project’s best-known creation, is a software platform for developing, testing, and executing exploits. It can be used to create security testing tools and exploit modules and also as a penetration testing system. It was originally created as a portable network tool in 2003 by HD Moore. It is one of the most popular penetration testing tools among all security researchers and hackers. Apart from penetration testing, this tool also performs a very good vulnerability assessment in network and web applications. It has built-in plug-ins for some famous vulnerability scanners, such as Nessus, Nexpose, OpenVAS, and WMAP.
In this article, we are going to see how to perform vulnerability assessments of network and web applications by using Metasploit built-in plug-ins. First we will start with OpenVAS; before jumping into msfconsole, you have to install OpenVAS in your system. The installation process is given on BackTrack’s official website http://www.backtrack-linux.org/wiki/index.php/OpenVas. Just follow the steps. Now we are moving into our topic, how to perform a vulnerability assessment via OpenVAS.
To run OpenVAS, type in load openvas in msfconsole and it will load and open the VAS plug-in from its database.
Now type in openvas_help and it will show all usage commands for OpenVAS.
We have to connect our OpenVAS to its server by giving the command openvas_connect and it will show the full usage command, which is openvas_connect username password host port <ssl-confirm> for connecting to the server. In my case, the command is openvas_connect rohit toor localhost 9390 ok
As can we can see in the above figure, our OpenVAS connection is successful. Now we will create a target for scanning. The command for creating a target is openvas_target_create <scan name> <target IP> <any comments> . In the below figure, we can see my scan name is windows7 , the target is 192.168.0.101 and the comment is new_scan , so the command is openvas_target_create “windows7” 192.168.0.101 “new_scan”
After creating the target, we want to see the OpenVAS’s scan configuration list, so type in openvas_config_list.
OpenVAS has four types of scan configuration; we will select this as per requirement. Next type in openvas_target_list and it will show your created targets.
Now we have a target and we have also seen the scan configuration, so we will create a task for scanning our target machine.
To create a task, the command is openvas_task_create <scanname> <comment> <scanconfig ID> <targetID>
For example, in the above figure, we type in openvas_task_create windows7 new_scan 3 1
We can see that our task is created and the task ID is 0 for our target machine. Now start the task by typing in openvas_task_start <taskID>. Here we are using openvas_task_start 0
As we can see, after giving the start command, our request is submitted, which means our scan should be starting now. Let us check by typing in open_vas_list and it shows that our scan status is running and progress is 1, meaning 1%.
Just wait for some time and again check the progress.
The progress is now 80%, which means it’s almost complete. When the scan is complete, the progress will show -1. and the status will show “Done.”
Our scan is completed now, so we can download the report; type in openvas_report_list and it will show all reports from its database.
There are several formats for downloading the report. Type in openvas_format_list and it will list all available formats.
After choosing the format, we can download the report by using this command: openvas_report_download <report id> <format id> <path for saving report> <report name>. Here we are using openvas_report_download 1 5 /root/Desktop report
The OpenVAS has a bug in the report format: Whenever I tried to download PDF or XML formats, it gives blank report, so again I download the report in HTML format and this format is working
Great step by step lesson! Very easy to follow along with.
Sorry.
when I run the command , the error happend. I can’t figure out why.
msf > openvas_connect openvas openvas localhost 9390 ok
[*] Connecting to OpenVAS instance at localhost:9390 with username openvas…
[-] Error while running command openvas_connect: OpenVAS OMP: Error in OMP request/response
Call stack:
/opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:531:in `rescue in config_get_all’
/opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:518:in `config_get_all’
/opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:138:in `initialize’
/opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `new’
/opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `cmd_openvas_connect’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run’
/opt/metasploit/apps/pro/msf3/msfconsole:148:in `’
my openvas configuration
openvas-adduser
openvas-mkcert -f
openvas-nvt-sync
openvassd
openvas-mkcert-client
openvasmd –rebuild
openvasad -c ‘add_user’ -n openvas -r Admin
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad –http-only –listen=127.0.0.1 -p 9392
check status of OpenVAS Manager.
#services openvas-manager status | stop | start | restart
Also run OpenVAS check-setup, it shows you which post use OPM (default is 9390)
There must be something wrong.
msf > openvas_connect openvas openvas localhost 9390 ok
[*] Connecting to OpenVAS instance at localhost:9390 with username openvas…
[-] Error while running command openvas_connect: OpenVAS OMP: Error in OMP request/response
Call stack:
/opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:531:in `rescue in config_get_all’
/opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:518:in `config_get_all’
/opt/metasploit/apps/pro/msf3/lib/openvas/openvas-omp.rb:138:in `initialize’
/opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `new’
/opt/metasploit/apps/pro/msf3/plugins/openvas.rb:192:in `cmd_openvas_connect’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:427:in `run_command’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:389:in `block in run_single’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `each’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/dispatcher_shell.rb:383:in `run_single’
/opt/metasploit/apps/pro/msf3/lib/rex/ui/text/shell.rb:200:in `run’
/opt/metasploit/apps/pro/msf3/msfconsole:148:in `’
my configuration
openvas-adduser
openvas-mkcert -f
openvas-nvt-sync
openvassd
openvas-mkcert-client
openvasmd –rebuild
openvasad -c ‘add_user’ -n openvas -r Admin
openvasmd -p 9390 -a 127.0.0.1
openvasad -a 127.0.0.1 -p 9393
gsad –http-only –listen=127.0.0.1 -p 9392
@openvasfih Sorry for the late response. Did you updated your metasploit, If not first update it to the latest version. First remove the older version then install a fresh one from here https://github.com/rapid7/metasploit-framework/wiki/Downloads-by-Version.
thanks Rohit, it’s fixed.
Sorry, could you tell how you fixed this issue ?
I have MSF installed from github, and updated. Ruby is v 2.1.0.
I also get these errors, and is unable to resolve.
Have you ever setup and started openvas ?
I done this by typing :
# openvas-setup
# openvas-start
I am using backtrack so I am not sure if it is required to do this as root
Yes, I have it set up (openvas).
Funny thing, I tried this a while ago (I believe msf v 4.3) where it worked, but now I get this error message (even today with latest msf version 4.10)
The same problem is happening. Who can wipe my tears??