diff --git a/8 Tools/OpenVAS/OpenVAS S.O.P..pdf b/8 Tools/OpenVAS/OpenVAS S.O.P..pdf new file mode 100644 index 0000000..1d1b9e2 Binary files /dev/null and b/8 Tools/OpenVAS/OpenVAS S.O.P..pdf differ diff --git a/8 Tools/OpenVAS/OpenVas SOP.md b/8 Tools/OpenVAS/OpenVas SOP.md new file mode 100644 index 0000000..d3c108e --- /dev/null +++ b/8 Tools/OpenVAS/OpenVas SOP.md @@ -0,0 +1,141 @@ +### ~ Cpl Potter, Nicholas + +### This is the SOP for setting up OpenVas + +## Installing OpenVas via Terminal + +1. Install VMware Kali Linux from [Kali's Website](https://www.kali.org/get-kali/#kali-virtual-machines "https://www.kali.org/get-kali/#kali-virtual-machines") +2. Run commands to make sure your Kali instance is up to date before installing OpenVas (You will need an internet connection to run these properly) + ```bash + sudo apt update + ``` + +```bash + sudo apt upgrade -y +``` + - The -y will push a Yes to any user input prompts + +```bash + sudo apt dist-upgrade -y +``` + +```bash + sudo apt install openvas + ``` + +### OpenVas is now installed now we have to setup the web interface + +```bash + sudo gvm-check-setup + ``` + + (This will verify the installation)  +![alt text](check-setup.png) + ```bash + sudo gvm-setup + ``` + + - If gvm-setup does not work you will need to upgrade postgresql + ```bash + sudo pg_lsclusters +``` + +(If you have 2 versions shown follow the rest) ![alt text](lsclusters.png) +```bash + sudo pg_dropcluster 'enter the newest version number' main --stop +``` + +```bash + sudo pg_upgradecluster 'enter the older versions number' main +``` + +```bash + sudo pg_dropcluster 'enter the old version number' main +``` + +```bash + sudo apt purge postgresql-client-15 +``` + +- now try running sudo gvm-setup + +## Starting and stopping OpenVas + +```bash + sudo gvm-start +``` + (Starts the web interface) +2. open browser and navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392") 127.0.0.1:9392 + - Will bring you to a greenbone login screen +```bash + sudo gvm-stop +``` + (Stops the web interface) + +## Creating Users + +1. In your terminal +```bash + sudo runuser -u _gvm -- gvmd --create-user=username --new-password=password +``` + +- This command will generate a hash value for the password which will be used to login to the web interface ![alt text](NewUser.png) + +## Changing Password to Standard + +1. Navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392") +2. Login with your created username and the hashed password generated from the terminal + - DO NOT LOSE THE HASHED PASSWORD +3. Click on the person in the top right corner and click my settings ![alt text](person.png) +4. On the My Settings page click the Pen and Paper in the top left above the Gear ![alt text](PenAndPaper.png) +5. Enter the Hashed Password in the Old text box and your Standard Password in the New and Confirm boxes ![alt text](PasswordBox.png) +6. Click save and log back in using new password + +# Making Web Interface Accessible from Internal Network + +1. Stop the web service + + ```bash + sudo gvm-stop + ``` + +2. Make sure your workstation IP is the IP you want your web interface to have. ![alt text](openvasip.png) + +3. Use your preferred text editor in terminal and navigate to /usr/lib/systemd/system/greenbone-security-assistance.service ![alt text](vim.png) + +4. Once in the text editor, go down to the ExecStart line and change the IP from loopback (127.0.0.1) to 0.0.0.0. Leave the port alone. ![alt text](IPchange.png) + +5. Exit and save changes to that file then reload the daemon + + ```bash + sudo systemctl daemon-reload + ``` + +6. Start the web interface and if your workstation is in the Networks IP range you can access the Web Interface IP. + + ```bash + sudo gvm-start + ``` + +# Creating Targets + +1. Access the webserver for [Openvas](https://127.0.0.1:9392/ "https://127.0.0.1:9392") ![alt text](Dashboard.png) + +2. Hover over the Configuration tab and click on Targets ![alt text](Targets.png) + +3. Once on the Targets page select the Paper with the star on it in the top left to create a new target ![alt text](newtarget.png) + +4. A screen will pop up. Give it a descriptive name for the target range, add comments if necessary, put the network range in **x.x.x.x/xx** format and select the Port Range to scan from then click save. + _Port ranges will be made later_ + + ![alt text](targetinfo.png) + + +# Creating Port Lists + +1. Follow Step 1-3 from creating a target **(Selecting Port Lists instead of Targets on Step 2)** + +2. Put a descriptive name and a comment if needed. Then fill in your port range **(This field will give you an example of how to define your port ranges T:xx-xx,xx,U:xx-xx,xx)** Then click save + + +![alt text](newportlist.png) \ No newline at end of file