matthew/DCO-SOGs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload files to "8 Tools/OpenVAS"

Browse Source
This commit is contained in:
Matthew Iverson
2024-10-27 00:00:26 -04:00
parent 8383f3a848
commit 8e06a6ca15
2 changed files with 141 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
8 Tools/OpenVAS/OpenVAS S.O.P..pdf Normal file
View File

Binary file not shown.

141
8 Tools/OpenVAS/OpenVas SOP.md Normal file
View File

@ -0,0 +1,141 @@
### ~ Cpl Potter, Nicholas
### This is the SOP for setting up OpenVas
## Installing OpenVas via Terminal
1. Install VMware Kali Linux from [Kali's Website](https://www.kali.org/get-kali/#kali-virtual-machines "https://www.kali.org/get-kali/#kali-virtual-machines")
2. Run commands to make sure your Kali instance is up to date before installing OpenVas (You will need an internet connection to run these properly)
```bash
sudo apt update
```
```bash
sudo apt upgrade -y
```
- The -y will push a Yes to any user input prompts
```bash
sudo apt dist-upgrade -y
```
```bash
sudo apt install openvas
```
### OpenVas is now installed now we have to setup the web interface
```bash
sudo gvm-check-setup
```
(This will verify the installation) 
![alt text](check-setup.png)
```bash
sudo gvm-setup
```
- If gvm-setup does not work you will need to upgrade postgresql
```bash
sudo pg_lsclusters
```
(If you have 2 versions shown follow the rest) ![alt text](lsclusters.png)
```bash
sudo pg_dropcluster 'enter the newest version number' main --stop
```
```bash
sudo pg_upgradecluster 'enter the older versions number' main
```
```bash
sudo pg_dropcluster 'enter the old version number' main
```
```bash
sudo apt purge postgresql-client-15
```
- now try running sudo gvm-setup
## Starting and stopping OpenVas
```bash
sudo gvm-start
```
(Starts the web interface)
2. open browser and navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392") 127.0.0.1:9392
- Will bring you to a greenbone login screen
```bash
sudo gvm-stop
```
(Stops the web interface)
## Creating Users
1. In your terminal
```bash
sudo runuser -u _gvm -- gvmd --create-user=username --new-password=password
```
- This command will generate a hash value for the password which will be used to login to the web interface ![alt text](NewUser.png)
## Changing Password to Standard
1. Navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392")
2. Login with your created username and the hashed password generated from the terminal
- DO NOT LOSE THE HASHED PASSWORD
3. Click on the person in the top right corner and click my settings ![alt text](person.png)
4. On the My Settings page click the Pen and Paper in the top left above the Gear ![alt text](PenAndPaper.png)
5. Enter the Hashed Password in the Old text box and your Standard Password in the New and Confirm boxes ![alt text](PasswordBox.png)
6. Click save and log back in using new password
# Making Web Interface Accessible from Internal Network
1. Stop the web service
```bash
sudo gvm-stop
```
2. Make sure your workstation IP is the IP you want your web interface to have. ![alt text](openvasip.png)
3. Use your preferred text editor in terminal and navigate to /usr/lib/systemd/system/greenbone-security-assistance.service ![alt text](vim.png)
4. Once in the text editor, go down to the ExecStart line and change the IP from loopback (127.0.0.1) to 0.0.0.0. Leave the port alone. ![alt text](IPchange.png)
5. Exit and save changes to that file then reload the daemon
```bash
sudo systemctl daemon-reload
```
6. Start the web interface and if your workstation is in the Networks IP range you can access the Web Interface IP.
```bash
sudo gvm-start
```
# Creating Targets
1. Access the webserver for [Openvas](https://127.0.0.1:9392/ "https://127.0.0.1:9392") ![alt text](Dashboard.png)
2. Hover over the Configuration tab and click on Targets ![alt text](Targets.png)
3. Once on the Targets page select the Paper with the star on it in the top left to create a new target ![alt text](newtarget.png)
4. A screen will pop up. Give it a descriptive name for the target range, add comments if necessary, put the network range in **x.x.x.x/xx** format and select the Port Range to scan from then click save.
_Port ranges will be made later_
![alt text](targetinfo.png)
# Creating Port Lists
1. Follow Step 1-3 from creating a target **(Selecting Port Lists instead of Targets on Step 2)**
2. Put a descriptive name and a comment if needed. Then fill in your port range **(This field will give you an example of how to define your port ranges T:xx-xx,xx,U:xx-xx,xx)** Then click save
![alt text](newportlist.png)