Vulnerability Scanner Setup and Configuration of OpenVAS Part 2

00:00

everyone Welcome back to the course. So in the last video, we went ahead and loved Callie lyrics. We then also created our text file with our Nano command. And then we went ahead and loaded I p addresses in there so we could actually skin against those.

00:14

And then we wrapped up the that video with launching the open Voss tool, and we were in the process of launching it. And I went and Paul's video, as I mentioned, to take several minutes to go ahead and launch it. Once it does, it will launch Firefox's you see in the background there. And then we'll take you to the green Bone security assistant. Log in page right here in step 16.

00:32

So you'll see that in the background there in my machine. Now we're it steps 17 here. We're gonna go ahead and log into this particular page

00:38

so we'll log in with the user name of admin, and then the password is capital P, the at symbol and then lower case S S W.

00:47

The number zero and then lower case R D. So let's go and type that in now. So we're gonna type in admin all over case

00:54

and then we'll type on our password here. So capital P the at symbol

00:58

Lower case S S W

01:00

the number zero and lower case R D. What? You taught that And you could either hit enter any keyboard, just click on log in there and may ask you, Do you want to remember? It doesn't matter. They're just go ahead next out. Or you can remember it has no bearing on the lab at all. So you're welcome to do what you want in that particular situation.

01:18

What's the next step here? Step 18. We're gonna go ahead and put our mouths over top of the configuration option on the select targets. So this one right here on the set,

01:27

it's

01:30

all right, so it takes us to our target page here. So now what we're gonna do is we're actually gonna cook this tiny little icon here that looks like a little white star. So it's a small blue colored button, as I mentioned with a white car colored star in the center.

01:44

So where to go and click on that? And that's gonna allow us to create a new target so it's actually open a papa box for us when we do that. So go and click on it.

01:51

You see here in a second, it opens up this top of box for us.

01:53

Well, go ahead and get some of these fields filled out.

01:59

All right, So first thing we're gonna do here in step 21 we're gonna go ahead and in the name box type and corporate devices. So stop box here.

02:06

Just go ahead and type and corporate devices.

02:10

And then in our comment field were type, and these are devices on the network. You don't need the quotation marks. I just wanted you to know that was a basically a statement there. So these air the device, these air devices on the network. So go and type that in the comment box. These are devices on the network.

02:30

All right,

02:30

So

02:31

now what we're gonna do on step 23 under the host. So this this third option down here, we're gonna select the from file option,

02:40

and then we're gonna go ahead and browse.

02:44

So we went ahead and we selected from file option. We're browsing now.

02:47

You'll see. It's open a window in the background there. What? I want you to do now is cook on the student folder.

02:53

So it's down here at the bottom left. Go and click on that. And then now you're going to see the file that we created that scanning target list. One.

03:00

Go ahead and click on that one.

03:02

And it's like the open button.

03:06

All right, let's go back to our lab document.

03:07

So we've gone ahead and we cook a student folder. We clicked on the file that we had created. We select the open button.

03:15

So our last step at this particular screen is gonna be clicking on the crate, but at the very bottom, right? So let's go and do that. Analyses click on that

03:22

pulls that little pop up for us.

03:24

Let's go back to our lab document.

03:29

All right, so our next step here is Step 29. We're gonna go ahead at the very top of the screen here. We're gonna click on. We're gonna cover our mouths over top of the scans option, and there were to select task.

03:39

Let's go and do that. Elsa Skins. And then you're gonna see task, right? They're going to go ahead and click on that one

03:46

you might get this little pop up here If you see that you connects out of it, or you just wait until that timer runs out. Either way, it'll close it. So I'm just gonna x out of it to save us some time. There a couple of seconds

03:57

so you'll see Step 30. That was that little puppet box again. If you just leave it alone for, like, six or seven seconds and it will close for you

04:03

the next thing, Where do you where to click back on the small blue collar button again. That's that same one with white star in the center. And we're gonna select new task. So let's go and do that now. So you'll see if I hover my mouse overtop It gives me a new task option. I want to go ahead and click on that.

04:18

You'll see it opened up some more fields for us to fill out.

04:23

So we're gonna talk in the name field. We're gonna type corporate scans. Let's go and do that now. So this top one here, What's going to happen? Corporate skin.

04:30

You remember in the last one we typed in corporate devices. So now what is going to specify that? Hey, this is a corporate scan disassociated with those particular devices.

04:39

All right, so all we're gonna do there is actually changed the name. We're just gonna now click the kree button at the bottom, right? So let's go and do that

04:45

and what you'll see here in a second as you'll see a line here with our skin and the way we go ahead and start our scan is this little

04:55

the white arrow in it? You'll see if I have a mind miles over top the show start and then we're just gonna go ahead and start that

05:01

now it's gonna go ahead and run the ER

05:03

scan in the background there. Now, it may take 5 to 10 minutes to complete. The next thing I should want you to do wallets going. Going ahead and running is up here at the top or says no auto refresh.

05:15

Go ahead and just click in that box and then choose refresh every 30 seconds. So that way, as it starts to complete, you'll start knowing like, okay, it's almost complete and, you know, to be able to come here and click on it

05:28

now, as I mentioned, the scan is gonna take about 5 to 10 minutes to complete, so I'm gonna go and Paul's video here once it completes on my end, I'll go ahead and pick back up the video on what you'll notice once it's completed, as we'll see a date here that we can go ahead and click on.

05:43

All right, so it's finished scanning. Finally, not mine through a couple of air messages. So that's what kind of took so long to come back on the video. Eso basically, as it was, scanning it would throw on air. If it does that, I forget the exact air code. But just cook the roster back button, and that will take you back to the scanning page.

06:01

It eventually should finish successfully.

06:04

I'm not like I said. It does take him a moment or so to get finished out, but you eventually should see it finished, and then you'll want to click on. The last state should should be available. Pretty click on

06:15

now. If it's not for some reason, just go to scans and the task. Basically, that should try to refresh it, and then you should be good to go. The ultimate goal was to get here

06:25

where we have a listing of all the vulnerabilities that it's found. Now, the cool thing about this. And

06:30

before that, I want you to answer a question one here. So what vulnerabilities do you see on the report, if any. On my end. Obviously you can see there. I have quite a few vulnerabilities. And then course number two Khanna ties into what I was about to mention one. Other information is provided in the report. Besides just listing out of vulnerability.

06:48

What other information is available for us

06:51

now on your own? If you want to go in Paul's video, look through all of these items that you find so feel free to look through all of them. Go through different pages, etcetera,

07:01

and jot down what information you see. So, for example, here we see, we do have a severity level s 0 10 being the highest 10 out of 10. Not a good thing by any means.

07:12

We've also got a the I P address here, as well as the port that we're running on. And then if we open these up so we'll go ahead and click all this click on the stop one here is gonna tell us some information about that particular vulnerability that we're finding. So tell you tell us the CVI codes

07:30

if there are any assuming, so there should be

07:32

it. Also tell you some other supporting documentation or website since you couldn't go to to find out more about it. And it also just as I mentioned, gives you kind of a brief summary of the particular vulnerability.

07:45

All right, so the last step of our lad documents just basically generating a report. And this is something that, like, if you were trying to give it to your boss or one, not this is something that you would want to go ahead and do.

07:58

So I'm just gonna back up here, so I'll go back to my main list there. Now, the way we get a report is here in this top of left little dropped out menu, what is gonna click in there? And we're to scroll down and choose pdf

08:09

and then this little down arrow right here. That's actually how we generate a report. So the download filtered report is the name of the option. If we go ahead and click on that. It's gonna give us a pop up box here, and then we can either save or open the report. It has not been opening for me in the lab. Here s so I've just been saving. It is kind of a proof of concept thing, but again,

08:30

in the real world, you just download this and

08:33

open it up and provided to whoever needs it.

08:35

But the main thing I wanted to see after we ran open Boston, I'll close it out. The main thing I want to see wanted you to see here is how much information open Voss provides back tow us compared to the core impact. You know, the free scan that we ran earlier. This one's an open source tool. And look at the information, you know, gives us the severity level.

08:54

It gives us some my pia information location information

08:56

on Then if we click on and give us a description, et cetera of that particular vulnerability

09:03

are so in this video, we just wrapped up our discussion on open Voss again. That's ah, vulnerability scanning tool and one that's commonly used in the industry by defenders as well as Attackers

09:13

in the next module. We're just gonna go ahead and wrap up our discussion for the entire course. Now, keep in mind as well that there are assessments for this course. Be sure to download the supplement of resource is section. So you'll get all this lab step by step guides as well as all the assessments on. So what I've done there is I've listed out the assessments you need to complete listed out

09:33

ah, bunch of different and map commands and I want you to run