Hello, everyone, welcome back to breaking stuff with Joe I, as always in your eponymous host, Joe Perry. And today we're going to be learning about Open Pass, the open Vulnerability Assessment system, an incredibly useful, spectacularly powerful vulnerability scanner
and vulnerability analysis, augmentation and automation tool.
It is used in nearly every step and every aspect of the vulnerability analysis process and what's really interesting about it, as the name might suggest. Open, vast. It is open source and community manage, and it's an interesting tool, and I want to take a moment that's kind of having a side about it,
because it's built on the same sort of bones and ideas that powered the necessary vulnerability. Scanner
messes is something that we actually we'll talk about in a future breaking stuff with job video. But it was a tool that for a long time was open source and the managing the group that owned and managed it decided to take a close source and make it a proprietary tool. And so out of the need for a new vulnerability, skater open Vast was born and again has been managed by the community
ever since. So it's a really really cool tool, and it's got such a phenomenal community support.
They're tens of thousands of documented test so that you can look at them for reference. There's hundreds and hundreds of pages, pages of user help and guides throughout the Internet. If you just Google opened vast, you'll find thousands of pages of guides and information. It's a spectacular, useful great community. Awesome tool.
It's of course, it's great for Red Team and pen testers, just like almost everything in the breaking stuff Joe series is good for.
But it's also good for soccer analyst and network administrators who are trying to perform a proper a bullpen test but trying to see if there any low hanging fruit vulnerabilities could be immediately detective and patched on their networks. So it's a great tool, sort of every level off pen testing and vulnerability analysis skill, and it's definitely one you should incorporate
into your work. Over the course of the next eight minutes or so, we're gonna learn how to launch open back. We're gonna learn how to run an open, vast skin from the terminal,
and we're going to see what the open, vast Web interface looks like. And how we can use that for those who are a little bit less terminally inclined.
So it's a great tool. I'm very excited about this video. Hopefully, you're very excited about it, too. And in the end of these eight minutes, you're gonna be able to use open, vast open vulnerability assessment system Tau break stuff every day.
As always, we're here in our trusty Callie V. M. It is worth noting before we actually start running open vests that this is one of the few tools that actually doesn't come preinstalled in Cali. There is, Ah, there is an open best to put on the APP store for Callie that specifically to be downloaded. But it's a large. It's a large package. You don't have to download it for yourself. So
if you're running your Callie BM, you can't. You can't figure out where that is.
once we've downloaded it, but which, by the way, is just done with the straightforward after get installed open bass.
Once we've done that, all we're gonna need to do here is actually run that tool the very first thing we want to do to get it running and get it, you know, actually organized and set up. We're gonna do open, vast
tackle from attack set up
and you'll see it's gonna pull in a bunch of configuration information from various websites. It's gonna pull down all the data it needs to actually run this tool.
It's like I said, it's a very large framework. It's used for doing just a ton of different vulnerability analysis, and so to do that, it needs to update its database. When you run the setup
and we can see it's pretty quickly working its way through all the different packages that are attached to it. It takes just a couple of minutes, but it's not. Not terribly time consuming,
so we'll go ahead and use a little bit of movie. Matt, you can just skip forward from here,
all right, and here you can see it's finally finished installing open vast. It takes a little while. It took about 15 to 20 minutes on my system so it would probably take the same amount of time you're using an older computer, maybe a little longer.
But once it's done, you'll get this message down here. It's created your admin user with that password. You'll want to save that off somewhere
and also with the most recent version of Open Pass. It will also open up a Web browser for you,
and you can see here that it's got a bunch of information. In this case. It's saying that my connection isn't secure. That's fine. We can fix that
for now. We'll just go ahead and advanced.
What's happening here is because open masses using assert that isn't necessarily the most well known or isn't on the right route. C a.
Sometimes your browser going to tell you that that's the wrong
certain. Or that there's a problem. Now you're hosting this service yourself is all local on your machine. So, generally speaking, it's not a big deal using assert that isn't necessarily a perfectly legitimate.
So here it Aye, sir, asks us for a user name and password. We can find that
by returning toward terminal,
and you can see that the patter the
user name is admin and the password is this long. It looks like a hash of some kind,
so it's going to copy that
and then we'll jump back into
infer what browser? Little bit of clicking back and forth. You
so use her name was ad men and a password
was that long stream and we hit Log in
and you can say we're not save as you please
And here you go As long as I say I say please. As long as you make sure that you do say that password somewhere
and that's gonna find him, load us up into this user hub sort of gooey right here. This is a really fantastic doctor. How great this tool is. What's awesome is the way that the information is being displayed. So after you've done scans, you can see here that the severity class
status, all the information you can use this in order to get all of the details really need tohave
about whatever you're performing there says you can see here, Over here, to the scans dashboard. It's loading. You get results by severity class results by, um,
Rather tests my status. Got your different lists of results in information. So it's got a ton of different data, sort of about the severity of what you found. And when that information was founded, how it was found. So you see here we've got scans. We have the main dashboard. Who you're looking at. We have scans, has tasked reports of results. If we just want open one of those up, we can look
the tasks menu. You're on scans.
There we go on one of the really nice things about this. There was a really nice things about this tool. Are these help menus that it puts up for you that you're able to just really rapidly do you work through the basics of running this tool?
So we want to run our own scan. It told us that we could go up here or if we wanted to do our own taxes. Go up here. Let's do the task, Wizard.
I'm going to give us an I P. Address, and we're gonna go ahead and use the local host. That way, we could just immediately scan ourselves and see what it turns up.
You can see here there are a few different options of how we go about it. But the basics are just putting your i p address or a host name and we'll start scan.
All right. And it's running the scan. You can see here.
It takes a little bit to load this, so it always surprises me. When that happens,
we got our tasks. You can see now that we have one task by status over here. Mark has requested that a bunch of different actions down here we can take, for example,
uh, this would be to play the task if it wasn't already running.
This would be if the task had been stopped. For some reason, it would start it up again. That's to delete the task. This is configuring the task.
Clone it clone. It's kind of funny that they used a shoot for that. But cloning is just creating a new task with all the same information.
All right, let's see what we've got.
All right, so it's running again. It could be a little bit sort of Laghi and jumps jump around a little bit when you're using it on a
computer that maybe doesn't have as much memory available. Processing speed available. Totally. Okay, you can see down here. It's got a status bar force, and it's gonna run that until such time until such time as it's done.
Once it is finished, you'll be able to see again once we go over here to dashboard
to the scans dashboard, that is,
and load up eventually.
Now you can see that this has started. Update. So we've got three different results. We have one over here on the other side down here, we consider. Got one task that's running.
And we've only found we've got a spike right here of actual reports.
Obviously, there's a ton Maur to open best. There's all sorts of information over here into a configuration administration. I've got a bunch of useful sort of
miscellaneous utilities packaged into extras. But all we wanted to look at for this particular session was how to actually run this tool and what it actually looks like while it's being run. I highly highly recommend that you pull down open bats. It's totally free. And we should have it on our Callie VM. You can pull it down
our Colombian here on cyberia, that is. You can pull it down. You could run it. You could determine you.
How would I use this? My personal infrastructure. What information? By getting back from this, hopefully now you have enough information to kind of navigate it. And what this tool is actually working off.
So it's gonna be all there is for this video. Thank you. As always for watching. And of course, you have been watching breaking stuff with Joe here on Cyber Eri on demand.