Metasploit实战一之——使用OpenVAS进行漏洞扫描
2024-07-03 20:30:14
转载请注明出处:https://blog.csdn.net/l1028386804/article/details/86564219
攻击机: Kali 192.168.205.128
靶机: Win2012 R2 192.168.205.130
注:Kali中安装OpenVAS可以参考:《Kali之——OpenVAS 8.0 Vulnerability Scanning》
1.在Metasploit中加载OpenVAS插件
为了将OpenVAS整合到Metasploit中,首先需要在Metasploit中加载OpenVAS插件。
msfconsole
load
load openvasmsf > load
load aggregator load db_credcollect load ips_filter load msfd load openvas load sample load sounds load token_hunter
load alias load db_tracker load komand load msgrpc load pcap_log load session_notifier load sqlmap load wiki
load auto_add_route load event_tester load lab load nessus load request load session_tagger load thread load wmap
load beholder load ffautoregen load libnotify load nexpose load rssfeed load socket_logger load token_adduser
msf > load openvas
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*]
[*] OpenVAS integration requires a database connection. Once the
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*]
[*] Successfully loaded plugin: OpenVAS2.将Metasploit中的OpenVAS插件与OpenVAS软件本身连接
可以通过在命令openvas_connect后面添加用户凭证、服务器地址、端口号和SSL状态实现,如下命令所示:
openvas_connect admin admin localhost 9390 okmsf > openvas_connect admin admin localhost 9390 ok
[*] Connecting to OpenVAS instance at localhost:9390 with username admin...
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful3.创建工作区
3-1.查看帮助信息
workspace -hmsf > workspace -h
Usage:workspace List workspacesworkspace -v List workspaces verboselyworkspace [name] Switch workspaceworkspace -a [name] ... Add workspace(s)workspace -d [name] ... Delete workspace(s)workspace -D Delete all workspacesworkspace -r <old> <new> Rename workspaceworkspace -h Show this help information3-2.创建一个名为NetScan的工作区
workspace -a NetScanmsf > workspace -a NetScan
[*] Added workspace: NetScan3-3.切换到NetScan工作区
workspace NetScanmsf > workspace NetScan
[*] Workspace: NetScan4.创建目标
可以使用命令openvas_target_create来创建任意数量的目标。
openvas_target_create
openvas_target_create outer 192.168.205.130 Outer_Interfacemsf > openvas_target_create
[*] Usage: openvas_target_create <name> <hosts> <comment>
msf >
msf > openvas_target_create outer 192.168.205.130 Outer_Interface
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] 275520c1-9a9e-4e49-865a-cd22ca4f3c6f
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of targetsID Name Hosts Max Hosts In Use Comment
-- ---- ----- --------- ------ -------
275520c1-9a9e-4e49-865a-cd22ca4f3c6f outer 192.168.205.130 1 0 Outer_Interface这里,我们创建了IP地址为192.168.205.130的目标,名字为outer,备注为Outer-Interface,我们需要记住这个目标的ID:275520c1-9a9e-4e49-865a-cd22ca4f3c6f
5.定义策略
可以使用openvas_config_list命令列出示例策略。
openvas_config_listmsf > openvas_config_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configsID Name
-- ----
085569ce-73ed-11df-83c3-002264764cea empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery
698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea Full and very deep
74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery
bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery
daba56c8-73ec-11df-a475-002264764cea Full and fast这里,我们选择Full and fast策略,同样我们需要记住这个策略ID:daba56c8-73ec-11df-a475-002264764cea
6.创建扫描任务
这里我们使用的命令是openvas_task_create
首先,我们查看下目标列表
openvas_target_listmsf > openvas_target_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of targetsID Name Hosts Max Hosts In Use Comment
-- ---- ----- --------- ------ -------
275520c1-9a9e-4e49-865a-cd22ca4f3c6f outer 192.168.205.130 1 0 Outer_Interface接着创建扫描任务
openvas_task_create
openvas_task_create Netscan ScanForVulns 策略id 目标idmsf > openvas_task_create
[*] Usage: openvas_task_create <name> <comment> <config_id> <target_id>
msf >
msf > openvas_task_create Netscan ScanForVulns daba56c8-73ec-11df-a475-002264764cea 275520c1-9a9e-4e49-865a-cd22ca4f3c6f
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] f1311593-6ffb-4eef-817f-3c0f1df521b7
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasksID Name Comment Status Progress
-- ---- ------- ------ --------
f1311593-6ffb-4eef-817f-3c0f1df521b7 Netscan ScanForVulns New -1这里的目标id就是第4步中创建的目标id,策略id就是第5步中创建的策略id
这里,我们也需要记下这个任务id:f1311593-6ffb-4eef-817f-3c0f1df521b7
7.开始扫描
openvas_task_start
openvas_task_start 任务idmsf > openvas_task_start
[*] Usage: openvas_task_start <id>
msf >
msf > openvas_task_start f1311593-6ffb-4eef-817f-3c0f1df521b7
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='202' status_text='OK, request submitted'><report_id>cdfbf3e8-cf79-4f5e-a34d-6076457bd16b</report_id></start_task_response></X>这里的任务id就是第6步中得出的任务id
8.查看任务进度
openvas_task_listmsf > openvas_task_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasksID Name Comment Status Progress
-- ---- ------- ------ --------
f1311593-6ffb-4eef-817f-3c0f1df521b7 Netscan ScanForVulns Running 94msf > openvas_task_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasksID Name Comment Status Progress
-- ---- ------- ------ --------
f1311593-6ffb-4eef-817f-3c0f1df521b7 Netscan ScanForVulns Done -19.列出扫描报告
openvas_report_listmsf > openvas_report_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of reportsID Task Name Start Time Stop Time
-- --------- ---------- ---------
cdfbf3e8-cf79-4f5e-a34d-6076457bd16b Netscan 2019-01-20T09:39:11Z 2019-01-20T09:44:11Z这些报告可以下载,如果需要导出报告,那么我们就要选择一个报告id
10.查看所有的格式ID
openvas_format_listmsf > openvas_format_list
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of report formatsID Name Extension Summary
-- ---- --------- -------
5057e5cc-b825-11e4-9d0e-28d24461215b Anonymous XML xml Anonymous version of the raw XML report
50c9950a-f326-11e4-800c-28d24461215b Verinice ITG vna Greenbone Verinice ITG Report, v1.0.1.
5ceff8ba-1f62-11e1-ab9f-406186ea4fc5 CPE csv Common Product Enumeration CSV table.
6c248850-1f62-11e1-b082-406186ea4fc5 HTML html Single page HTML report.
77bd6c4a-1f62-11e1-abf0-406186ea4fc5 ITG csv German "IT-Grundschutz-Kataloge" report.
9087b18c-626c-11e3-8892-406186ea4fc5 CSV Hosts csv CSV host summary.
910200ca-dc05-11e1-954f-406186ea4fc5 ARF xml Asset Reporting Format v1.0.0.
9ca6fe72-1f62-11e1-9e7c-406186ea4fc5 NBE nbe Legacy OpenVAS report.
9e5e5deb-879e-4ecc-8be6-a71cd0875cdd Topology SVG svg Network topology SVG image.
a3810a62-1f62-11e1-9219-406186ea4fc5 TXT txt Plain text report.
a684c02c-b531-11e1-bdc2-406186ea4fc5 LaTeX tex LaTeX source file.
a994b278-1f62-11e1-96ac-406186ea4fc5 XML xml Raw XML report.
c15ad349-bd8d-457a-880a-c7056532ee15 Verinice ISM vna Greenbone Verinice ISM Report, v3.0.0.
c1645568-627a-11e3-a660-406186ea4fc5 CSV Results csv CSV result list.
c402cc3e-b531-11e1-9163-406186ea4fc5 PDF pdf Portable Document Format report.11.将报告导入数据库
这里使用openvas_report_import命令后面加上报告ID和格式ID导入到数据库中。
openvas_report_import 报告id 格式idmsf > openvas_report_import cdfbf3e8-cf79-4f5e-a34d-6076457bd16b a994b278-1f62-11e1-96ac-406186ea4fc5
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] Importing report to database.12.查看MSF中的漏洞数据库
将报告成功导入数据库之后,就可以使用vulns命令查看MSF中的漏洞数据库,如下所示:
msf > vulns
[*] Time: 2019-01-20 09:48:02 UTC Vuln: host=192.168.205.130 name=ICMP Timestamp Detection refs=CVE-1999-0524 13.通过浏览器访问
所有的漏洞都已经保存到了数据库中,我们还可以通过浏览器9392端口来登录Greenbone助手,对漏洞数量进行交替确认,并深入了解这些漏洞的细节。如下图所示:
Metasploit实战一之——使用OpenVAS进行漏洞扫描相关推荐
- docker部署OpenVAS开源漏洞扫描系统——筑梦之路
OpenVAS 是一个全功能的漏洞扫描器.它的功能包括非认证测试.认证测试.各种高水平和低水平的互联网和工业协议.大规模扫描的性能调整和一个强大的内部编程语言来实现任何类型的漏洞测试. 用户需要一种自 ...
- 26学习渗透测试工具 Metasploit 的基本用法,包括漏洞扫描、攻击模块
Metasploit是一款广泛使用的渗透测试工具,它提供了大量的漏洞扫描.攻击模块和负载等,可以用于评估系统的安全性.下面是Metasploit的基本用法教程,包括漏洞扫描和攻击模块的使用. 漏洞扫描 ...
- 使用OpenVAS 9进行漏洞扫描
目录 Part I:安装和使用 安装Openvas 9 启动和停止OpenVAS Part II:漏洞扫描 在OpenVAS中创建目标 在OpenVAS中配置扫描任务 运行OpenVAS漏洞扫描 查看 ...
- 【4. 扫描节点】 分布式漏洞扫描系统设计与实现
四• 扫描节点 4.1 概述 此文原出自[爱运维社区]: http://www.easysb.cn 扫描节点(scanner)是整个分布式扫描系统的终端节点,负责具体漏洞扫描.由于我们的漏洞 ...
- Kali Linux 网络扫描秘籍 第五章 漏洞扫描
第五章 漏洞扫描 作者:Justin Hutchens 译者:飞龙 协议:CC BY-NC-SA 4.0 尽管可以通过查看服务指纹的结果,以及研究所识别的版本的相关漏洞来识别许多潜在漏洞,但这通常需要 ...
- metasploit魔鬼训练营学习笔记-3网络漏洞扫描
一.漏洞扫描前期知识点梳理 1.通过网络对目标进行搜集主要技术有主机探测与端口扫描.服务扫描与查点与网络漏洞扫描等,最强大的开源网络扫描软件为Nmap和OpenVAS,都可以集成到metasploit ...
- OpenVAS漏洞扫描基础教程之创建用户组与创建角色
OpenVAS漏洞扫描基础教程之创建用户组与创建角色 OpenVAS创建用户组 用户组就是指许多个用户的组合.在网络中,各个访问网络的用户的权限可能各不相同.所以,可以通过将具体相同权限的用户划为一 ...
- OpenVAS漏洞扫描基础教程之创建用户
OpenVAS漏洞扫描基础教程之创建用户 OpenVAS管理服务 默认情况下,OpenVAS服务仅创建了一个名为admin的用户,而且是管理员用户(拥有最高的权限).如果想要其它客户端登陆的话,不可能 ...
- OpenVAS漏洞扫描基础教程之连接OpenVAS服务
OpenVAS漏洞扫描基础教程之连接OpenVAS服务 连接OpenVAS服务 当用户将OpenVAS工具安装并配置完后,用户即可使用不同的客户端连接该服务器.然后,对目标主机实施漏洞扫描.在本教程中 ...
最新文章
- python程序保存_初识python 文件读取 保存
- zabbix snmp 协议监控 dell iRDAC
- Spring Boot登录选项快速指南
- 给matlab图加图注,matlab学习5-数据可视化4-gai.ppt
- 信息学奥赛一本通 1127:图像旋转 | OpenJudge NOI 1.8 11:图像旋转
- leetcode 1160 python
- 叮!锦鲤素材到货啦~
- [转]SQL_Server_SSIS_ 最佳实践
- [211渣硕] 腾讯/阿里/携程 详细NLP算法实习 面经
- 三种跨线程控件访问方法
- Oracle Dataguard 管理命令
- springcloud与jdk版本问题
- Microsoft Project——Project基本使用教程
- java web从入门到精通 明日科技 源码_Java Web 从入门到精通(明日科技)
- GW INSTEK GPD 3303系列稳压源控制软件(自行使用c#编写)更新
- [SSL_CHX][2021-8-18]角谷猜想
- 西门子伺服驱动器6SE70上电无显示故障分析
- 哪款游戏蓝牙耳机好用?好用的游戏蓝牙耳机推荐
- 超级账本Hyperledger Fabric的使用
- 读《当我跑步时,我在想什么》有感