Sunday, November 14, 2010

OpenVas Security Scanner - Part 1

Everyone is getting excited when we talk about hacking and also the number of tools that they plan to use. I would like to share my personal preference regard to the scanner. As some of the pen tester might be aware they are free tools (e.g. nessus, openvas, ,nmap and etc) and commercial tools such as (e.g. nessus , core impact and etc).

Some of the tools is expensive due to its feature and also the reporting from it. Well for me I will still encourage you guys to use OPENVAS. In this blog, I am going to share some of the source code for reporting as you know free tools doesn't come with good reporting tools.

The tools that we need will be as following
1)Openvas: For scanning purpose
2)Notepad : To replace some wording in the NBE (output from openvas)

Let get started by understanding some fundamental of openvas. It is a tools to scan the machine for the vulnerability on the server. This is also part of the security assessment to check if there is any loophole on the system.As on below, this will be the few command that you must know and its pretty easy to use

The OpenVAS is a collection of integrated security tools and services that offer a
powerful platform for vulnerability management. It has been developed on the
basis of client-server architecture, where the client requests a specific set of network vulnerability tests against its target from the server. Its modular and robust design allows us to run the security tests in parallel and is available for a number of
operating systems (Linux/Win32). Let us take a look at the core components
and functions of OpenVAS.
  • OpenVAS Scanner effectively manages the execution of Network Vulnerability Tests (NVT). The new test plugins can be updated on a daily basis via NVT Feeds (
  • OpenVAS Client is a traditional form of desktop and CLI-based tools.Its main function is to control the scan execution via OpenVAS Transfer Protocol (OTP) which acts as a front-line communication protocol for the OpenVAS Scanner.
  • OpenVAS Manager provides central service for vulnerability scanning. A manager is solely responsible for storing the configuration and scan results centrally. Additionally, it offers XML-based OpenVAS Management Protocol (OMP) to perform various functions. For instance, scheduled scans, report generation, scan results filtering, and aggregation activity.
  • Greenbone Security Assistant is a web service that runs on the top of OMP. This OMP-based client offers a web interface by which the users can configure, manage, and administer the scanning process. There is also a desktop version of this available called GSA Desktop which provides the same functionality. On the other hand, OpenVAS CLI provides a command line interface for OMP based communication.
  • OpenVAS Administrator is responsible for handling the user administration and feed management.

Next step will be using the scanner

Now the most interesting part will be the reporting part, the openvas have the ability to export the files into a different format such as HTML, PDF and NBE. What we going to do next is to export the files into NBE. What we going to do with the files, I will show you later.Let get started:)

They will be 4 area on this
1)Preparation of the NBE files
2)Reporting engine preparation
3)Import NBE files to reporting engine
4)Customized Report

You will need to create a parser program.Hereby I would like to share with you the code

use strict;
use DBI;
my $db = "Malaysia";
my $dsn =
my $user = "root";
my $pass = "toor";
my $dbh = DBI->connect($dsn, $user, $pass, {'RaiseError' => 1});
my $filename = shift;
open(NBE, "$filename") || die "File not found\nYou need to provide this program with a valid filename
to parse.\n.";
while ()
my $line = $_;
if ($line =~/results/) # only pull results from the nbe file.
our @values = split(/\|/, $line);
# only pull full results lines (not just portscan entries)
if ($values[5] ne '')
my $SQL = "INSERT INTO malaysia_int SET IP='".$values[2]."',
Port=' ".$values[3]." ', PluginID=' ".$values[4]." ', Type=' ".$values[5]." ',
Description=".$dbh->quote($values[6])." ";
print "$SQL\n";
my $sth = $dbh->prepare($SQL) or die "Cannot prepare statement:
$sth->execute() or die "Cannot execute statement: $DBI::errstr\n";

Next step will be run the code against the NBE files
./ myfile.nbe

This would be the Part 2 part of the integration with Apache2 for reporting.

No comments:

Post a Comment