OpenVAS & Metasploit Integration – How to Use OpenVAS in Metasploit

Recently during an engagement, I was able to use OpenVAS in Metasploit to scan a host and conduct a test to see if the system was indeed exploitable.  Here is how it was done below:

  1. Issue command msfconsole to open Metasploit console.
    • msfconsole
  1. To use the OpenVAS integration you need to load the OpenVAS module within msfconsole. Do this by running the command
    • load openvas.
  1. Start by connecting to the server using the command openvas_connect.
    • openvas_connect username password 127.0.0.1 9390
  1. To create a target to scan use the command openvas_target_create. If you want spaces in the name or comment then make sure you place quotations around them.
    • openvas_target_create “Local Machine” 192.168.70.128 “My Local Machine” 
  1. Create a task by specifying a target and a configuration. Use the command openvas_config_list to get a list of configurations and the command openvas_target_list to get a list of targets.
    • openvas_config_list
    • openvas_task_create “Local Scan” “Scan My Local Machine” 0 1 
  1. Start the task with openvas_task_start and watch the progress using openvas_task_list.
    • openvas_task_start 0
    • openvas_task_list
    • openvas_task_list 
  1. Once the scan is finished, the progress is -1, list the available reports using openvas_report_list.
    • openvas_report_list

 

If this was helpful please let me know.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: