[HACKING] Metasploit, OpenVAS 연동(feat docker)

메모해둘겸 작성합니다.

예전엔 직접 하나하나 해야해서 귀찮았지만.. docker로 편하게 설치합시다.

#> docker run -d -p 443:443 -p 9390:9390 –name openvas mikesplain/openvas

docker ip의 9390 포트로 접근 시 관리 페이지 확인이 가능합니다. Metasploit에 연동해서 사용하면 아주 편리하죠.

    Command                       Description
    -------                       -----------
    openvas_config_list           Quickly display list of configs
    openvas_connect               Connect to an OpenVAS manager using OMP
    openvas_debug                 Enable/Disable debugging
    openvas_disconnect            Disconnect from OpenVAS manager
    openvas_format_list           Display list of available report formats
    openvas_help                  Displays help
    openvas_report_delete         Delete a report specified by ID
    openvas_report_download       Save a report to disk
    openvas_report_import         Import report specified by ID into framework
    openvas_report_list           Display a list of available report formats
    openvas_target_create         Create target (name, hosts, comment)
    openvas_target_delete         Delete target by ID
    openvas_target_list           Display list of targets
    openvas_task_create           Create a task (name, comment, target, config)
    openvas_task_delete           Delete task by ID
    openvas_task_list             Display list of tasks
    openvas_task_pause            Pause task by ID
    openvas_task_resume           Resume task by ID
    openvas_task_resume_or_start  Resume task or start task by ID
    openvas_task_start            Start task by ID
    openvas_task_stop             Stop task by ID
    openvas_version               Display the version of the OpenVAS server

HAHWUL > openvas_connect admin admin 172.16.0.4 9390 ok [*] Connecting to OpenVAS instance at 172.16.0.4:9390 with username admin… [+] OpenVAS connection successful

HAHWUL > openvas_target_create [] Usage: openvas_target_create HAHWUL > openvas_target_create “test” www.hahwul.com “test comment!” [] a248577e-b232-4935-a046-98255a08f193 [+] OpenVAS list of targets

ID Name Hosts Max Hosts In Use Comment


a248577e-b232-4935-a046-98255a08f193 test www.hahwul.com 1 0 test comment!

HAHWUL > openvas_target_list [+] OpenVAS list of targets

ID Name Hosts Max Hosts In Use Comment


a248577e-b232-4935-a046-98255a08f193 test www.hahwul.com 1 0 test comment!

HAHWUL > openvas_config_list [+] OpenVAS list of configs

ID Name


085569ce-73ed-11df-83c3-002264764cea empty 2d3f051c-55ba-11e3-bf43-406186ea4fc5 Host Discovery 698f691e-7489-11df-9d8c-002264764cea Full and fast ultimate 708f25c4-7489-11df-8094-002264764cea Full and very deep 74db13d6-7489-11df-91b9-002264764cea Full and very deep ultimate 8715c877-47a0-438d-98a3-27c7a6ab2196 Discovery bbca7412-a950-11e3-9109-406186ea4fc5 System Discovery daba56c8-73ec-11df-a475-002264764cea Full and fast

HAHWUL > openvas_task_create scan1 scan 2d3f051c-55ba-11e3-bf43-406186ea4fc5 a248577e-b232-4935-a046-98255a08f193 [*] 5fc7c069-124b-46fb-90cd-362ce11a552f [+] OpenVAS list of tasks

ID Name Comment Status Progress


5fc7c069-124b-46fb-90cd-362ce11a552f scan1 scan New -1

HAHWUL >

Licensed under CC BY-NC-SA 4.0
Last updated on Jul 10, 2021 01:05 +0900