Openvas

 一、  Continue to jot down notes about the Nmap

1、nmap -sn   [ip]   This command will send an ARP request to the LAN broadcast address and will determine whether the host is live

    eg:   we use the command to gathering system information  (as follow ,it's mine  windows7 system)  ,in addition  we combination  of linux and others system are  used ,I have written about install kali and Ubuntu 、Metasploitable2  system on my previous blog .you can refer the installing on the  Vmware . and then fire start the ubuntu system and use the same command to gathering information .

  the step one :   gathering win7 system

  Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 20:48 EST
Nmap scan report for 10.130.209.131
Host is up (0.82s latency).
Not shown: 986 closed ports
PORT     STATE    SERVICE          VERSION
135/tcp  open     msrpc            Microsoft Windows RPC
139/tcp  open     netbios-ssn      Microsoft Windows netbios-ssn
443/tcp  open     ssl/https
| fingerprint-strings:
|   FourOhFourRequest:
|     HTTP/1.1 404 Not Found
|     Date: Fri, 18 Jan 2019 01:48:39 GMT
|     Connection: close
|     Content-Type: text/plain; charset=utf-8
|     X-Frame-Options: DENY
|     Content-Length: 0
|   GetRequest:
|     HTTP/1.1 403 Forbidden
|     Date: Fri, 18 Jan 2019 01:48:39 GMT
|     Connection: close
|     Content-Type: text/plain; charset=utf-8
|     X-Frame-Options: DENY
|     Content-Length: 0
|   HTTPOptions:
|     HTTP/1.1 501 Not Implemented
|     Date: Fri, 18 Jan 2019 01:48:39 GMT
|     Connection: close
|     Content-Type: text/plain; charset=utf-8
|     X-Frame-Options: DENY
|     Content-Length: 0
|   RTSPRequest:
|     HTTP/1.1 400 Bad Request
|     Date: Fri, 18 Jan 2019 01:48:49 GMT
|     Connection: close
|     Content-Type: text/html
|     Content-Length: 50
|     <HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>
|   SIPOptions:
|     HTTP/1.1 400 Bad Request
|     Date: Fri, 18 Jan 2019 01:49:52 GMT
|     Connection: close
|     Content-Type: text/html
|     Content-Length: 50
|_    <HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>
|_http-title: Site doesn't have a title (text/plain; charset=utf-8).
| ssl-cert: Subject: commonName=VMware/countryName=US
| Not valid before: 2017-10-09T12:32:16
|_Not valid after:  2018-10-09T12:32:16
|_ssl-date: TLS randomness does not represent time
| vmware-version:
|   Server version: VMware Workstation 14.1.1
|   Build: 7528167
|   Locale version: INTL  
|   OS type: win32-x86
|_  Product Line ID: ws
445/tcp  open     microsoft-ds     Windows 7 Ultimate 7601 Service Pack 1 microsoft-ds (workgroup: WorkGroup)
514/tcp  filtered shell
902/tcp  open     ssl/vmware-auth  VMware Authentication Daemon 1.10 (Uses VNC, SOAP)
912/tcp  open     vmware-auth      VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
1025/tcp open     msrpc            Microsoft Windows RPC
1026/tcp open     msrpc            Microsoft Windows RPC
1027/tcp open     msrpc            Microsoft Windows RPC
1033/tcp open     msrpc            Microsoft Windows RPC
1055/tcp open     msrpc            Microsoft Windows RPC
5357/tcp open     http             Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_http-server-header: Microsoft-HTTPAPI/2.0
|_http-title: Service Unavailable
8082/tcp open     blackice-alerts?
| fingerprint-strings:
|   FourOhFourRequest, GenericLines, GetRequest, HTTPOptions, RTSPRequest, SIPOptions:
|     HTTP/1.1 400 Error
|     Server: QQ/1.0.0 (Tencent)
|     Content-Length: 18
|     Connection: close
|_    unkown the request
2 services unrecognized despite returning data. If you know the service/version, please submit the following fingerprints at https://nmap.org/cgi-bin/submit.cgi?new-service :
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port443-TCP:V=7.70%T=SSL%I=7%D=1/17%Time=5C41307C%P=x86_64-pc-linux-gnu
SF:%r(GetRequest,A5,"HTTP/1.1x20403x20Forbidden Date:x20Fri,x2018
SF:x20Janx202019x2001:48:39x20GMT Connection:x20close Content-Ty
SF:pe:x20text/plain;x20charset=utf-8 X-Frame-Options:x20DENY Cont
SF:ent-Length:x200 ")%r(HTTPOptions,AB,"HTTP/1.1x20501x20Notx2
SF:0Implemented Date:x20Fri,x2018x20Janx202019x2001:48:39x20GMT
SF: Connection:x20close Content-Type:x20text/plain;x20charset=utf-8
SF: X-Frame-Options:x20DENY Content-Length:x200 ")%r(FourOh
SF:FourRequest,A5,"HTTP/1.1x20404x20Notx20Found Date:x20Fri,x2018
SF:x20Janx202019x2001:48:39x20GMT Connection:x20close Content-T
SF:ype:x20text/plain;x20charset=utf-8 X-Frame-Options:x20DENY Con
SF:tent-Length:x200 ")%r(RTSPRequest,B3,"HTTP/1.1x20400x20Badx
SF:20Request Date:x20Fri,x2018x20Janx202019x2001:48:49x20GMT C
SF:onnection:x20close Content-Type:x20text/html Content-Length:x2
SF:050 <HTML><BODY><H1>400x20Badx20Request</H1></BODY></HTML>")%r
SF:(SIPOptions,B3,"HTTP/1.1x20400x20Badx20Request Date:x20Fri,x20
SF:18x20Janx202019x2001:49:52x20GMT Connection:x20close Content
SF:-Type:x20text/html Content-Length:x2050 <HTML><BODY><H1>400
SF:x20Badx20Request</H1></BODY></HTML>");
==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============
SF-Port8082-TCP:V=7.70%I=7%D=1/17%Time=5C41307B%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,6D,"HTTP/1.1x20400x20Errorx20 Server:x20QQ/1.0.0x20
SF:(Tencent)x20 Content-Length:x2018 Connection:x20close
SF:nunkownx20thex20request")%r(FourOhFourRequest,6D,"HTTP/1.1x20400x2
SF:0Errorx20 Server:x20QQ/1.0.0x20(Tencent)x20 Content-Lengt
SF:h:x2018 Connection:x20close unkownx20thex20request")%r(Ge
SF:nericLines,6D,"HTTP/1.1x20400x20Errorx20 Server:x20QQ/1.0.0x
SF:20(Tencent)x20 Content-Length:x2018 Connection:x20close
SF:r unkownx20thex20request")%r(HTTPOptions,6D,"HTTP/1.1x20400x20Err
SF:orx20 Server:x20QQ/1.0.0x20(Tencent)x20 Content-Length:x
SF:2018 Connection:x20close unkownx20thex20request")%r(RTSPRe
SF:quest,6D,"HTTP/1.1x20400x20Errorx20 Server:x20QQ/1.0.0x20(T
SF:encent)x20 Content-Length:x2018 Connection:x20close un
SF:kownx20thex20request")%r(SIPOptions,6D,"HTTP/1.1x20400x20Errorx20
SF: Server:x20QQ/1.0.0x20(Tencent)x20 Content-Length:x2018
SF: Connection:x20close unkownx20thex20request");
Device type: general purpose
Running: Microsoft Windows XP|7|2012
OS CPE: cpe:/o:microsoft:windows_xp::sp3 cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2012
OS details: Microsoft Windows XP SP3, Microsoft Windows XP SP3 or Windows 7 or Windows Server 2012
Network Distance: 2 hops
Service Info: Host: NETPOLICE; OS: Windows; CPE: cpe:/o:microsoft:windows

Host script results:
|_clock-skew: mean: -2h40m05s, deviation: 4h37m07s, median: -5s
|_nbstat: NetBIOS name: NETPOLICE, NetBIOS user: <unknown>, NetBIOS MAC: a4:db:30:5b:69:3a (Liteon Technology)
| smb-os-discovery:
|   OS: Windows 7 Ultimate 7601 Service Pack 1 (Windows 7 Ultimate 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::sp1
|   Computer name: NetPolice
|   NetBIOS computer name: NETPOLICEx00
|   Workgroup: WorkGroupx00
|_  System time: 2019-01-18T09:51:14+08:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode:
|   2.02:
|_    Message signing enabled but not required
| smb2-time:
|   date: 2019-01-17 20:51:14
|_  start_date: 2019-01-17 19:39:29
TRACEROUTE (using port 3389/tcp)
HOP RTT        ADDRESS
1   1.88 ms    192.168.142.2
2   1000.69 ms 10.130.209.131
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 242.79 seconds
the  setp two :gathering the  Ubuntu  information

     eg:   Ubuntu system information

    Starting Nmap 7.70 ( https://nmap.org ) at 2019-01-17 21:13 EST
Nmap scan report for 192.168.142.171
Host is up (0.00068s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE VERSION
22/tcp open  ssh     OpenSSH 7.6p1 Ubuntu 4ubuntu0.1 (Ubuntu Linux; protocol 2.0)
| ssh-hostkey:
|   2048 ac:b1:ea:b8:39:3f:c2:61:74:82:d8:a7:06:4c:57:ec (RSA)
|   256 9b:36:1f:ce:79:c8:04:6e:cf:96:72:2b:0a:99:a5:71 (ECDSA)
|_  256 87:06:4a:2c:f2:d9:3a:81:22:f1:fd:18:bb:f5:54:d6 (ED25519)
MAC Address: 00:0C:29:26:DB:DD (VMware)
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.2 - 4.9
Network Distance: 1 hop
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
TRACEROUTE
HOP RTT     ADDRESS
1   0.68 ms 192.168.142.171
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.10 seconds

2、if we don't know the host ip is livewe can use the dash-notation to scan teh LAN network  ,    but we use the command to scan another LAN ,it's means  permormed against remoter hosts on a different LAN ,the response will not include system the MAC address ..

    the command is :   namp  -sn  192.168.5.0-255     or  we can use the command  192.168.5.0/24

     another if we want to scan a table list ip address  the we can use  the command  iL  like as : nmap -iL    ipList.txt   -sn (ipList.txt   is a note write down some ip address )

  eg :    nmap -iL  /home/iplist.txt   -sn        (note :   in fact we can't make sure the correct that the host is live through only in this scan )

 besides this wiget we can use  the Netdisocover    to gathering the  system information 

   

3、 tracert   the route  ,we use the tracert to  track the abroad ip address  .

4、use  openvas  to scan the website

    step one  how to install the openvas  in the kali linux .   if we forget the account and password we can use the command to change the account :    openvasmd --user=admin  --new-password=[password]   ,you can also add a new account for openvas use the command :

   {openvasmd  --create-user=name       创建一个新的账户       openvasmd --delete-user=name    删除一个账户}      now  at present we look the openvas install on the kali linux 

    if you want change the default configpage  we can  Modify configuration:    general used information in the   greenbone-security-assistant  ,the locate in :  vi /etc/default/greenbone-security-assistant/    in the page we can change the host ip  "GSA_ADDRESS=127.0.0.1--------> eg  you   host ip address .

use the command to update OPenvas   , in the procress .the page will  prompt you will upgrade two database .so you decide youself

   the upgrade command  :    openvas-feed-update

when the openvas  start   will open listening port 939*   ,we make sure  whether the port is open or close  use the command  :

     netstat -antp | grep 939*  

 

 

原文地址:https://www.cnblogs.com/xinxianquan/p/10289027.html