openvas扫描仪包装说明
开放式漏洞评估系统是一个模块化的安全审计工具,用于测试远程系统中,应该是固定的漏洞。它是由两部分组成:一个扫描服务器和客户端。扫描仪/守护程序,openvassd,负责的攻击,而客户端,OpenVAS客户端,提供了一个X11 / GTK +的用户界面。该软件包提供了扫描仪。
- 作者:OpenVAS
- 许可:GPL第二版
列入openvas,扫描仪的包装工具
greenbone-NVT同步 - 更新OpenVAS安全检查
更新从Greenbone安全饲料的OpenVAS安全检查。
openvas-的adduser - 添加OpenVAS用户
添加一个用户在openvassd用户群。
openvas-mkcert - 创建一个扫描仪证书
创建一个扫描器证书。
openvas-mkcert客户端 - 创建SSL客户端证书OpenVAS
[email protected]:~# openvas-mkcert-client -h
Usage:
openvas-mkcert-client [OPTION...] - Create SSL client certificates for OpenVAS.
Options:
-h Display help
-n <name> Run non-interactively, create certificates for user <name>
and register user <name> with the OpenVAS scanner
-i Install client certificates for use with OpenVAS manageropenvas-NVT同步 - 同步的网络漏洞测试使用不同的协议
[email protected]:~# openvas-nvt-sync --help
/usr/sbin/openvas-nvt-sync: Sync NVTs using different protocols
--rsync sync with rsync (default)
--wget sync with wget
--curl sync with curl
--check just checksum check
OpenVAS administrator functions:
--selftest perform self-test
--identify display information
--version display version
--describe display current feed info
--feedversion display current feed version info
--nvt-dir <dir> set directory of the NVT collection for this run
--migrate-to-private migrate unsigned files to private directory
Environment variables:
NVT_DIR where to extract plugins (absolute path)
PRIVATE_SUBDIR subdirectory of $NVT_DIR to migrate unsigned files to
OV_RSYNC_FEED URL of rsync feed
OV_HTTP_FEED URL of http feed
TMPDIR temporary directory used to download the files
Note that you can use standard ones as well (e.g. http_proxy) for wget/curlopenvas-rmuser - 删除一个OpenVAS用户
移除该openvassd用户群的用户。
openvassd - 在OpenVAS扫描仪
[email protected]:~# openvassd --help
Usage:
openvassd [OPTION...] - Scanner of the Open Vulnerability Assessment System
Help Options:
-h, --help Show help options
Application Options:
-V, --version Display version information
-f, --foreground Do not run in daemon mode but stay in foreground
-a, --listen=<address> Listen on <address>
-S, --src-ip=<ip[,ip...]> Send packets with a source IP of <ip[,ip...]>
-p, --port=<number> Use port number <number>
-c, --config-file=<.rcfile> Configuration file
-q, --quiet Quiet (do not issue any messages to stdout)
-s, --cfg-specs Print configuration settings
-y, --sysconfdir Print system configuration directory (set at compile time)
-C, --only-cache Exit once the NVT cache has been initialized or updatedopenvas-的adduser用法示例
[email protected]:~# openvas-adduser
Using /var/tmp as a temporary file holder.
Add a new openvassd user
---------------------------------
Login : dookie
Authentication (pass/cert) [pass] :
Login password :
Login password (again) :
User rules
---------------
openvassd has a rules system which allows you to restrict the hosts that dookie has the right to test.
For instance, you may want him to be able to scan his own host only.
Please see the openvas-adduser(8) man page for the rules syntax.
Enter the rules for this user, and hit ctrl-D once you are done:
(the user can have an empty rules set)
Login : dookie
Password : ***********
Rules :
Is that ok? (y/n) [y] y
user added.openvas-NVT同步用法示例
[email protected]:~# openvas-nvt-sync
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] The 'OpenVAS NVT Feed' is provided by 'The OpenVAS Project'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed.html'.
[i] NVT dir: /var/lib/openvas/plugins
[i] Will use rsync
[i] Using rsync: /usr/bin/rsync
[i] Configured NVT rsync feed: rsync://feed.openvas.org:/nvt-feed
[w] Private directory '/var/lib/openvas/plugins/private' not found.
[w] Non-feed NVTs not migrated there will be deleted by rsync.
Run migration now ([y/n], any other input aborts)? yopenvas-rmuser用法示例
openvassd用法示例
启动OpenVAS扫描仪守护在192.168.1.202(-a 192.168.1.202),前台(-f)8888端口(-p 8888):
[email protected]:~# openvassd -f -a 192.168.1.202 -p 8888
All plugins loaded