This is a sample lab from our 101 Labs – CompTIA CySA+ course.
Scanning using OpenVAS
Learn common vulnerability assessment tools.
For this lab, we will see an open-source tool for vulnerability assessment that can be used as a virtual machine or can be a host on a local server in Linux.
OpenVAS and damn vulnerable web application.
You can use Kali Linux/Ubuntu or any Linux distro of your liking in a VM for this lab.
For using DVWA, it can be accessed using the tryhackme website or by downloading metasploitable virtual machine which hosts this application on a local server.
Set up DVWA
DVWA can be accessed in multiple ways; if you have a good internet connection, just go to www.tryhackme.com, register yourself, and search for DVWA room, it is a free room, that can be accessed anywhere. Just connect the VPN configuration file, which can be downloaded from the website, connect it to your PC, start the room, and an IP address will be given to you, then you are good to go.
To access DVWA, just search for the IP in your browser.
Start the OpenVAS service, log in, and click on the dashboard.
Hover your mouse pointer over the scan option and click on the tasks option in the dropdown menu.
Hover your mouse pointer over the wand icon, and click on the task wizard.
A box appears like this,
Provide the IP of the DVWA, given at the DVWA room at tryhackme.com
Click on start scan to perform immediate scanning.
Wait for the scan to start. It takes some time, and it will automatically change the status form requested, and a bar will appear with the scanned percentage.
Wait for it to completely run 100 % .
Then click on Scans, and move to the report section.
Click over the IP of the target which you want a report of.
Every vulnerability that OpenVAS has found will be displayed there with the severity.
Clicking on these vulnerabilities will let you analyze them.