Security tools that are integrated into OpenVAS
This page is about security/auditing tools that are integrated into OpenVAS.
Note: This page is not actively maintained. The list might not be complete or some entries might be outdated. In case you would like to add your experiences here or propose further tools to integrate, please subscribe to the openvas-discuss mailing list and let the OpenVAS community know.
Nikto — a web server scanning and testing tool
Status (20080812): A NASL wrapper for Nikto is included in the openvas-plugins package.
NMAP — a portscanner
Status (20080925): NMAP integration is inherited from Nessus through nmap.nasl plugin and used as portscanner plugin. Note that using nmap.nasl to directly scan high number of hosts is not recommended. If you're having large number of hosts to scan and want to use nmap, run nmap first on the hosts and then import them using nmap.nasl importer function. You can read explanation here.
Future (20080925): NMAP has capabilities of scripting called Nmap Scripting Engine (NSE) which can also check for vulnerabilities. We're working on integrating nse scripts as plugins in OpenVAS.
ike-scan — an IPsec VPN scanning, fingerprinting and testing tool
Allows OpenVAS to run ike-scan to identify IPSEC VPN endpoints. It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified.
Status (20080915): A NASL wrapper for ike-scan is included in the openvas-plugins package. It has been tested against Racoon and Openswan and used as part of a live penetration test against Checkpoint VPN-1 and Cisco VPN.
snmpwalk — a snmp information retriever
Status (20081026): A NASL wrapper for snmpwalk is included in the openvas-plugins package. snmpwalk is used in port scanner phase.
amap — an application protocol detection tool
Status (20081026): A NASL wrapper for amap is included in the openvas-plugins package. amap is used in port scanner phase in order to identify services behind ports.
ldapsearch from OpenLDAP utilities — retrieves information from LDAP dictionaries
Status (20081026): A NASL wrapper for ldapsearch is included in the openvas-plugins package. NASL plugin uses ldapsearch in order show what information can be pulled of an LDAP server.
Security Local Auditing Daemon (SLAD) — perform local security checks against GNU/Linux systems
Allows OpenVAS to run these tools on a GNU/Linux target machine where SLAD is installed:
- ovaldi (NEW - see instructions for using ovaldi with SLAD for details)
Status (20081024): Works with OpenVAS 1.0.x, see hints how to use SLAD with OpenVAS.
ovaldi (OVAL) — an OVAL Interpreter
In order to extend the vulnerability coverage even further, the OpenVAS project is working on support for OVAL, the Open Vulnerability and Assessment Language.
Status (20090220): Proof-of-concept support for OVAL definitions is included in OpenVAS, now including support for multiple definitions per OVAL file. Be aware that OVAL support is only available in the 2.0 series. OpenVAS-Server at SVN revision 2578 or higher and a patched ovaldi 5.5.4 (see below) is recommended for testing OVAL support. If you want to use OVAL definitions, the following steps are necessary:
- Download ovaldi 5.5.4; this version is recommended for best results with OpenVAS.
- Apply this patch to the ovaldi source. This patch fixes a number of bugs in ovaldi which prevented ovaldi from running correctly when launched from within OpenVAS.
- Compile and install ovaldi.
- Copy the desired OVAL definitions into your OpenVAS plugin directory; make sure to change the file extensions from .xml to .oval.
- Copy the OVAL schema definitions (the .xsd files in the "xml" subdirectory in your OVAL installation) into your OpenVAS plugin directory.
- Restart OpenVAS Scanner; clients connecting to this service will now see a new plugin family called "OVAL definitions" in the plugin selection section.
- If you are using OVAL definitions that check for installed versions of certain packages, be sure to enable the plugin "Determine OS and list of installed packages via SSH login" (located in the "Misc." family) and to provide login information for the remote machine.
Be aware that support for OVAL definitions is still in an experimental stage and only a subset of all OVAL features is supported. Please report any bugs to the openvas-devel mailing list.
pnscan — a portscanner
Status (20081026): A NASL wrapper for pnscan is included in the openvas-plugins package. pnscan is used as port scanner plugin.
portbunny — a Linux-kernel-based portscanner
status (20081026): a NASL wrapper for portbunny is included in the openvas-plugins package. due to portbunny nature (linux kernel portscanner), it will work only on linux platform. portbunny is used as port scanner plugin. It is in experimental stage as you need to apply the patch if you're using Portbunny 1.1.1 or earlier. Alternative is to use development version (PortBunny261008-dev.tar.gz or later) or SVN version of portbunny.
strobe — a portscanner
status (20081026): A NASL wrapper for strobe is included in the openvas-plugins package. strobe is used as port scanner plugin.
w3af — a web application attack and audit framework
status (20100321): A NASL wrapper for w3af is included in the openvas plugins feed. Plugin is able to perform w3af scan and recognize basic security notices.