Social Icons

Sunday, July 23, 2017

Kali Linux 2 : Installing and Setting up OPENVAS

1.     This post will be useful for users who have just installed Kali Linux 2 and wish to install and setup OPENVAS.OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of GreenBone Networks commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009. 

 2.   The following set of commands vide a Kali terminal will be in the following sequence :

:~ apt-get update
:~ apt-get -y upgrade
:~ apt-get install openvas
:~ openvas-check-setup

after you run the open-check-setup command ,there is a possibility of something going wrong during installation...if there are some errors ...do the following at the terminal

:~ openvasmd --rebuild

next you might be prompted to create a user

:~ openvasmd --create-user= --role=Admin && openvasmd --user= --new-password=yourpassword

:~ greenbone-certdata-sync

Run the check setup again :

:~ openvas-check-setup


 the check setup screen should look like below :

 Final step to the access will need to browse you at the link as below to access Greenbone web interface

https://localhost:9392


 Thats all...start exploring the interface

Generate Public Key- Private Key Pair and Test them

The Public and Private key pair comprises of two uniquely related cryptographic keys.The Public Key is made available to everyone via a publicly accessible repository or directory. On the other hand, the Private Key must remain confidential to its respective owner. Because the key pair is mathematically related, whatever is encrypted with a Public Key may only be decrypted by its corresponding Private Key and vice versa.In this post we will see how to generate a set of private and public keys and then test to encrypt with public and decrypt with private key.I have a Ubuntu system...and I attempt all here on the terminal.The following commands will be used as we work with RSA keys:

openssl genrsa: Generates an RSA private keys.
openssl rsautl: Encrypt and decrypt files with RSA keys.
openssl rsa: Manage RSA private keys (includes generating a public key from it).

Firstly to generate the key,the terminal command will be as follows and shown in the screenshot :

 :~ openssl genrsa -des3 -out private.pem 2048

 The following command will generate a public key from the private key generated above
: ~ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
 So now we have generated a set of private key and public key with the extension .pem
 To just verify the generation,chk the contents inside as seen below :

:~ more public.pem
 :~ more private.pem
 Use the following command to generate the random key:
 :~ openssl rand -base64 128 -out key.bin
 Encrypt the sample pdf or any other file you want to encrypt with this key vide the following command :

:~ openssl enc -aes-256-cbc -salt -in anupam.pdf -out anupam.pdf.enc -pass file:./key.bin
 So now you have the original file here anupam.pdf and the encrypted file as anupam.pdf.enc
 We see that the files do not have much of a size difference but the file is encrypted.
Now use the following command to encrypt the random keyfile with the other persons public key:

:~ openssl rsautl -encrypt -inkey public.pem -pubin -in key.bin -out key.bin.enc
 The key.bin is encrypted now.
: ~ openssl rsautl -decrypt -inkey private.pem -in key.bin.enc -out key.bin1
 and finally we decrypt the pdf.enc file to original .pdf extension

:~ openssl enc -d -aes-256-cbc -in anupam.pdf.enc -out anupam1.pdf -pass file:./key.bin
Powered By Blogger