20170214-10 选题

sources/tech/20170206 OpenVAS - Vulnerability Assessment install on Kali Linux.md

@@ -0,0 +1,136 @@
+OpenVAS - Vulnerability Assessment install on Kali Linux
+============================================================
+
+### On this page
+
+1.  [What is Kali Linux?][1]
+2.  [Updating Kali Linux][2]
+3.  [Installing OpenVAS 8][3]
+4.  [Start OpenVAS on Kali][4]
+
+This tutorial documents the process of installing OpenVAS 8.0 on Kali Linux rolling. OpenVAS is open source [vulnerability assessment][6] application that automates the process of performing network security audits and vulnerability assessments. Note, a vulnerability assessment also known as VA is not a penetration test, a penetration test goes a step further and validates the existence of a discovered vulnerability, see [what is penetration testing][7] for an overview of what pen testing consists of and the different types of security testing.
+
+### What is Kali Linux?
+
+Kali Linux is a Linux penetration testing distribution. It's Debian based and comes pre-installed with many commonly used penetration testing tools such as Metasploit Framework and other command line tools typically used by penetration testers during a security assessment.
+
+For most use cases Kali runs in a VM, you can grab the latest VMWare or Vbox image of Kali from here: [https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/][8]
+
+Download the full version not Kali light, unless you have a specific reason for wanting a smaller virtual machine footprint. After the download finishes you will need to extract the contents and open the vbox or VMWare .vmx file, when the machine boots the default credentials are root / toor. Change the root password to a secure password.
+
+Alternatively, you can download the ISO version and perform an installation of Kali on the bare metal.
+
+### Updating Kali Linux
+
+After installation, perform a full update of Kali Linux.
+
+Updating Kali:
+
+apt-get update && apt-get dist-upgrade -y
+
+[
+ ![Updating Kali Linux](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/kali-apt-get-update-dist-upgrade.png) 
+][9]
+
+The update process might take some time to complete. Kali is now a rolling release meaning you can update to the current version from any version of Kali rolling. However, there are release numbers but these are point in time versions of Kali rolling for VMWare snapshots. You can update to the current stable release from any of the VMWare images.
+
+After updating perform a reboot.
+
+### Installing OpenVAS 8
+
+[
+ ![Installing OpenVAS 8](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/kali-install-openvas-vulnerability-assessment.png) 
+][10]
+
+apt-get install openvas
+
+openvas-setup
+
+During installation you'll be prompted about redis, select the default option to run as a UNIX socket.
+
+[
+ ![Configure OpenVAS Scanner](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-vulnerability-scanner-enable-redis.png) 
+][11]
+
+Even on a fast connection openvas-setup takes a long time to download and update all the required CVE, SCAP definitions.
+
+[
+ ![Update all the required CVE, SCAP definitions](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-vulnerability-scanner-install-2.png) 
+][12]
+
+Pay attention to the command output during openvas-setup, the password is generated during installation and printed to console near the end of the setup.
+
+[
+ ![Command output during install](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-vulnerability-scanner-install-complete.png) 
+][13]
+
+Verify openvas is running:
+
+netstat -tulpn
+
+[
+ ![Check OpenVAS Status](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-running-netstat.png) 
+][14]
+
+### Start OpenVAS on Kali
+
+To start the OpenVAS service on Kali run:
+
+openvas-start
+
+After installation, you should be able to access the OpenVAS web application at **https://127.0.0.1:9392**
+
+**[
+ ![OpenVAS started](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-self-signed-certificate.png) 
+][5]**
+
+Accept the self-signed certificate and login to the application using the credentials admin and the password displayed during openvas-setup.
+
+[
+ ![Accept the self-signed SSL cert](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/accept-openvas-self-signed-certificate.png) 
+][15]
+
+After accepting the self-signed certificate, you should be presented with the login screen:
+
+[
+ ![OpenVAS Login](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-login-screen.png) 
+][16]
+
+After logging in you should be presented with the following screen:
+
+[
+ ![OpenVAS Dashboard](https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/openvas-menu.png) 
+][17]
+
+From this point you should be able to configure your own vulnerability scans using the wizard.
+
+It's recommended to read the documentation. Be aware of what a vulnerability assessment conductions (depending on configuration OpenVAS could attempt exploitation) and the traffic it will generate on a network as well as the DOS effect it can have on services / servers and hosts / devices on a network.
+
+--------------------------------------------------------------------------------
+
+via: https://www.howtoforge.com/tutorial/openvas-vulnerability-assessment-install-on-kali-linux/
+
+作者：[KJS ][a]
+译者：[译者ID](https://github.com/译者ID)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]:https://www.howtoforge.com/tutorial/openvas-vulnerability-assessment-install-on-kali-linux/
+[1]:https://www.howtoforge.com/tutorial/openvas-vulnerability-assessment-install-on-kali-linux/#what-is-kali-linux
+[2]:https://www.howtoforge.com/tutorial/openvas-vulnerability-assessment-install-on-kali-linux/#updating-kali-linux
+[3]:https://www.howtoforge.com/tutorial/openvas-vulnerability-assessment-install-on-kali-linux/#installing-openvas-
+[4]:https://www.howtoforge.com/tutorial/openvas-vulnerability-assessment-install-on-kali-linux/#start-openvas-on-kali
+[5]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-self-signed-certificate.png
+[6]:https://www.aptive.co.uk/vulnerability-assessment/
+[7]:https://www.aptive.co.uk/penetration-testing/
+[8]:https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
+[9]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/kali-apt-get-update-dist-upgrade.png
+[10]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/kali-install-openvas-vulnerability-assessment.png
+[11]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-vulnerability-scanner-enable-redis.png
+[12]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-vulnerability-scanner-install-2.png
+[13]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-vulnerability-scanner-install-complete.png
+[14]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-running-netstat.png
+[15]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/accept-openvas-self-signed-certificate.png
+[16]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-login-screen.png
+[17]:https://www.howtoforge.com/images/openvas_vulnerability_assessment_install_on_kali_linux/big/openvas-menu.png