Background
OpenVAS is a powerful vulnerability scanning toolkit that consists of a server, client, and manager applications. It can be used to scan systems for known vulnerabilities, and to identify and exploit them. The OpenVAS vulnerability scanner is free and open source software, released under the GNU General Public License.
OpenVAS manual installation has a lot of dependencies and configuration, which sometimes lead to unknown errors and decrease productivity. Therefore, we recommend that you try to install OpenVAS with a Docker container, which only takes a couple of minutes to download and no set up is required. A docker container is a lightweight, independent, and portable operating system instance that can be created from a Dockerfile and run on a single computer or across multiple computers.
Story
Maria was a cybersecurity professional who used OpenVAS to perform a vulnerability assessment on a company’s network. She found several vulnerabilities that could be exploited, and she reported them to the company’s IT department. The IT department was able to fix the vulnerabilities, and the company’s network was secured.
Exercise
Install OpenVAS using Docker and perform a vulnerability scan to validate that OpenVAS if functioning properly.
Learning Objectives
OpenVAS is a very common and useful vulnerability scanning tool.
Downloading, installing, and configuring OpenVAS manually could be very time consuming, especially in a real-world situation where you only have a couple of days or hours to perform a vulnerability scan.
Using Docker is the solution to it all, it is pre-configured and all that is required is to download the Docker container.
Specifications
Create a clean Ubuntu virtual machine OR install WSL2 on your host machine
Install docker
Install OpenVAS
Scan a Windows XP virtual machine with OpenVAS
Validation: You should find a of high-risk vulnerability related to SMB Remote Code Execution
Quality Assurance
Include your student ID in the submission: 09L0ATKY4FQ03orD3VFNWoPY4Bm1
Meet the quality expectations outlined below. We want you to go above and beyond by producing the best possible work. Make work you can be proud of!
Guidelines
Video Submission – Produce a clean screen recording
Quality Expectations
This exercise’s difficulty is at a Novice level. We expect you to produce quality work. For example: Work that is well presented and properly written (i.e. clean screen recording and/or formal English writing) Work that could be shared with prospective employers when applying for a job
References
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-18-04
