OpenVAS
I’m getting fed up with Nessus 4.2.2/4.4.0 and its HTTPS timeouts, crap SSH banner handling (the $PS1/last bug) and closed-source nature meaning that we can’t use certain Linux distro’s anymore; and the fact that it uses Flash10 means we can’t use it over Citrix.
So I thought I’d give OpenVAS a try. Well all I can say is come back Nessus, all is forgiven!
For an opensource platform, OpenVAS really sucks as far as documentation and packaging goes.
Installation packages are all dealt with via odd openSUSE build servers that there are no instructions for – sorry but how do you install packages for Fedora from a SUSE build system?!
I eventually found a YUM repo file for Fedora 13, which despite being for v4 actually installed 3.2 code which didn’t work, the manager wouldn’t start and gsd required 777 permissions on /var/log/openvas/ for it to start.
On Debian 5 I found that you have to add this to your /etc/apt/source.lst, then you can install the packages, but openvas-manager won’t start and openvas-client/gsd won’t connect. After finding a post on an old mailling list archive, I found that you have to run:
apt-get install sqlite3
openvas-mkcert
openvas-mkcert-client -n om -i
openvas-adduser
openvas-nvt-sync
But that still doesn’t seem to work, so I next tried the stable v3 repository, that doesn’t seem to work either as the plugins are too new for it now!
OpenVAS bundles openvas-client its rebuild of NessusClient from Nessus 4.0 which on Nessus 4.2 or later only works on a ProFeed, and is no longer supported anyway. Also OpenVAS bundles openvas-cli which replaces nessus/nessuscmd which are deprecated in Nessus 4.2+ too.
You can check out the latest code from the SVN server, but there are no build instructions, and the preferred build environment is Debian 5 apparently, not OpenSUSE 11 at all, and 4beta2 doesn’t seem to be in SVN anyway.
You can download a prebuilt Virtual Machine which is openSUSE 11.2 with a half-arsed install of OpenVAS-3 without the desktop client, despite what it says is shipped with the desktop version.
Note that’s 3 different linux distro’s and about 5 different OpenVAS versions I’ve tried now, and none work – well the VM got the closest to it. Nice waste of 3 hours thanks!
It does seem that their NASL support is current as of about Nessus 4.0, there’s a few modifications needed to get NASL 4.2+ scripts working.
One nice thing about OpenVAS is that it uses rsync to do its plugin feed update, so in theory you could rsync from your local install to a remote server, and not have to worry about proprietary licensing. It only has half the plugins that Nessus does, at about 20,000 as opposed to 40,000.
There is some sort of commercial support from Greenbone but of course no pricing or SLA info.
I also updated the blog to WordPress 3.0.2