安装并启动openvas

apt-get install openvas

# 设置openvas，下载最新的规则，需要很长时间
openvas-setup

# 创建账号
root@kali:~# openvasmd --create-user=adminroot --role=Admin
User created with password 'f99fe72f-26cb-40e6-9b58-4f83fa0f41ae'.

# 启动openvas服务
openvas-start

msf加载并使用openvas

# 加载openvas
msf > load openvas 
[*] Welcome to OpenVAS integration by kost and averagesecurityguy.
[*] 
[*] OpenVAS integration requires a database connection. Once the 
[*] database is ready, connect to the OpenVAS server using openvas_connect.
[*] For additional commands use openvas_help.
[*] 
[*] Successfully loaded plugin: OpenVAS

# 查看帮助
msf > openvas_help 
[*] openvas_help                  Display this help
[*] openvas_debug                 Enable/Disable debugging
[*] openvas_version               Display the version of the OpenVAS server
[*] 
[*] CONNECTION
[*] ==========
[*] openvas_connect               Connects to OpenVAS
[*] openvas_disconnect            Disconnects from OpenVAS
[*] 
[*] TARGETS
[*] =======
[*] openvas_target_create         Create target
[*] openvas_target_delete         Deletes target specified by ID
[*] openvas_target_list           Lists targets
[*] 
[*] TASKS
[*] =====
[*] openvas_task_create           Create task
[*] openvas_task_delete           Delete a task and all associated reports
[*] openvas_task_list             Lists tasks
[*] openvas_task_start            Starts task specified by ID
[*] openvas_task_stop             Stops task specified by ID
[*] openvas_task_pause            Pauses task specified by ID
[*] openvas_task_resume           Resumes task specified by ID
[*] openvas_task_resume_or_start  Resumes or starts task specified by ID
[*] 
[*] CONFIGS
[*] =======
[*] openvas_config_list           Lists scan configurations
[*] 
[*] FORMATS
[*] =======
[*] openvas_format_list           Lists available report formats
[*] 
[*] REPORTS
[*] =======
[*] openvas_report_list           Lists available reports
[*] openvas_report_delete         Delete a report specified by ID
[*] openvas_report_import         Imports an OpenVAS report specified by ID
[*] openvas_report_download       Downloads an OpenVAS report specified by ID

# 连接openvas
msf > openvas_connect adminroot f99fe72f-26cb-40e6-9b58-4f83fa0f41ae 127.0.0.1 9390
[*] Connecting to OpenVAS instance at 127.0.0.1:9390 with username adminroot...
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS connection successful

# 创建一个目标
openvas_target_create  "给目标取一个名字"  目标IP  目标的简单描述
msf > openvas_target_create "winXP" 192.168.10.122 "windows targe"
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] 4ee16ae0-0350-4597-98e2-de46ccc7ca0b
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of targets

ID                                    Name   Hosts           Max Hosts  In Use  Comment
--                                    ----   -----           ---------  ------  -------
4ee16ae0-0350-4597-98e2-de46ccc7ca0b  winXP  192.168.10.122  1          0       windows targe


# 查看扫描配置项
msf > openvas_config_list 
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of configs

ID                                    Name
--                                    ----
085569ce-73ed-11df-83c3-002264764cea  empty
2d3f051c-55ba-11e3-bf43-406186ea4fc5  Host Discovery
698f691e-7489-11df-9d8c-002264764cea  Full and fast ultimate
708f25c4-7489-11df-8094-002264764cea  Full and very deep
74db13d6-7489-11df-91b9-002264764cea  Full and very deep ultimate
8715c877-47a0-438d-98a3-27c7a6ab2196  Discovery
bbca7412-a950-11e3-9109-406186ea4fc5  System Discovery
daba56c8-73ec-11df-a475-002264764cea  Full and fast

# 创建一个任务
openvas_task_create "任务名称" "描述" 配置项ID  目标ID
msf > openvas_task_create "task_of_winXP" "xp_comment" daba56c8-73ec-11df-a475-002264764cea 4ee16ae0-0350-4597-98e2-de46ccc7ca0b
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] 5fd5fc77-e7f2-4031-8061-559b4eb772cc
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks

ID                                    Name           Comment     Status  Progress
--                                    ----           -------     ------  --------
5fd5fc77-e7f2-4031-8061-559b4eb772cc  task_of_winXP  xp_comment  New     -1

# 开始任务
openvas_task_start 任务ID
msf > openvas_task_start 5fd5fc77-e7f2-4031-8061-559b4eb772cc
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[*] <X><authenticate_response status='200' status_text='OK'><role>Admin</role><timezone>UTC</timezone><severity>nist</severity></authenticate_response><start_task_response status='202' status_text='OK, request submitted'><report_id>3e7be1de-bcc3-47f9-8753-30901914d68f</report_id></start_task_response></X>

# 查看任务
msf > openvas_task_list 
/usr/share/metasploit-framework/vendor/bundle/ruby/2.5.0/gems/openvas-omp-0.0.4/lib/openvas-omp.rb:201: warning: Object#timeout is deprecated, use Timeout.timeout instead.
[+] OpenVAS list of tasks

ID                                    Name     Comment  Status   Progress
--                                    ----     -------  ------   --------
9f53f3c2-7f4b-46fb-9fe6-c5273f7183d4  task_xp  dis      Running  1

# 查看openvas报告类型
msf > openvas_format_list 
[+] OpenVAS list of report formats

ID                                    Name           Extension  Summary
--                                    ----           ---------  -------
5057e5cc-b825-11e4-9d0e-28d24461215b  Anonymous XML  xml        Anonymous version of the raw XML report
50c9950a-f326-11e4-800c-28d24461215b  Verinice ITG   vna        Greenbone Verinice ITG Report, v1.0.1.
5ceff8ba-1f62-11e1-ab9f-406186ea4fc5  CPE            csv        Common Product Enumeration CSV table.
6c248850-1f62-11e1-b082-406186ea4fc5  HTML           html       Single page HTML report.
77bd6c4a-1f62-11e1-abf0-406186ea4fc5  ITG            csv        German "IT-Grundschutz-Kataloge" report.
9087b18c-626c-11e3-8892-406186ea4fc5  CSV Hosts      csv        CSV host summary.
910200ca-dc05-11e1-954f-406186ea4fc5  ARF            xml        Asset Reporting Format v1.0.0.
9ca6fe72-1f62-11e1-9e7c-406186ea4fc5  NBE            nbe        Legacy OpenVAS report.
9e5e5deb-879e-4ecc-8be6-a71cd0875cdd  Topology SVG   svg        Network topology SVG image.
a3810a62-1f62-11e1-9219-406186ea4fc5  TXT            txt        Plain text report.
a684c02c-b531-11e1-bdc2-406186ea4fc5  LaTeX          tex        LaTeX source file.
a994b278-1f62-11e1-96ac-406186ea4fc5  XML            xml        Raw XML report.
c15ad349-bd8d-457a-880a-c7056532ee15  Verinice ISM   vna        Greenbone Verinice ISM Report, v3.0.0.
c1645568-627a-11e3-a660-406186ea4fc5  CSV Results    csv        CSV result list.
c402cc3e-b531-11e1-9163-406186ea4fc5  PDF            pdf        Portable Document Format report.

# 查看任务结束之后的报告
msf > openvas_report_list 
[+] OpenVAS list of reports

ID                                    Task Name  Start Time            Stop Time
--                                    ---------  ----------            ---------
a6f037de-489e-4e9a-b5de-eafd8b723635  task_xp    2018-12-06T07:38:09Z  2018-12-06T08:11:22Z

# 导入报告
openvas_report_import 报告ID 报告类型ID
msf > openvas_report_import a6f037de-489e-4e9a-b5de-eafd8b723635 9ca6fe72-1f62-11e1-9e7c-406186ea4fc5
[*] Importing report to database.

# 查看结果,之后就是根据CVE编码来选择合适的攻击模块了
msf > vulns 
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=ICMP Timestamp Detection refs=CVE-1999-0524 
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=Linux Kernel IGMP Remote Denial Of Service Vulnerability refs=CVE-2012-0207,BID-51343 
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=Microsoft IIS FTP Server 'ls' Command DOS Vulnerability refs=CVE-2009-2521,BID-36273 
[*] Time: 2018-12-06 08:21:23 UTC Vuln: host=192.168.10.122 name=Microsoft Windows SMB Server Multiple Vulnerabilities-Remote (4013389) refs=CVE-2017-0143,CVE-2017-0144,CVE-2017-0145,CVE-2017-0146,CVE-2017-0147,CVE-2017-0148,BID-96703,BID-96704,BID-96705,BID-96707,BID-96709,BID-96706 
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: Deprecated SSLv2 and SSLv3 Protocol Detection refs=CVE-2016-0800,CVE-2014-3566 
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: Report Vulnerable Cipher Suites for HTTPS refs=CVE-2016-2183,CVE-2016-6329 
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: Report Weak Cipher Suites refs=CVE-2013-2566,CVE-2015-2808,CVE-2015-4000 
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: RSA Temporary Key Handling 'RSA_EXPORT' Downgrade Issue (FREAK) refs=CVE-2015-0204,BID-71936 
[*] Time: 2018-12-06 08:21:24 UTC Vuln: host=192.168.10.122 name=SSL/TLS: SSLv3 Protocol CBC Cipher Suites Information Disclosure Vulnerability (POODLE) refs=BID-70574 
[*] Time: 2018-12-06 08:21:25 UTC Vuln: host=192.168.10.122 name=Vulnerabilities in SMB Could Allow Remote Code Execution (958687) - Remote refs=CVE-2008-4114,CVE-2008-4834,CVE-2008-4835,BID-31179