This is a program that can be used on a regular basis by anyone who operates a Linux
system so they can be aware of issues they need to correct. As someone involved in
penetration or security testing, though, this is a program you can be running on
Linux systems that you get access to. If you are working hand in hand with the com‐
pany you are testing for, performing local scans will be easier. You may be provided
local access to the systems so you can run programs like this. You would need this
program installed on any system you wanted to run it against, of course. In that case,
you wouldn’t be running it from Kali itself. However, you can get a lot of experience
with
lynis
by running it on your local system and referring to the output.
OpenVAS Local Scanning
You are not limited to testing on the local system for local vulnerabilities. By this I
mean that you don’t have to be logged in to running programs in order to perform
testing. Instead, you can use a remote vulnerability scanner and provide it with login
credentials. This will allow the scanner to log in remotely and run the scans through a
login session.
As an example, OpenVAS is a vulnerability scanner that can be installed on Kali
Linux. While it is primarily a remote vulnerability scanner, as you will see, it can be
provided with credentials to log in. Those login credentials, shown being configured
in
Figure 4-2
, will be used by OpenVAS to log in remotely in order to run tests locally
through the login session. You can select the option for OpenVAS to autogenerate,
which will have OpenVAS trying passwords against a specified username.
Figure 4-2. Credential setting in OpenVAS
