which may be the case if you are working with proof-of-concept exploits, you should
be checking your system for viruses and other malware. Yes, this is just as true on
Linux as it is on other platforms. Linux is not invulnerable to attacks or malware. Best
to keep your system as clean and safe as you can.
Remote Vulnerabilities
While you may sometimes be given access to systems by working closely with your
target, you definitely will have to run remote checks for vulnerabilities when you are
doing security testing. When you get complete access, which may include credentials
to test with, desktop builds to audit without impacting users, or configuration set‐
tings from network devices, you are doing
white-box testing
. If you have no coopera‐
tion from the target, aside from a clear agreement with them about what you are
planning on doing, you are doing
black-box testing
; you don’t know anything at all
about what you are testing. You may also do
gray-box testing
. This is somewhere
between white box and black box, though there are a lot of gradations in between.
When testing for remote vulnerabilities, it’s useful to get a head start. You will need to
use a vulnerability scanner. The vulnerability scanner OpenVAS can be easily
installed on Kali Linux. While it’s not the only vulnerability scanner that can be used,
it is freely available and included with the Kali Linux repositories. This should be
considered a starting point for your vulnerability testing. If all it took was to just run
a scanner, anyone could do it. Running vulnerability scanners isn’t hard. The value of
someone doing security testing isn’t loading up a bunch of automated tools. Instead,
it’s the interpretation and validation of the results as well as going beyond the auto‐
mated tools.
Earlier, we explored how OpenVAS can be used for local scanning. It can also be used,
and perhaps is more commonly known, for scanning for remote vulnerabilities. This
is what we’re going to be spending some time looking at now. OpenVAS is a fairly
dense piece of software, so we’ll be skimming through some of its capabilities rather
than providing a comprehensive overview. The important part is to get a handle on
how vulnerability scanners work.
The OpenVAS project began when Nessus, a well-known vulnera‐
bility scanner, became closed source with a commercial offering.
OpenVAS began as a fork of the last open source version of Nessus.
Since that time, significant architectural changes have occurred in
the design of the software. Although Nessus has gone to a web
interface, there is no resemblance at all between OpenVAS and
Nessus.
When using OpenVAS or any vulnerability scanner, there will be a collection or data‐
base of known vulnerabilities. This means the collection should be regularly updated,
