Man Linux: Main Page and Category List

NAME

       OpenVAS-Client - The client part of the OpenVAS Security Scanner

SYNOPSIS

       OpenVAS-Client  [-v]  [-h]  [-n]  [-T <type>] [-q [-pPS] host port user
       password targets results]

       OpenVAS-Client -i in.nbe -o out.[html|xml|nbe]

DESCRIPTION

       The OpenVAS Security Scanner is a security auditing tool made up of two
       parts:  a  server,  and a client.  The server, openvasd is in charge of
       the attacks, whereas the client OpenVAS-Client provides an interface to
       the user.

       OpenVAS-Client is an X11 client based on GTK+2.

       This man page explains how to use the client.

OPTIONS

       -c <config-file>, --config-file=<config-file>
              use another configuration file.

       -n, --no-pixmaps
              no pixmaps. This is handy if you are running OpenVAS-Client on a
              remote computer.

       -q, --batch-mode
              quiet mode or batch mode.  Setting this  option  makes  OpenVAS-
              Client expect all of the following settings.
              -p
                      obtain list of plugins installed on the server.
              -P
                     obtain list of server and plugin preferences.
              -S
                     issue SQL output for -p and -P (experimental).
              · host
                     is the openvasd host to whom you will connect.
              · port
                     is  the  port  to  which  you  will connect on the remote
                     openvasd host.
              · user
                     is the user name to use to connect to openvasd.
              · password
                     is the password associated with this user name.
              · targets
                     is the name of a file containing the target machines.
              · results
                     is the name of the file where the results will be  stored
                     at the end of the test.

       -T <type>, --output-type=<type>"
              Save  the  data  as  <type>,  where <type> can be “nbe”, “html”,
              “html_graph”, “text”, “xml”, “tex”

       -V, --verbose
              make the batch mode display status messages to the screen.

       -x, --dont-check-ssl-cert
              do not check SSL certificates.

       -v, --version
              shows version number and quits

       -h, --help
              lists the available options

The X11 interface

       The OpenVAS-Client interface is divided in several panels:

       · The “Openvasd host” section:
              In this section, you must enter the openvasd host  to  whom  you
              will  connect,  as  well  as  the port. You must also enter your
              openvasd user name  and  your  password  (not  the  one  of  the
              system).  Once  you  are  done,  you  must click on the “Log in”
              button, which will establish  the  connection  to  the  openvasd
              host.
              Once the connection is established, openvasd sends to the client
              the list of attacks it will perform,  as  well  as  the  default
              preferences to use.

       · The “Target Selection” section:
              · In this section, you are required to enter the primary target.
              A primary target may be a single host  (e.g.  x.y.test),  an  IP
              (e.g.  192.168.1.1), a subnet (e.g. 192.168.1.1/24 or x.y.test),
              or a list of  hosts,  separated  by  commas  (e.g.  192.168.1.1,
              192.168.2.1/24, x.y.test, a.b.test).

              · You can restrict the maximum number of hosts to test using the
              “Max Hosts” entry.  This is a feature  that  prevents  you  from
              scanning  too  many  machines;  or  accidentally  scanning other
              machines.  (For instance, if you only plan to test x.y.info  and
              a.b.info, you can safely set this entry to “2”).

              ·  This  panel also allows you to enable the “Perform a DNS zone
              transfer” option. This option is dangerous and should be enabled
              with  caution.   For  instance,  if you want to test www.x.test,
              then if this option is set, openvasd will  attempt  to  get  the
              list of the hosts in the “x.test” domain.

              This option may be dangerous. For instance, if you enable it and
              you ask to test 192.168.1.1/24, then openvasd will do a  reverse
              lookup  on  every  IP,  and  will attempt a DNS zone transfer on
              every  domain.  That  is,  if  192.168.1.1  is  www.x.test,  and
              192.168.1.10  is  mail.x.test,  then a DNS zone transfer will be
              made on the domains “x.test” and “test.x”.

       · The “Plugins” section
              Once you have  successfully  logged  into  the  remote  openvasd
              server,  this section is filed with the list of the attacks that
              the server will perform. This panel is divided in two parts: the
              plugins  families,  and  the plugins themselves. If you click on
              the name of a plugin, then a dialog  will  appear,  showing  you
              which will be the error message sent by the plugin if the attack
              is successful.

Report conversion

       You can use OpenVAS-Client to do conversion between  formats  used  for
       reports.  OpenVAS  can  take any NBE reports and change them into HTML,
       XML or NBE reports.

       Please note that the XML report provides usually more information about
       the scan itself NBE format do not include in the report.

       Basically,  XML  is a merge between the .nbe reports and the .openvasrc
       configuration file. You won’t get extra verbosity or diagnosis info  in
       the  XML  report,  but  you’ll know which plugins (and which version of
       these plugins) have been enabled during the scan.

       For more information  on  the  report  formats  please  read  the  file
       nbe_file_format.txt provided along with the documentation.

ENVIRONMENT VARIABLES

       HOME   The path to the user’s home directory which will hold the client
              configuration cache .openvasrc.  The path is refered to  as  ~/,
              below.

       OPENVASHOME
              If  this  environment variable is set, this path is used instead
              of the path defined by the HOME variable.  This path is referred
              to as ~/, below.

              % More examples should be included here (jfs)

EXAMPLES

       To run a batch scan from a cron job and publish it in a given web space
       ( /var/www/html/openvas/ ) try the following:

       OpenVAS-Client -c /root/openvas/openvas.rc -T html -qx  localhost  9390
       batch batch1 /root/openvas/target /var/www/html/openvas/results.html

       Make   sure   that  paranoia  level  is  not  set  in  your  openvas.rc
       configuration file, otherwise the scan will not work

FILES

       ~/.openvasrc
              is the client configuration file,  which  contains  the  options
              about  which  openvasd  server  to  connect to, which plugins to
              activate, and so on.  The file is created  automatically  if  it
              does not exist.

SEE ALSO

       openvasclient-mkcert(1)

MORE INFORMATION ABOUT THE OPENVAS PROJECT

       The  canonical  places  where  you will find more information about the
       OpenVAS project are:

              http://www.openvas.org/

AUTHORS

       Author of developments prior to the fork from  NessusClient  is  Renaud
       Deraison <deraison@cvs.nessus.org>.

       Several  other  people  have  been  kind enough to send patches and bug
       reports.  Thanks to them.