OpenVAS: The world’s most advanced Open Source vulnerability scanner and manager

I am here again after quite a long time now. The reason was simply my MS Degree. For those of you who does not know i started my MS degree in Information Security. Luckily i got admission in one of the top University of Pakistan, NUST (National University of Science and Technology). Any ways, today my topic for this blog post is OpenVAS, The world’s most advanced open source vulnerability scanner and manager.

OpenVAS is the abbreviation of Open Vulnerability Assessment System. OpenVAS is basically a framework of different services which not only provides the vulnerability scanning solution but also provides the vulerability management solution. OpenVAS Vulnerability tests are carried out using Network Vulnerability Tests feeds which are usually updated daily.

Let me first explain the architecture of the OpenVAS.

OpenVAS Architecture

OpenVAS Scanner

The core of the OpenVAS is its scanner called OpenVAS Scanner. The OpenVAS Scanner scans the target system by using NVTs which are updated daily and available freely but commercials feeds can also be used with scanner for scanning.

OpenVAS Manager

OpenVAS Manager is the service which uses the plain scanning of OpenVAS Scanner and provides the vulnerability management solution. It controls the scanner via OTP which is OpenVAS Transfer protocol and itself offers XML based OpenVAS Management Protocol (OMP). The Manager also interacts with a database which stores configurations related to the OpenVAS and also stores the scanning results. It also handles user management.

OpenVAS Clients

There are two basic clients available to interact with OpenVAS Manager for performing various tasks.

Greenbone Secuirty Assistant

Greenbone Secuirty Assistant (GSA) is a web based client offering an easy to use interface to perform various tasks related to OpenVAS.

OpenVAS CLI

OpenVAS CLI contains the command line tool “omp” which allows to create batch processes to drive OpenVAS Manager.

The Whole working of the OpenVAS can be described by the following picture taken from http://openvas.org

You can comment and ask any question if you have about OpenVAS.

PHP Debugging in Netbeans

I have been trying to use php debugging feature of netbeans. I tried it before but did not get it to work.

But this is how i did it.

I installed Xdebug on a Fedora 20 in order to use it with netbeans 7.4.

Install Xdebug:

sudo yum install php-pecl-xdebug.x86_64

Add this lines to php.ini at the end of the file:

sudo vi /etc/php.ini

zend_extension=/usr/lib64/php/modules/xdebug.so xdebug.remote_enable=1 xdebug.remote_handler=dbgp xdebug.remote_mode=req xdebug.remote_host=127.0.0.1 xdebug.remote_port=9000

Add the same lines to xdebug.ini file:

sudo vi /etc/php-zts.d/xdebug.ini

xdebug.remote_enable=1 xdebug.remote_handler=dbgp xdebug.remote_mode=req xdebug.remote_host=127.0.0.1 xdebug.remote_port=9000

Allow port for Xdebug

sudo semanage port -a -t http_port_t -p tcp 9000

Now find your netbeans.conf file in your system:

sudo find / -name netbeans.conf

Now, open up the file and add the text “-J-Dorg.netbeans.modules.php.dbgp.level=400? in netbeans_default_options so that the line looks somewhat like this:

netbeans_default_options="-J-client -J-Xss2m -J-Xms32m -J-XX:PermSize=32m -J-Dnetbeans.logger.console=true -J-ea -J-Dapple.laf.useScreenMenuBar=true -J-Dapple.awt.graphics.UseQuartz=true -J-Dsun.java2d.noddraw=true -J-Dsun.zip.disableMemoryMapping=true -J-Dsun.awt.disableMixing=true -J-Dnetbeans.extbrowser.manual_chrome_plugin_install=yes -J-Dorg.netbeans.modules.php.dbgp.level=400"

Restart both NetBeans IDE and apache:

sudo systemctl restart httpd

and there you go.

Simple App with AngularJS and Laravel 4

This is my first attempt of making a simple Web Application using Angular JS and Laravel 4.

I will not go into much detail about Laravel 4 in this post.

So without further ado, here is what i did.

I created a resource controller by using

php artisan controller:make NewsController

In the index() method i just returned all the News items

public function index() { return News::all(); }

The show() method looks like this.

public function show($id) { return News::find($id); }

I added following routes in my routes.php file.

Route::resource('news', 'NewsController');

Route::get('shownews', function(){ return View::make('news'); }); Route::get('shownews/{id}', function($id){ return View::make('news-detail')->with('id',$id); });

I created a View called news.php. (It is not a blade template)

<head> <title>Learning AngularJS</title> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.7/angular.min.js" type="text/javascript"></script> <script src="<?php echo asset('/js/app.js'); ?>" type="text/javascript"></script> <script src="<?php echo asset('/js/newscontroller.js'); ?>" type="text/javascript"></script>

</head> <body> <div id='content' ng-app="NewsApp" ng-controller="NewsController" ng-init="init()"> <ul> <li ng-repeat="news in results"> <p><a href="<?php echo url('news/show');?>/{{news.id}}">{{news.title}}</a></p> <p>{{news.description}}</p> </li> </ul> </div> </body>

and news-detail.php

<!DOCTYPE html> <head> <title>Learning AngularJS</title> <script src="https://ajax.googleapis.com/ajax/libs/angularjs/1.0.7/angular.min.js" type="text/javascript"></script> <script src="<?php echo asset('/js/app.js'); ?>" type="text/javascript"></script> <script src="<?php echo asset('/js/newscontroller.js'); ?>" type="text/javascript"></script>

</head> <body> <div id='content' ng-app="NewsApp" ng-controller="NewsController" ng-init="detail(<?php echo $id; ?>)"> <ul> News <li ng-repeat="news in results"> <p><a href="<?php echo url('news/show');?>/{{news.id}}">{{news.title}}</a></p> <p>{{news.description}}</p> </li> </ul> </div> </body> </html>

The app.js and newscontroller.js looks like the following.

app.js code:

var app = angular.module('NewsApp',[]);

newscontroller.js code:

app.controller("NewsController", function ($scope, $http) { $scope.init = function () { console.log('This is data'); $scope.results = []; $http.get('http://localhost/laravel/public/news/').success(function (data) { angular.forEach(data, function (value, index) { $scope.results.push(value); }); console.log(data); console.log('This is data'); }).error(function (error) { }); } $scope.detail = function (id) { console.log('This is data'); $scope.results = []; $http.get('http://localhost/laravel/public/news/' + id + '/').success(function (data) { $scope.results.push(data); }).error(function (error) { }); } });

It worked, If you go to your http://localhost/project/public/shownews/ , It will show you the list of news with the link to the detail page.

If there is a better way out there to do this, please let me know. I think there must be as i am just a starter to AngularJS.

Add new methods to a resource controller in Laravel 4

So Its me again with Laravel 4 development. Today I am going to discuss about the Resource Controllers in Laravel 4 a bit.

For creating a Resource Controller in Laravel you can use the following command from within your project directory where artisan is located.

php artisan controller:make UsersController

After creating the Controller, Following methods will be created by default.

index, create, store, edit, update, destroy

What if a new method is needed. Scratching head!

The solution is simple.

Just add a route to that method separately, before you register the resource.

Route::get(‘users/status’, ‘UsersController@status’);
Route::resource(‘users’, ‘UsersController’);

I hope it will help someone.

Controller method not found, Error, Laravel 4

Today while Working with Resourceful Controller in Laravel 4, i was facing the following error.

Controller method not found

I googled and found the following link.

http://laravel.io/topic/30/routes-first-in-first-out

This did increase my knowledge but what i found is interesting, The problem was with my routes and Controller class.

Before when i was facing the error the route was.

Route::resource('groups', 'Admin\GroupController');

I renamed the GroupController to GroupsController and everything seems to be working fine. It seems that Groups and groups should match, Dont know why. But it worked.

Route::resource('groups', 'Admin\GroupsController');

Laravel 4: Organizing Controllers and views in folders

Its been so long that I have not written any blog post on my blog. So today i thought i should share something related to Laravel 4 framework.

I have been trying Laravel 4 for the last few days at office. Today i tried to organize the Controllers and Views in the folders so i faced some problems. But after some searching, I eventually figured it out. So if you ever want to use folders in Controllers and Views here is the Little guide.

Create a Folder Admin in app/controllers directory.

Add a SomeController.php file in it.

–app/
—- controllers/
——admin/SomeController.php

The code should look like this.
use BaseController; use View; class SomeController extends BaseController{ public function showAction(){ return View::make('admin.shownews'); //admin.shownews means shownews.php is in admin folder within views folder } }
routes.php should look like this:

Route::get('news/show','Admin\NewsController@showAction');

I hope this will solve the problem for any one who is searching for the solution.

Panoramas by me!

Panorama’s experiment!

The Last sunset of 2010

This is the last sunset of 2010 and some other photos of islamabad.

Night Scenes of islamabad from Peer Sohawa

Night Scenes of islamabad from Peer Sohawa ofcourse photographed by me.

Division operator in Relational Databases

Yesterday before submitting my assignment of the database, which was totally related to relational algebra queries, i got stuck in Division operator. I read the text book of Connolly “Introduction to Database System” But the formulas got me confused.

Then eventually I’ve just got a copy of THE MANGA GUIDE TO DATABASES (ISBN 978-1-59327-190-9); it is one of a series of “Manga Guides” (the others are Calculus and Statistics). Since I consider myself a long time comic book fan, rather than a Dummy or an Idiot, I prefer these titles over their competition on the book shelf. But beside the risk that the title poses to my personal dignity, the book is a really good introductory book. You just have to get over the Japanese ‘database fairy’ Tico in the Kingdom of Kod.

The book has a section on basic RDBMS in which they mention Codd’s eight original operations on tables. If you don’t remember them, they were the three classic set operators: UNION, INTERSECTION and DIFFERENCE and five relationship operators: JOIN, PROJECTION, SELECTION, CARTESIAN PRODUCT and DIVISION. Since RDBMS is based on sets, you can see why the classic set operators are there. What is hard to figure out is why it took so long to get INTERSECTION and DIFFERENCE into SQL. We had JOIN, PROJECTION, SELECTION and CARTESIAN PRODUCT right away in SQL because you cannot do anything without them in an RDBMS.

The Book explains the division operator like this.

Division is the operation that extracts the rows whose column values matches those in the 2nd table, but only return the columns that don’t exist in the 2nd table. Confused?

Here is the example

and the result

I hope now at least my classmates will understand the division operator in relational model.

Though that’s not all but this is the basic understanding to begin with. After all we are only studying “Introduction to databases” not Advanced database Systems

Sajid Zaman

A Blog about Learning few basic things