OpenVAS

Introduction

Another open-source tool you can use to create an inventory of the software installed on the computers in your network is OpenVAS. OpenVAS will scan your network, store the results of the scan in a database, and make the results available via a web interface. The OpenVAS install is slightly more involved than the Nmap install, but it has a UI and can persist data so that you can see how your network has changed between scans.

To start building your inventory of the software running on your network, use OpenVAS in unauthenticated mode. In this mode, OpenVAS is just another program on a computer on your network. It doesn’t have credentials that allow it to log into computers on your network to find what’s installed. It just scans all the IP addresses you tell it to scan. When it finds a computer, it checks for open ports and tries to discover as much as it can about the services running on those ports. Because it runs without any special privileges or credentials, it’s not finding anything an attacker on your network could not find.

Banner grabbing

Let’s take a look at banner grabbing, which is one of the main techniques OpenVAS uses to find what software is running on your network. Banner grabbing is just looking at the responses that come back from servers and seeing if they disclose what software they’re running. If we look at the HTTP response that comes back from a request to the Apache website, we see a Server header that lists not only the HTTP server software and version number but also the name of the operating system in use: