Configures and executes authenticated vulnerability scans using OpenVAS/GVM with SSH and SMB credentials for comprehensive host-level security assessments.
npx claudepluginhub killvxk/cybersecurity-skills-zhThis skill uses the workspace's default tool permissions.
OpenVAS(开放式漏洞评估扫描器,Open Vulnerability Assessment Scanner)是 Greenbone 漏洞管理(GVM,Greenbone Vulnerability Management)框架的扫描组件。认证扫描使用有效凭据(Linux 使用 SSH、Windows 使用 SMB、VMware 使用 ESXi)登录目标系统,能够检测本地漏洞、缺失补丁以及未认证扫描无法发现的配置错误。认证扫描通常比未认证扫描发现多 10-50 倍的漏洞。
Configures and executes authenticated vulnerability scans using OpenVAS/GVM with SSH and SMB credentials for detailed host-level security assessments and audits.
Configures and executes authenticated vulnerability scans using OpenVAS/GVM with SSH/SMB credentials for detecting local vulnerabilities on Linux/Windows hosts.
Guides authenticated vulnerability scans: create Linux/Windows service accounts via bash/powershell, configure SSH/SMB/WMI creds for Nessus/Qualys to detect 45-60% more vulns via deep host checks.
Share bugs, ideas, or general feedback.
OpenVAS(开放式漏洞评估扫描器,Open Vulnerability Assessment Scanner)是 Greenbone 漏洞管理(GVM,Greenbone Vulnerability Management)框架的扫描组件。认证扫描使用有效凭据(Linux 使用 SSH、Windows 使用 SMB、VMware 使用 ESXi)登录目标系统,能够检测本地漏洞、缺失补丁以及未认证扫描无法发现的配置错误。认证扫描通常比未认证扫描发现多 10-50 倍的漏洞。
# 安装 GVM 软件包
sudo apt update && sudo apt install -y gvm
# 执行初始化设置(创建管理员账户,同步漏洞数据库)
sudo gvm-setup
# 检查安装状态
sudo gvm-check-setup
# 启动所有 GVM 服务
sudo gvm-start
# 访问 Greenbone Security Assistant:https://127.0.0.1:9392
# 拉取 Greenbone 社区版镜像
docker pull greenbone/gvm:stable
# 使用 docker-compose 运行
curl -fsSL https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml \
-o docker-compose.yml
# 启动容器栈
docker compose -f docker-compose.yml -p greenbone-community-edition up -d
# 等待漏洞数据库同步(首次同步需 15-30 分钟)
docker compose -f docker-compose.yml -p greenbone-community-edition \
logs -f gvmd 2>&1 | grep -i "feed"
# 使用 gvm-cli 创建基于密钥认证的 SSH 凭据
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_credential>
<name>Linux SSH Key</name>
<type>usk</type>
<login>scan_user</login>
<key>
<private><![CDATA['"$(cat /home/scan_user/.ssh/id_rsa)"']]></private>
<phrase>key_passphrase</phrase>
</key>
</create_credential>'
# 创建基于密码认证的 SSH 凭据
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_credential>
<name>Linux SSH Password</name>
<type>up</type>
<login>scan_user</login>
<password>scan_password_here</password>
</create_credential>'
# 创建用于 Windows 认证扫描的 SMB 凭据
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_credential>
<name>Windows SMB Cred</name>
<type>up</type>
<login>DOMAIN\scan_account</login>
<password>smb_password_here</password>
</create_credential>'
# 创建用于 VMware 主机扫描的 ESXi 凭据
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_credential>
<name>ESXi Root</name>
<type>up</type>
<login>root</login>
<password>esxi_password_here</password>
</create_credential>'
# 创建带有 SSH 凭据的目标(Linux 主机)
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_target>
<name>Linux Production Servers</name>
<hosts>192.168.1.10,192.168.1.11,192.168.1.12</hosts>
<port_list id="33d0cd82-57c6-11e1-8ed1-406186ea4fc5"/>
<ssh_credential id="CREDENTIAL_UUID_HERE">
<port>22</port>
</ssh_credential>
<alive_test>ICMP, TCP-ACK Service and ARP Ping</alive_test>
</create_target>'
# 创建带有 SMB 凭据的目标(Windows 主机)
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_target>
<name>Windows Domain Controllers</name>
<hosts>192.168.1.20,192.168.1.21</hosts>
<port_list id="33d0cd82-57c6-11e1-8ed1-406186ea4fc5"/>
<smb_credential id="SMB_CREDENTIAL_UUID_HERE"/>
<alive_test>ICMP, TCP-ACK Service and ARP Ping</alive_test>
</create_target>'
| 配置名称 | OID | 适用场景 |
|---|---|---|
| Full and fast | daba56c8-73ec-11df-a475-002264764cea | 标准生产环境扫描 |
| Full and deep | 708f25c4-7489-11df-8094-002264764cea | 深度扫描,可能影响性能 |
| System Discovery | 8715c877-47a0-438d-98a3-27c7a6ab2196 | 主机与服务枚举 |
# 克隆 "Full and fast" 配置并自定义
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_config>
<copy>daba56c8-73ec-11df-a475-002264764cea</copy>
<name>Authenticated Full Scan</name>
</create_config>'
# 创建扫描任务
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_task>
<name>Weekly Authenticated Scan - Linux Prod</name>
<config id="CONFIG_UUID"/>
<target id="TARGET_UUID"/>
<scanner id="08b69003-5fc2-4037-a479-93b440211c73"/>
</create_task>'
# 启动扫描任务
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<start_task task_id="TASK_UUID"/>'
# 检查扫描进度
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<get_tasks task_id="TASK_UUID"/>'
# 创建每周计划(每周日凌晨 2:00 UTC)
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<create_schedule>
<name>Weekly Sunday 2AM</name>
<icalendar>
BEGIN:VCALENDAR
VERSION:2.0
BEGIN:VEVENT
DTSTART:20240101T020000Z
RRULE:FREQ=WEEKLY;BYDAY=SU
DURATION:PT12H
END:VEVENT
END:VCALENDAR
</icalendar>
<timezone>UTC</timezone>
</create_schedule>'
# 以 XML 格式导出扫描报告
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<get_reports report_id="REPORT_UUID" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5"/>'
# 以 CSV 格式导出
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<get_reports report_id="REPORT_UUID" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>'
# 使用 python-gvm 进行程序化访问
python3 -c "
from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeCheckCommandTransform
connection = UnixSocketConnection(path='/run/gvmd/gvmd.sock')
transform = EtreeCheckCommandTransform()
with Gmp(connection=connection, transform=transform) as gmp:
gmp.authenticate('admin', 'password')
reports = gmp.get_reports()
print(f'Total reports: {len(reports)}')
"
# 检查扫描过程中凭据是否被接受
# 在扫描报告中查找 NVT "Authentication tests" 结果:
# - OID 1.3.6.1.4.1.25623.1.0.103591(SSH 认证成功)
# - OID 1.3.6.1.4.1.25623.1.0.90023(SMB 认证成功)
# 通过 gvm-cli 验证
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
'<get_results filter="name=SSH rows=10 sort-reverse=severity"/>'