How do I manually install and update plugin in OpenVAS3 without rsync?

Question

I've been assigned a task of penetration testing a server using OpenVAS3.

However, I am behind a corporate firewall and OpenVAS3 uses rsync to perform updates from rsync://rsync.openvas.org:/nvt-feed on port 873. I'm blocked from using that port and will have to install those plugins manually.

I've downloaded plugins from http://wald.intevation.org/frs/download.php/588/openvas-plugins-1.0.7.tar.gz which requires openvas2-server to install. I'm sure they also work for openvas3 with minimal changes, but I don't know the folder structure of the plugins directory to be able to manually install them.

Has anyone been able to manually download and install plugins for OpenVAS3?

Answer 1

If you can't get the firewall to allow this traffic through then I would try this.

Install backtrack4 on a usb stick. From your home boot up on this and update all the tools that you want such as OpenVas and Metasploit. Then bring it back into work and boot off the USB stick to do your vulnerability scan.

Also don't confuse a vulnerability scan for a pen test. While a vulnerability scan is often the first step in a pen test it has many other uses. Such as risk assessment and verifying that your patch management system is working as expected.

A pen test then goes the extra steps of trying to leverage vulnerabilities that are found.

You may also want to check out some of these BackTrack howto's.

Answer 2

Thanks to Michael Weigand from this thread, http://lists.wald.intevation.org/pipermail/openvas-devel/2009-October/001875.html who uploaded a tarball of the current plugin feed, my issue has been resolved :)

the most current plugins can be found here http://www.openvas.org/openvas-nvt-feed-current.tar.bz2

There will probably be a fall back to wget if rsync fails in future releases of openvas