GreenBone GVM Community on KaliLinux admin password reset

 After trying all possible GVM command to get access to GUI after setup I found the only way how it worked for me. 

I have to change password directly on DB. Here are steps. And I tried to run this wihtout stopping service and it worked anyway. 

I;'m assuming that you know KALI terminal. You need 2 of them one for SQL and another for other things including HASH generation

Directly Resetting the Admin Password in PostgreSQL

1. Stop the GVM services:

   sh
   
   sudo systemctl stop gvmd
   sudo systemctl stop ospd-openvas
   

2. Access the PostgreSQL database: You need to access the gvmd database. The default user is usually postgres. Use the following command to access the PostgreSQL command line:

   sh
   
   sudo -u postgres psql gvmd
   

3. List the users in the gvmd database:

   sql
   
   SELECT name FROM users;
   

   This will list all users. Identify the admin user.

4. Reset the password: Replace admin_username with the actual username of your admin account, and newpassword with your desired password. Note that the password needs to be hashed.

   Generate a new password hash using gvmd command:

   
   sudo gvmd --user=admin_username --new-password=newpassword
   

   This should display a hash. If this does not work, you can generate the password hash using Python:

   python
   
   python3 -c "import crypt; print(crypt.crypt('newpassword', crypt.mksalt(crypt.METHOD_SHA512)))"
   

5. Update the user's password in the PostgreSQL database:

   sql
   
   UPDATE users SET password='hashed_password' WHERE name='admin_username';
   

6. Exit the PostgreSQL command line:

   sql
   
   \q
   

7. Start the GVM services again:

   sh
   
   sudo systemctl start ospd-openvas
   sudo systemctl start gvmd
   

8. Verify the Password Reset: Try logging into the GVM web interface with the new password to ensure the reset was successful.

ZAP Proxy - Authenticated attacks

The most simple way to do this is setting your browser to Proxy through ZAP. On Firefox you can go to:

Options -> Advanced -> Network -> Settings.

Select Manual Proxy Configuration and fill the HTTP Host with the address of the machine running ZAP (most probably localhost) and the configured ZAP port.

You can check and configure ZAP port opening ZAP and accessing:

Tools -> Options -> Local Proxy.

Then open your web browser and login to your application. Now go to ZAP, in the Sites tab (left side of ZAP), select your site, right click on it and select:

Include in Context -> Default Context

Now open the HTTP Sessions tab right click on the session and "Set as Active". (HTTP Sessions Tab: View -> Show Tab -> HTTP Sessions)

Now you can perform ZAP Spider, Active Scan and so with an logged in session

Fixing or Setting Bridged Network on VMware Workstation for Kali LInux ( 2018)

If your Kali Linux Virtual Machine not accepting bridged connection from VMWare Workstation

1) Stop Virtual machine.
2) Run VMWare Workstation as admin
3) Open Virtual Network Editor. Edit --- Virtual Network Editor
4) Remove network VMnet0
5) Add Network VMnet0
6) Restart VMWare Workstation
7) Start guest and reset connection

Convert DNS name to IP address in bulk text file

Just really useful script

https://gallery.technet.microsoft.com/scriptcenter/Convert-DNS-name-to-IP-e74f8b01

foreach ($computer in (get-content C:\computers.txt)) { 
  Try{  
    [system.net.Dns]::GetHostAddresses($computer) | Foreach-Object { 
      add-content -path C:\computersips.txt -value "$computer,$($_.IPAddressToString)" 
    } 
  } Catch { 
    add-content -path C:\computersips.txt -value "$computer,Cannot resolve hostname" 
  } 
}

Nmap result parser to CVE. Simple Nmap Parser

Found this little gem for parsing nMap result for reports.

Simple Nmap Parser

https://www.hackwhackandsmack.com/?p=441

Bulk IP CIDR to IP list converter,

This is useful for OpenVAS
https://www.cidrcalculator.com/ipv4/cidr-to-ip-list-bulk.html?lang=en

Can't connect to OPENVAS from external network. Fix

/lib/systemd/system/greenbone-security-assistant.service

changed --listen=127.0.0.1 to --listen=0.0.0.0 
then after changing and saving

Stop and start Openvas service.