{"id":3694,"date":"2025-05-27T10:54:23","date_gmt":"2025-05-27T07:54:23","guid":{"rendered":"https:\/\/bilisimacademy.com\/blog\/?p=3694"},"modified":"2025-12-23T12:54:33","modified_gmt":"2025-12-23T09:54:33","slug":"openvas-ile-ag-zafiyet-taramasi","status":"publish","type":"post","link":"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/","title":{"rendered":"OpenVAS ile A\u011f Zafiyet Taramas\u0131 Nas\u0131l Yap\u0131l\u0131r?"},"content":{"rendered":"\n<p>OpenVAS a\u011f zafiyet taramas\u0131 i\u00e7in \u00f6nemli bir ara\u00e7t\u0131r. Siber g\u00fcvenli\u011fin temel unsurlar\u0131ndan biri, a\u011f sistemlerinin d\u00fczenli olarak zafiyet taramas\u0131na tabi tutulmas\u0131d\u0131r. Kurum i\u00e7i veya d\u0131\u015fa a\u00e7\u0131k sistemlerin g\u00fcvenli\u011fini test etmek, siber sald\u0131r\u0131lara kar\u015f\u0131 savunma hatt\u0131 olu\u015fturman\u0131n ilk ad\u0131m\u0131d\u0131r. Bu noktada, a\u00e7\u0131k kaynakl\u0131 ve olduk\u00e7a g\u00fc\u00e7l\u00fc bir ara\u00e7 olan <strong>OpenVAS (Greenbone Vulnerability Management &#8211; GVM)<\/strong> devreye giriyor.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_83 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7indekiler<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/#Kurulum_ve_Konfigurasyon_DebianUbuntu\" >Kurulum ve Konfig\u00fcrasyon (Debian\/Ubuntu)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/#GVM_Servis_Ayarlari\" >GVM Servis Ayarlar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/#Taramalarin_Planlanmasi_ve_Baslatilmasi\" >Taramalar\u0131n Planlanmas\u0131 ve Ba\u015flat\u0131lmas\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/#Hedef_Tanimlama_Zamanlama\" >Hedef Tan\u0131mlama, Zamanlama<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/#Raporlama_ve_Sonuclarin_Analizi\" >Raporlama ve Sonu\u00e7lar\u0131n Analizi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/bilisimacademy.com\/blog\/2025\/05\/openvas-ile-ag-zafiyet-taramasi\/#CVE_Bazli_Risk_Degerlendirmesi\" >CVE Bazl\u0131 Risk De\u011ferlendirmesi<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<p>OpenVAS, g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 tespit etmek, sistemlerin durumunu analiz etmek ve riskleri \u00f6nceden g\u00f6rmek i\u00e7in kullan\u0131lan kapsaml\u0131 bir zafiyet taray\u0131c\u0131s\u0131d\u0131r. G\u00fc\u00e7l\u00fc \u00f6zellikleri ve g\u00fcncel CVE (Common Vulnerabilities and Exposures) veritaban\u0131 deste\u011fi sayesinde hem bireysel kullan\u0131c\u0131lar hem de kurumsal g\u00fcvenlik ekipleri i\u00e7in etkili bir \u00e7\u00f6z\u00fcmd\u00fcr.<\/p>\n\n\n\n<p>Bu yaz\u0131m\u0131zda, Debian\/Ubuntu sistemleri \u00fczerinden OpenVAS kurulumunu ger\u00e7ekle\u015ftirecek, temel yap\u0131land\u0131rmalar\u0131 yapacak, taramalar\u0131 nas\u0131l planlayaca\u011f\u0131n\u0131z\u0131 ve ba\u015flataca\u011f\u0131n\u0131z\u0131 \u00f6\u011frenecek ve sonu\u00e7lar\u0131 nas\u0131l analiz edece\u011finizi detayl\u0131 bir \u015fekilde ele alaca\u011f\u0131z.<\/p>\n\n\n\n<p>Haz\u0131rsan\u0131z, OpenVAS ile g\u00fcvenlik zafiyetlerini ortaya \u00e7\u0131karmaya ba\u015fl\u0131yoruz!<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img fetchpriority=\"high\" decoding=\"async\" width=\"1024\" height=\"1024\" src=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2025\/05\/OpenVASS.webp\" alt=\"OpenVAS\" class=\"wp-image-3696\" srcset=\"https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2025\/05\/OpenVASS.webp 1024w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2025\/05\/OpenVASS-300x300.webp 300w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2025\/05\/OpenVASS-150x150.webp 150w, https:\/\/bilisimacademy.com\/blog\/wp-content\/uploads\/2025\/05\/OpenVASS-768x768.webp 768w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Kurulum_ve_Konfigurasyon_DebianUbuntu\"><\/span>Kurulum ve Konfig\u00fcrasyon (Debian\/Ubuntu)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>OpenVAS, Debian ve Ubuntu gibi Debian tabanl\u0131 sistemlerde do\u011frudan paket y\u00f6neticisi \u00fczerinden kurulabilir. Ancak GVM (Greenbone Vulnerability Management) bile\u015fenlerinin do\u011fru \u00e7al\u0131\u015fabilmesi i\u00e7in belirli ad\u0131mlar\u0131n s\u0131ras\u0131yla uygulanmas\u0131 gerekir. A\u015fa\u011f\u0131daki ad\u0131mlar\u0131 takip ederek sisteminize OpenVAS&#8217;i ba\u015far\u0131yla kurabilirsiniz.<\/p>\n\n\n\n<p><strong>1. Sistem G\u00fcncellemesi<\/strong><\/p>\n\n\n\n<p>\u00d6ncelikle sistem paketlerinizi g\u00fcncelleyin: <em>sudo apt update &amp;&amp; sudo apt upgrade -y<\/em><\/p>\n\n\n\n<p><strong>2. GVM (OpenVAS) Kurulumu<\/strong><\/p>\n\n\n\n<p>Debian\/Ubuntu 20.04 ve \u00fczeri s\u00fcr\u00fcmler i\u00e7in a\u015fa\u011f\u0131daki komutu kullanabilirsiniz: <em>sudo apt install gvm -y<\/em><\/p>\n\n\n\n<p>Kurulum i\u015flemi tamamland\u0131\u011f\u0131nda, sistem gerekli t\u00fcm bile\u015fenleri (OpenVAS Scanner, GSA \u2013 web aray\u00fcz\u00fc, gvmd \u2013 y\u00f6netici servisi) y\u00fcklemi\u015f olacakt\u0131r.<\/p>\n\n\n\n<p><strong>3. \u0130lk Yap\u0131land\u0131rma ve Veritaban\u0131 G\u00fcncelleme<\/strong><\/p>\n\n\n\n<p>Kurulumdan sonra yap\u0131land\u0131rma ve veritaban\u0131 senkronizasyon i\u015flemleri yap\u0131lmal\u0131d\u0131r: <em>sudo gvm-setup<\/em><\/p>\n\n\n\n<p>Bu komut, gerekli feed&#8217;leri (CVE veritaban\u0131, port taray\u0131c\u0131 bilgileri vb.) indirerek sistemi \u00e7al\u0131\u015f\u0131r hale getirir. Bu i\u015flem internet ba\u011flant\u0131n\u0131za g\u00f6re birka\u00e7 dakika s\u00fcrebilir.<\/p>\n\n\n\n<p><strong>4. Kullan\u0131c\u0131 Hesab\u0131 Olu\u015fturma ve \u015eifre Belirleme<\/strong><\/p>\n\n\n\n<p>Kurulum esnas\u0131nda otomatik olarak bir kullan\u0131c\u0131 olu\u015fturulur. Ancak yeni bir kullan\u0131c\u0131 olu\u015fturmak isterseniz:<\/p>\n\n\n\n<p><em>sudo gvm-manage-certs -a<\/em><\/p>\n\n\n\n<p><em>sudo gvm-cli &#8211;gmp-username admin &#8211;gmp-password yourpassword<\/em><\/p>\n\n\n\n<p>Ya da mevcut \u015fifreyi \u00f6\u011frenmek i\u00e7in:<\/p>\n\n\n\n<p><em>sudo gvm-manage-certs<\/em><\/p>\n\n\n\n<p><strong>5. Web Aray\u00fcz\u00fcne Eri\u015fim<\/strong><\/p>\n\n\n\n<p>Yap\u0131land\u0131rma tamamland\u0131\u011f\u0131nda GVM Web aray\u00fcz\u00fcne eri\u015febilirsiniz. Taray\u0131c\u0131n\u0131za a\u015fa\u011f\u0131daki adresi girin:<\/p>\n\n\n\n<p>https:\/\/localhost:9392<\/p>\n\n\n\n<p>Giri\u015f bilgilerinizi kullanarak GVM\u2019ye eri\u015febilir ve a\u011f zafiyet taramalar\u0131n\u0131z\u0131 y\u00f6netmeye ba\u015flayabilirsiniz.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"GVM_Servis_Ayarlari\"><\/span>GVM Servis Ayarlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>OpenVAS, birden fazla bile\u015fenden olu\u015fur ve bu bile\u015fenlerin her biri belirli servisler arac\u0131l\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131r. Sa\u011fl\u0131kl\u0131 bir tarama i\u015flemi ger\u00e7ekle\u015ftirebilmek i\u00e7in bu servislerin do\u011fru \u015fekilde ba\u015flat\u0131ld\u0131\u011f\u0131ndan ve aktif oldu\u011fundan emin olmak gerekir. GVM servislerini kontrol etmek, ba\u015flatmak veya hata ay\u0131klamak i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar takip edilmelidir.<\/p>\n\n\n\n<p><strong>1. GVM Servislerinin Ba\u015flat\u0131lmas\u0131<\/strong><\/p>\n\n\n\n<p>GVM servislerini ba\u015flatmak i\u00e7in terminalde \u015fu komutu \u00e7al\u0131\u015ft\u0131rabilirsiniz:<\/p>\n\n\n\n<p><em>sudo gvm-start<\/em><\/p>\n\n\n\n<p>Bu komut, a\u015fa\u011f\u0131daki ana servisleri ba\u015flat\u0131r:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>gvmd: GVM y\u00f6netim servisi<\/li>\n\n\n\n<li>openvas-scanner: Zafiyet taray\u0131c\u0131 servisi<\/li>\n\n\n\n<li>gsad: Web aray\u00fcz\u00fc servisi<\/li>\n<\/ul>\n\n\n\n<p>E\u011fer servisler manuel olarak ba\u015flat\u0131lmak istenirse, \u015fu komutlar kullan\u0131labilir:<\/p>\n\n\n\n<p><em>sudo systemctl start ospd-openvas<\/em><\/p>\n\n\n\n<p><em>sudo systemctl start gvmd<\/em><\/p>\n\n\n\n<p><em>sudo systemctl start gsad<\/em><\/p>\n\n\n\n<p><strong>2. Servis Durumlar\u0131n\u0131 Kontrol Etme<\/strong><\/p>\n\n\n\n<p>Servislerin d\u00fczg\u00fcn \u00e7al\u0131\u015f\u0131p \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131 kontrol etmek i\u00e7in:<\/p>\n\n\n\n<p><em>sudo gvm-check-setup<\/em><\/p>\n\n\n\n<p>Bu komut, servislerin durumu, feed senkronizasyonu ve yap\u0131land\u0131rma hatalar\u0131 hakk\u0131nda size detayl\u0131 bilgi verir. \u00d6zellikle yeni kurulumlarda bu komutu \u00e7al\u0131\u015ft\u0131rmak, eksik veya hatal\u0131 bile\u015fenleri belirlemek i\u00e7in olduk\u00e7a faydal\u0131d\u0131r.<\/p>\n\n\n\n<p><strong>3. log Kay\u0131tlar\u0131n\u0131 \u0130nceleme<\/strong><\/p>\n\n\n\n<p>Herhangi bir sorunla kar\u015f\u0131la\u015f\u0131ld\u0131\u011f\u0131nda log dosyalar\u0131 size yol g\u00f6sterecektir.<\/p>\n\n\n\n<p>log kay\u0131tlar\u0131n\u0131 kontrol etmek i\u00e7in:<\/p>\n\n\n\n<p><em>journalctl -u gvmd<\/em><\/p>\n\n\n\n<p><em>journalctl -u ospd-openvas<\/em><\/p>\n\n\n\n<p><strong>4. Otomatik Ba\u015flatma Ayarlar\u0131<\/strong><\/p>\n\n\n\n<p>Sistem yeniden ba\u015flat\u0131ld\u0131\u011f\u0131nda GVM servislerinin otomatik olarak devreye girmesini sa\u011flamak i\u00e7in:<\/p>\n\n\n\n<p><em>sudo systemctl enable gvmd<\/em><\/p>\n\n\n\n<p><em>sudo systemctl enable ospd-openvas<\/em><\/p>\n\n\n\n<p><em>sudo systemctl enable gsad<\/em><\/p>\n\n\n\n<p>Bu ad\u0131mlar tamamland\u0131\u011f\u0131nda GVM servisi kararl\u0131 bir \u015fekilde \u00e7al\u0131\u015fmaya haz\u0131r hale gelir ve web aray\u00fcz\u00fc \u00fczerinden tarama i\u015flemleri ba\u015flat\u0131labilir.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Taramalarin_Planlanmasi_ve_Baslatilmasi\"><\/span>Taramalar\u0131n Planlanmas\u0131 ve Ba\u015flat\u0131lmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>OpenVAS ile zafiyet taramas\u0131 yapman\u0131n en \u00f6nemli ad\u0131m\u0131, hedeflerin do\u011fru tan\u0131mlanmas\u0131 ve taramalar\u0131n zamanlamas\u0131n\u0131n stratejik olarak planlanmas\u0131d\u0131r. Bu ad\u0131mda hem manuel hem de otomatikle\u015ftirilmi\u015f tarama senaryolar\u0131 olu\u015fturabilirsiniz.<\/p>\n\n\n\n<p><strong>1. Hedef Tan\u0131mlama<\/strong><\/p>\n\n\n\n<p>Tarama i\u015fleminin ilk ad\u0131m\u0131, taranacak sistem ya da a\u011f\u0131n tan\u0131mlanmas\u0131d\u0131r. Web aray\u00fcz\u00fcne giri\u015f yapt\u0131ktan sonra:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Sol men\u00fcden <strong>Configuration &gt; Targets<\/strong> se\u00e7ene\u011fine t\u0131klay\u0131n.<\/li>\n\n\n\n<li>Yeni bir hedef olu\u015fturmak i\u00e7in <strong>New Target<\/strong> butonuna bas\u0131n.<\/li>\n\n\n\n<li>IP adresi, DNS ad\u0131 veya IP aral\u0131\u011f\u0131 gibi hedef bilgilerini girin.<\/li>\n\n\n\n<li>Varsay\u0131lan port listesi, alive test (ICMP ping gibi) ve zafiyet tarama y\u00f6ntemi gibi ek ayarlar\u0131 yapabilirsiniz.<\/li>\n<\/ul>\n\n\n\n<p><strong>2. Tarama G\u00f6revi Olu\u015fturma<\/strong><\/p>\n\n\n\n<p>Hedefi tan\u0131mlad\u0131ktan sonra s\u0131ra bir tarama g\u00f6revi olu\u015fturmaya gelir:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scans &gt; Tasks<\/strong> men\u00fcs\u00fcnden <strong>New Task<\/strong> se\u00e7ene\u011fine t\u0131klay\u0131n.<\/li>\n\n\n\n<li>G\u00f6rev ad\u0131 belirleyin ve daha \u00f6nce olu\u015fturdu\u011funuz hedefi se\u00e7in.<\/li>\n\n\n\n<li>Kullanmak istedi\u011finiz tarama profili (Full and fast, Full and very deep, vb.) belirleyin.<\/li>\n\n\n\n<li>Dilerseniz g\u00f6reve etiket (tag) ekleyerek kategorilendirme yapabilirsiniz.<\/li>\n<\/ul>\n\n\n\n<p><strong>3. Zamanlama (Schedule) Ayarlar\u0131<\/strong><\/p>\n\n\n\n<p>Tarama g\u00f6revlerinin belirli aral\u0131klarla otomatik olarak \u00e7al\u0131\u015fmas\u0131n\u0131 istiyorsan\u0131z zamanlay\u0131c\u0131 tan\u0131mlayabilirsiniz:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Configuration &gt; Schedules<\/strong> k\u0131sm\u0131ndan yeni bir zamanlay\u0131c\u0131 olu\u015fturun.<\/li>\n\n\n\n<li>Saat, g\u00fcn, hafta veya ay baz\u0131nda \u00e7al\u0131\u015facak \u015fekilde ayarlamalar yapabilirsiniz.<\/li>\n\n\n\n<li>Olu\u015fturdu\u011funuz zamanlay\u0131c\u0131y\u0131 g\u00f6rev ayarlar\u0131nda ilgili b\u00f6l\u00fcme ekleyerek periyodik taramalar sa\u011flayabilirsiniz.<\/li>\n<\/ul>\n\n\n\n<p><strong>4. Taramay\u0131 Ba\u015flatma<\/strong><\/p>\n\n\n\n<p>Haz\u0131rlad\u0131\u011f\u0131n\u0131z g\u00f6revleri manuel olarak ba\u015flatmak i\u00e7in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Scans &gt; Tasks<\/strong> alt\u0131nda yer alan g\u00f6rev listesinde, olu\u015fturdu\u011funuz g\u00f6revin yan\u0131ndaki <strong>Play (Ba\u015flat)<\/strong> simgesine t\u0131klay\u0131n.<\/li>\n\n\n\n<li>G\u00f6rev \u00e7al\u0131\u015fmaya ba\u015flad\u0131ktan sonra durumu \u201cRunning\u201d olarak g\u00f6r\u00fcnecektir.<\/li>\n\n\n\n<li>Tarama tamamland\u0131\u011f\u0131nda sonu\u00e7lar otomatik olarak kaydedilir ve analiz i\u00e7in eri\u015filebilir hale gelir.<\/li>\n<\/ul>\n\n\n\n<p>OpenVAS&#8217;in g\u00fc\u00e7l\u00fc tarama motoru sayesinde hem i\u00e7 hem de d\u0131\u015f a\u011flara y\u00f6nelik g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapsaml\u0131 \u015fekilde tespit edebilirsiniz. Taramalar\u0131 d\u00fczenli aral\u0131klarla tekrarlamak, g\u00fcvenlik risklerini zaman\u0131nda fark etmenin ve \u00f6nlem alman\u0131n en etkili yoludur.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Hedef_Tanimlama_Zamanlama\"><\/span>Hedef Tan\u0131mlama, Zamanlama<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>OpenVAS ile etkili bir zafiyet taramas\u0131 yapabilmek i\u00e7in hedeflerin net bir \u015fekilde tan\u0131mlanmas\u0131 ve taramalar\u0131n sistematik olarak zamanlanmas\u0131 b\u00fcy\u00fck \u00f6nem ta\u015f\u0131r. Bu iki ad\u0131m, tarama s\u00fcrecinin do\u011frulu\u011funu ve s\u00fcrd\u00fcr\u00fclebilirli\u011fini do\u011frudan etkiler.<\/p>\n\n\n\n<p><strong>Hedef Tan\u0131mlama<\/strong><\/p>\n\n\n\n<p>Hedef sistemlerin do\u011fru tan\u0131mlanmas\u0131, taraman\u0131n ba\u015far\u0131s\u0131n\u0131 belirleyen kritik bir ad\u0131md\u0131r. A\u015fa\u011f\u0131daki noktalara dikkat edilmelidir:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Tekil Hedefler<\/strong>: Bireysel IP adresleri ya da alan adlar\u0131.\n<ul class=\"wp-block-list\">\n<li>\u00d6rnek: 192.168.1.10 veya example.com<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>IP Aral\u0131klar\u0131<\/strong>: Belirli bir a\u011f segmentini taramak i\u00e7in kullan\u0131l\u0131r.\n<ul class=\"wp-block-list\">\n<li>\u00d6rnek: 192.168.1.1-254<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>CIDR Notasyonu<\/strong>: Daha geni\u015f a\u011f bloklar\u0131n\u0131 taramak i\u00e7in idealdir.\n<ul class=\"wp-block-list\">\n<li>\u00d6rnek: 192.168.1.0\/24<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p>OpenVAS aray\u00fcz\u00fcnde hedef tan\u0131m\u0131 yaparken \u015fu ad\u0131mlar izlenir:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\u201cTargets\u201d b\u00f6l\u00fcm\u00fcnden \u201cNew Target\u201d se\u00e7ene\u011fiyle yeni bir hedef olu\u015fturulur.<\/li>\n\n\n\n<li>Gerekli bilgiler girilir: hedef ad\u0131, IP\/DNS bilgileri, port listesi, alive test y\u00f6ntemi.<\/li>\n\n\n\n<li>Hedef kaydedilir ve g\u00f6rev olu\u015fturma a\u015famas\u0131nda kullan\u0131lmak \u00fczere haz\u0131r hale getirilir.<\/li>\n<\/ol>\n\n\n\n<p><strong>Zamanlama<\/strong><\/p>\n\n\n\n<p>Zafiyet taramalar\u0131n\u0131n d\u00fczenli ve otomatik hale getirilmesi, g\u00fcvenlik denetimlerinde s\u00fcreklili\u011fi sa\u011flar. Bunun i\u00e7in:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>\u201cSchedules\u201d men\u00fcs\u00fcnden \u201cNew Schedule\u201d se\u00e7ene\u011fi se\u00e7ilir.<\/li>\n\n\n\n<li>Taraman\u0131n hangi s\u0131kl\u0131kla \u00e7al\u0131\u015faca\u011f\u0131 belirlenir: g\u00fcnl\u00fck, haftal\u0131k, ayl\u0131k vb.<\/li>\n\n\n\n<li>Saat, tarih ve tekrar aral\u0131\u011f\u0131 gibi detaylar ayarlan\u0131r.<\/li>\n\n\n\n<li>Olu\u015fturulan zamanlay\u0131c\u0131, tarama g\u00f6revine eklenerek g\u00f6revlerin belirli aral\u0131klarda otomatik \u00e7al\u0131\u015fmas\u0131 sa\u011flan\u0131r.<\/li>\n<\/ol>\n\n\n\n<p>Zamanlanm\u0131\u015f taramalar, sistem y\u00f6neticilerine ve g\u00fcvenlik ekiplerine s\u00fcrekli g\u00fcncel risk verileri sunar ve manuel i\u015flem gereksinimini azalt\u0131r. Ayr\u0131ca loglama ve denetim s\u00fcre\u00e7lerini de kolayla\u015ft\u0131r\u0131r.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Raporlama_ve_Sonuclarin_Analizi\"><\/span>Raporlama ve Sonu\u00e7lar\u0131n Analizi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>OpenVAS, tarama i\u015flemi tamamland\u0131\u011f\u0131nda olduk\u00e7a detayl\u0131 ve yap\u0131land\u0131r\u0131labilir raporlar sunar. Bu raporlar, sistemdeki g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131, risk seviyelerini ve al\u0131nmas\u0131 gereken aksiyonlar\u0131 anlaman\u0131z\u0131 sa\u011flar. Do\u011fru analiz edilen bir zafiyet raporu, sadece g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 g\u00f6stermekle kalmaz, ayn\u0131 zamanda sisteminize kar\u015f\u0131 olu\u015fabilecek tehditleri \u00f6nlemenin de yolunu a\u00e7ar.<\/p>\n\n\n\n<p><strong>1. Raporlara Eri\u015fim<\/strong><\/p>\n\n\n\n<p>Tarama tamamland\u0131ktan sonra, raporlara eri\u015fmek i\u00e7in:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Web aray\u00fcz\u00fcnden <strong>Scans &gt; Reports<\/strong> men\u00fcs\u00fcne gidin.<\/li>\n\n\n\n<li>\u0130lgili tarama g\u00f6revine t\u0131klayarak detayl\u0131 sonu\u00e7lara ula\u015fabilirsiniz.<\/li>\n\n\n\n<li>A\u00e7\u0131lan sayfada bulunan zafiyetler; risk d\u00fczeyine (High, Medium, Low, Log), etkilenen sistem bile\u015fenlerine ve a\u00e7\u0131klama detaylar\u0131na g\u00f6re filtrelenebilir.<\/li>\n<\/ul>\n\n\n\n<p><strong>2. Rapor Formatlar\u0131<\/strong><\/p>\n\n\n\n<p>OpenVAS, tarama sonu\u00e7lar\u0131n\u0131 \u00e7e\u015fitli formatlarda d\u0131\u015fa aktarma imkan\u0131 sunar:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>HTML (taray\u0131c\u0131da g\u00f6r\u00fcnt\u00fclemek i\u00e7in ideal)<\/li>\n\n\n\n<li>PDF (payla\u015f\u0131labilir, ar\u015fivlenebilir rapor)<\/li>\n\n\n\n<li>XML veya CSV (veri analizi i\u00e7in)<\/li>\n\n\n\n<li>NBE (Nessus uyumlu)<\/li>\n<\/ul>\n\n\n\n<p>Bu formatlar sayesinde g\u00fcvenlik ekipleri, y\u00f6neticiler veya denet\u00e7ilerle kolayca rapor payla\u015f\u0131m\u0131 yapabilir.<\/p>\n\n\n\n<p><strong>3. CVE Bazl\u0131 Risk De\u011ferlendirmesi<\/strong><\/p>\n\n\n\n<p>Tarama sonucunda bulunan her zafiyetin kar\u015f\u0131s\u0131nda bir <strong>CVE (Common Vulnerabilities and Exposures)<\/strong> kodu yer al\u0131r. Bu kodlar, ilgili a\u00e7\u0131\u011f\u0131n global olarak tan\u0131mland\u0131\u011f\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 belirtir ve \u015fu konularda bilgi verir:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A\u00e7\u0131\u011f\u0131n tan\u0131m\u0131 ve etkisi<\/li>\n\n\n\n<li>NIST, MITRE gibi kurumlar taraf\u0131ndan sa\u011flanan derecelendirme<\/li>\n\n\n\n<li>A\u00e7\u0131\u011f\u0131n istismar edilme d\u00fczeyi (Exploit Availability)<\/li>\n\n\n\n<li>D\u00fczeltme \u00f6nerileri (patch, yap\u0131land\u0131rma de\u011fi\u015fiklikleri vs.)<\/li>\n<\/ul>\n\n\n\n<p>OpenVAS, her zafiyeti <strong>CVSS (Common Vulnerability Scoring System)<\/strong> puan\u0131na g\u00f6re derecelendirir. Y\u00fcksek riskli a\u00e7\u0131klar \u00f6ncelikli olarak ele al\u0131nmal\u0131 ve m\u00fcmk\u00fcnse otomatik g\u00fcncellemeler veya yamalar ile giderilmelidir.<\/p>\n\n\n\n<p><strong>4. Aksiyon Plan\u0131 Olu\u015fturma<\/strong><\/p>\n\n\n\n<p>Raporlama s\u00fcreci sadece zafiyetleri g\u00f6rmekle s\u0131n\u0131rl\u0131 kalmamal\u0131; ayn\u0131 zamanda a\u015fa\u011f\u0131daki gibi bir aksiyon plan\u0131na d\u00f6n\u00fc\u015fmelidir:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kritik zafiyetler i\u00e7in acil m\u00fcdahale (y\u00fcksek CVSS skoru)<\/li>\n\n\n\n<li>Orta seviyedekiler i\u00e7in takip plan\u0131 ve izleme<\/li>\n\n\n\n<li>D\u00fc\u015f\u00fck seviyeler i\u00e7in yap\u0131land\u0131rma g\u00f6zden ge\u00e7irme<\/li>\n<\/ul>\n\n\n\n<p>OpenVAS raporlar\u0131n\u0131n d\u00fczenli takibi, sistemin zamanla nas\u0131l g\u00fcvenli hale geldi\u011fini de g\u00f6sterecek, iyile\u015ftirme s\u00fcrecine \u0131\u015f\u0131k tutacakt\u0131r.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"CVE_Bazli_Risk_Degerlendirmesi\"><\/span>CVE Bazl\u0131 Risk De\u011ferlendirmesi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Zafiyet y\u00f6netiminde etkili sonu\u00e7lar alabilmenin en kritik ad\u0131mlar\u0131ndan biri, bulunan a\u00e7\u0131klar\u0131n <strong>CVE (Common Vulnerabilities and Exposures)<\/strong> numaralar\u0131na g\u00f6re de\u011ferlendirilmesidir. OpenVAS, her tespit etti\u011fi g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 global g\u00fcvenlik toplulu\u011fu taraf\u0131ndan tan\u0131mlanm\u0131\u015f bir CVE kimli\u011fi ile ili\u015fkilendirir. Bu sayede, zafiyetlerin etkisi, yayg\u0131nl\u0131\u011f\u0131 ve d\u00fczeltme y\u00f6ntemleri konusunda daha isabetli kararlar al\u0131nabilir.<\/p>\n\n\n\n<p><strong>CVE Nedir?<\/strong><\/p>\n\n\n\n<p>CVE, bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n benzersiz olarak tan\u0131mlanmas\u0131n\u0131 sa\u011flayan bir sistemdir. Her CVE girdisi, \u015fu bilgileri i\u00e7erir:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A\u00e7\u0131\u011f\u0131n tan\u0131m\u0131<\/li>\n\n\n\n<li>Etkilenen yaz\u0131l\u0131m ya da sistemler<\/li>\n\n\n\n<li>Yay\u0131nlanma ve g\u00fcncellenme tarihi<\/li>\n\n\n\n<li>\u0130lgili g\u00fcvenlik yamalar\u0131 veya d\u00fczeltme \u00f6nerileri<\/li>\n<\/ul>\n\n\n\n<p><strong>CVSS Puan\u0131 ile Risk Seviyesi<\/strong><\/p>\n\n\n\n<p>OpenVAS, CVE verilerini <strong>CVSS (Common Vulnerability Scoring System)<\/strong> puan\u0131 ile derecelendirir. CVSS, 0 ile 10 aras\u0131nda bir puan vererek a\u00e7\u0131\u011f\u0131n risk derecesini belirler:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>9.0 \u2013 10.0<\/strong>: Kritik<\/li>\n\n\n\n<li><strong>7.0 \u2013 8.9<\/strong>: Y\u00fcksek<\/li>\n\n\n\n<li><strong>4.0 \u2013 6.9<\/strong>: Orta<\/li>\n\n\n\n<li><strong>0.1 \u2013 3.9<\/strong>: D\u00fc\u015f\u00fck<\/li>\n<\/ul>\n\n\n\n<p>Bu skorlar sayesinde sistem y\u00f6neticileri \u00f6nceliklendirme yapabilir ve kaynaklar\u0131n\u0131 en kritik sorunlara odaklayabilir.<\/p>\n\n\n\n<p><strong>A\u00e7\u0131klar\u0131n Y\u00f6netimi ve \u00d6nceliklendirme<\/strong><\/p>\n\n\n\n<p>OpenVAS raporlar\u0131nda yer alan CVE kodlar\u0131na t\u0131klayarak do\u011frudan CVE veritaban\u0131na ula\u015fabilir, detayl\u0131 teknik bilgi ve \u00e7\u00f6z\u00fcm yollar\u0131n\u0131 \u00f6\u011frenebilirsiniz. Bu bilgileri kullanarak yap\u0131lmas\u0131 gerekenler \u015funlard\u0131r:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Kritik CVE&#8217;ler i\u00e7in h\u0131zl\u0131 aksiyon al\u0131nmal\u0131.<\/strong><\/li>\n\n\n\n<li><strong>Y\u00fcksek riskli a\u00e7\u0131klar k\u0131sa vadeli planlara dahil edilmeli.<\/strong><\/li>\n\n\n\n<li><strong>Orta riskli zafiyetler i\u00e7in izleme ve yama takibi yap\u0131lmal\u0131.<\/strong><\/li>\n\n\n\n<li><strong>D\u00fc\u015f\u00fck riskli a\u00e7\u0131klar, sistem politikalar\u0131na g\u00f6re de\u011ferlendirilmeli.<\/strong><\/li>\n<\/ol>\n\n\n\n<p><strong>G\u00fcvenlik S\u00fcre\u00e7lerine Entegrasyon<\/strong><\/p>\n\n\n\n<p>CVE bazl\u0131 analizler sadece teknik bir raporlama arac\u0131 de\u011fil, ayn\u0131 zamanda BT g\u00fcvenlik politikalar\u0131n\u0131n bir par\u00e7as\u0131 olmal\u0131d\u0131r. Bu de\u011ferlendirmeler, kurumlar\u0131n <a href=\"https:\/\/www.tse.org.tr\/bilgi-guvenligi-yonetim-sistemi-bgys-belgelendirmesi-ts-iso-iec-27001\/\" target=\"_blank\" rel=\"noreferrer noopener\">ISO 27001<\/a>, <a href=\"https:\/\/www.kvkk.gov.tr\/\" target=\"_blank\" rel=\"noreferrer noopener\">KVKK<\/a> veya di\u011fer siber g\u00fcvenlik standartlar\u0131na uyum sa\u011flamas\u0131na da katk\u0131 sunar.<\/p>\n\n\n\n<p>OpenVAS gibi di\u011fer siber g\u00fcvenlik ar\u00e7alar\u0131n\u0131 <a href=\"https:\/\/bilisimacademy.com\/siber-guvenlik\/\" target=\"_blank\" data-type=\"link\" data-id=\"https:\/\/bilisimacademy.com\/siber-guvenlik\/\" rel=\"noreferrer noopener\">siber g\u00fcvenlik kursumuzda<\/a> bizlerle beraber \u00f6\u011frenebilirsiniz!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>OpenVAS a\u011f zafiyet taramas\u0131 i\u00e7in \u00f6nemli bir ara\u00e7t\u0131r. Siber g\u00fcvenli\u011fin temel unsurlar\u0131ndan biri, a\u011f sistemlerinin d\u00fczenli olarak zafiyet taramas\u0131na tabi tutulmas\u0131d\u0131r. Kurum i\u00e7i veya d\u0131\u015fa a\u00e7\u0131k sistemlerin g\u00fcvenli\u011fini test etmek, siber sald\u0131r\u0131lara kar\u015f\u0131 savunma hatt\u0131 olu\u015fturman\u0131n ilk ad\u0131m\u0131d\u0131r. Bu noktada, a\u00e7\u0131k kaynakl\u0131 ve olduk\u00e7a g\u00fc\u00e7l\u00fc bir ara\u00e7 olan OpenVAS (Greenbone Vulnerability Management &#8211; GVM) devreye [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":3698,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[30],"tags":[90,92,91,89],"class_list":["post-3694","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-siber-guvenlik","tag-ag-zafiyet","tag-ag-zafiyet-taramasi","tag-openvas","tag-openvas-ile-ag-zafiyet-taramasi"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts\/3694","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/comments?post=3694"}],"version-history":[{"count":4,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts\/3694\/revisions"}],"predecessor-version":[{"id":4969,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/posts\/3694\/revisions\/4969"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/media\/3698"}],"wp:attachment":[{"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/media?parent=3694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/categories?post=3694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bilisimacademy.com\/blog\/wp-json\/wp\/v2\/tags?post=3694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}