OpenVAS

Open Vulnerability Assessment System (OpenVAS) is a vulnerability scanner. It is a fork of the Nessus project. It scans for vulnerabilities that exist in the network.

NOT ALLOWED DURING THE OSCP EXAM

Installation

sudo apt update
sudo apt install openvas

First time only

Do NOT forget to save the password from the setup ouput.

openvas-setup

# After setup, OpenVAS manager, scanner, and GSAD services should be listening:
# openvasmd, openvassd Wai, gsad
netstat -antp

# If no password in the setup, create a new user
openvas-stop
openvasmd --create-user=admin --role=Admin
openvasmd --user=admin --new-password=admin
openvas-start

Update vulnerability feeds

Don’t update many feeds at the same time or they will be blocked. Using a VPN might cause problems.

  • Click on Administration -> NVT Feed / SCAP Feed / CERT Feed
  • Click Synchronize with Feed now

Or using command line:

openvas feed update

Start the OpenVAS service

openvas-start

Scan target

Update the vulnerability feeds before starting OpenVAS.

Go in Menu Asset -> Hosts, click on the “star” button upper left

Connect to the OpenVAS web application

A certificate exception is normal.

  • Start the OpenVAS service
  • Open a web browser and access https://127.0.0.1:9392
    • User: admin
    • Password: from initial setup

Configure a scan target

  • Click on Configuration -> Targets
  • Click on the Star Button (New Target)
  • Enter a name for the target (e.g. Metasploitable)
  • Enter IP address in Hosts/Manual (can enter range like 192.168.1.0/24)
  • Leave other parameters to default values
  • Click on Create target

Create a job to scan a target

  • Click on Scan Management -> Tasks
  • Click on the Star Button (New Task)
  • Enter a name for the scan (e.g. Scan Metasploitable)
  • Select the target
  • Select Yes for “Add results to Asset Management”
  • Select No for “Alterable Task”
  • Select “Full and very deep ultimate” (max results) for Scan Config
  • Click on Create Task
  • Click on the Play Button (green arrow) to start the task
  • Select the appropriate refresh option from the drop down list

Change scan configuration settings

  • Click on Configuration -> Targets -> Port Lists
  • Can create a custom port list to scan

Add credentials for scan

  • Click on Configuration -> Targets -> Credentials
  • Click on the Star Button
  • Enter name (e.g. SSH)
  • Enter login (e.g. root)
  • Enter password (e.g. for ssh)
  • Click Create Credential