OpenVAS

Open Vulnerability Assessment System (OpenVAS). Fork of the Nessus project. Scan for vulnerabilities that exist in the network.

One of the most lacking tool categories in Kali (as well as the open-source arena at large) is a fully-fledged vulnerability scanner. We’ve recently packaged OpenVAS 9 (together with a multitude of dependencies) and can happily say that, in our opinion, the OpenVAS project has matured significantly. We still do not include OpenVAS in the default Kali release due to its large footprint, but OpenVAS can easily be downloaded and installed using the following commands

❗ NOT ALLOWED DURING THE OSCP EXAM

Installation

sudo apt update
sudo apt install openvas

First time only

❗ Do NOT forget to save the password from the setup ouput.

openvas-setup

# After setup, OpenVAS manager, scanner, and GSAD services should be listening:
# openvasmd, openvassd Wai, gsad
netstat -antp

# If no password in the setup, create a new user
openvas-stop
openvasmd --create-user=admin --role=Admin
openvasmd --user=admin --new-password=admin
openvas-start

Scan target

Go in Menu Asset -> Hosts, click on the “star” button upper left

#-------------------------------------------------------------------------------
# Update vulnerability feeds before starting OpenVAS
#-------------------------------------------------------------------------------
# Don't update many feeds at the same time or they will be blocked.
# Using a VPN might cause problems.

openvas feed update

or

Click on Administration -> NVT Feed / SCAP Feed / CERT Feed
Click Synchronize with Feed now

#-------------------------------------------------------------------------------
# Start the OpenVAS service
#-------------------------------------------------------------------------------
openvas-start

# Connecting to the OpenVAS Web Interface, in a browser:
https://127.0.0.1:9392

# User: admin
# Password: from initial setup
# certificate exception is normal...

#-------------------------------------------------------------------------------
# Configure a scan target
#-------------------------------------------------------------------------------
Click on Configuration -> Targets
Click on the Star Button (New Target)
Enter a name for the target (e.g. Metasploitable)
Enter IP address in Hosts/Manual (can enter range like 192.168.1.0/24)
Leave other parameters to default values
Click on Create target

#-------------------------------------------------------------------------------
# Create a job to scan a target
#-------------------------------------------------------------------------------
Click on Scan Management -> Tasks
Click on the Star Button (New Task)
Enter a name for the scan (e.g. Scan Metasploitable)
Select the target
Select Yes for "Add results to Asset Management"
Select No for "Alterable Task"
Select "Full and very deep ultimate" (max results) for Scan Config
Click on Create Task
Click on the Play Button (green arrow) to start the task
Select the appropriate refresh option from the drop down list

#-------------------------------------------------------------------------------
# Change scan configuration settings
#-------------------------------------------------------------------------------
Click on Configuration -> Targets -> Port Lists
Can create a custom port list to scan

#-------------------------------------------------------------------------------
# Add credentials for scan
#-------------------------------------------------------------------------------
Click on Configuration -> Targets -> Credentials
Click on the Star Button
Enter name (e.g. SSH)
Enter login (e.g. root)
Enter password (e.g. for ssh)
Click Create Credential