In this tutorial we will be installing OpenVAS on Kali linux. OpenVAS is an advanced open source vulnerability scanner and manager and can save you a lot of time when performing a vulnerability analysis and assessment. Using an automated up-to-date vulnerability scanner in penetration test often helps you to find vulnerabilities which can be easily overlooked during a manual assessment. The OpenVAS scanner uses more than 47.000 Network Vulnerability Tests (NVTs) as of June 2016.
In this tutorial we will be installing OpenVAS on the Virtual Kali Linux machine we’ve installed in an earlier tutorial. If you haven’t installed Kali Linux yet we recommend you to do that first. The OpenVAS installation process is rather straight forward but might need some explanation along the way. After the installation process is finished we will be scanning the Metasploitable 2 vulnerable machine we’ve installed earlier in the Metasploitable 2 installation tutorial for known vulnerabilities.
OpenVAS installation
Let’s start with installing OpenVAS and run the following commands in a terminal session to download and install OpenVAS:
apt-get install openvas
openvas-setup
The last commands is setting up OpenVAS and is synchronizing the NVT feed with the NVT collection on your machine. Depending on your connection speed this might take a while to finish.
When the installation process is finished you will be presented a long password on the last line of the console. This password is used to login to the OpenVAS web interface so you need to save it somewhere and change it after the first login.
When the OpenVAS setup process is finished the OpenVAS manager, scanner and services are listening on port 9390, 9391, 9392 and on port 80. You can use the following netstat command to check if these services are listening:
netstat –antp
Netstat –antp command Explained
-a all
-n show ip instead of host names
-t show only tcp connections
-p show process id/name
Running OpenVAS
If the OpenVAS services are not running than use the following command to start these services:
openvas-start
Than connect to the web interface using a browser and point it to:
https://127.0.0.1:9392
Accept the self-signed SSL certificate and sign in with user ‘admin’ and the password generated during the setup process. The web interface after logging in should look like this:
Scanning Metasploitable 2 with OpenVAS
Starting a scan with OpenVAS is very easy and straightforward. Just enter the target’s hostname or IP address in the quick start field and press the ‘Start Scan’ button. Make sure you only scan targets with OpenVAS you physically own or have (written) permission to scan. OpenVAS vulnerability scanner will generate a lot of network traffic which may lead to crashes or DOS.
When the scan is finished click to the reports page under the Scan Management menu and have a look at an overview of the scan results:
As you can see the Metasploitable 2 vulnerable machine contains 19 high, 32 medium and 6 low rated severity vulnerabilities. When you click on a report you can see a more detailed overview of the found vulnerabilities. The list of known vulnerabilities is ordered on severity:
OpenVas offers a lot more functionality, including the vulnerability database from the feed categorized in CVE’s, NVT’s and CPE’s. The SecInfo Management tool also offers a nice dashboard showing some high level statistics on vulnerabilities:
With the vulnerability dashboard we will conclude this tutorial. We recommend you to get familiar with OpenVAS, the reports and the vulnerability database by running more scans and compare the results with other vulnerability scanner. Hopefully this tutorial has proven useful to you and will get you started in automated vulnerability scanner. Happy Scanning!
14 Comments
Thank you for this tutorial, you made an error though, we should goto https://127.0.0.1:9392 and not simple http. Thanks!
Thanks for letting us know! I have changed it in the tutorial.
Wich Password did you typ to get access? Thanks in advance
The admin user password was generated during the setup process. Have a look at the second screenshot, second last line.
a very long password that is generated when installing Openva.
something like this:
8f29802a-ebae-43ba-a762-bc0f9715d491
Hi, nice post! You know, on Kali 3 apt-get can’t find openvas pakage…
Can you people help me with this “Login failed. Waiting for OMP service to become available.”, in the login screen, user: admin, pass: the generated one.
Thanks
I have the same problem. I must reinstall each time I boot. Documentation is sparse.
I have Kali rolling 2016.2 and cannot reboot without breaking OpenVAS.
Hi
when try scan on specific ip address i get this error
WARNING: Cannot connect to KB at ‘/var/lib/redis/redis.sock’: Connection refused’
Good stuff! I followed exact instructions and it worked perfectly using latest version of Kali.
trying to use it for the first time , that’s what it shows me :
Starting OpenVas Services
Job for openvas-manager.service failed because a timeout was exceeded.
See “systemctl status openvas-manager.service” and “journalctl -xe” for details.
root@kali:~#
root@kali:~#
Have a look at “systemctl status openvas-manager.service” and “journalctl -xe” for details about this error.
This was updated in the new kalimenu. These were the steps it took to get it running for me:
apt-get update && apt-get install -y openvas
openvas-setup && openvas-scapdata-sync && openvas-certdata-sync && openvas-check-setup && openvas-stop
openvasmd –create-user=admin –role=Admin
openvasmd –user=admin –new-password=NEWPASSWORD
To start openvas:
Then clear terminal and type the following:
openvas-start
It should open, and remember the password is password but in caps.
Hi All, Thanks for the post. I have followed all the steps but getting below error for ‘openvas-setup’. Please let me know how to rectify in Kali linux.
rsync:failed to connect to feed.openvas.org (connection refused)
lib kb_redis-critical: no such file or directory.
Please guide.