Tutorial Part One: Vulnerability Scanning with OpenVAS 9 | Installation and Set Up

In this tutorial, the author will go over automated vulnerability scanning starting with the installation process followed by setting up targets, running internal and external scans, and finally define custom scanning configurations. In part one of this tutorial, the author will also cover the installation of the most recent version of OpenVAS 9.0, released in 2017.

The latest version 9.0 introduces a new web interface which offers end users better ways to manage scanning options, assets, and workflows through the web interface. In this tutorial, the author will walk you through the installation process on Kali Linux so that we can run vulnerability scans from our device, and as a virtual appliance in a network.

The virtual appliance can be installed in a network environment to have it periodically run automated scans on devices present on the network. In part two of “Vulnerability Scanning with OpenVAS 9.0,” the author will also dive a little bit deeper into vulnerability scanning with this tool by configuring targets, assets, and custom scanning configurations.

Before you can start configuring vulnerability scans, you have to install OpenVAS first. You can do this with a package manager or by installing the OpenVAS appliance on VMware Workstation/ESXi, Oracle VirtualBox or Hyper-V.

In the first part of this tutorial, you’ll use APT on Kali Linux and then you will set up the appliance on VMware.

As far as virtual machine resources are concerned, you will need to dedicate 2 GB of RAM and two processor cores to the Kali Linux VM which should be sufficient to run some necessary scans smoothly with a limited number of signatures on a limited number of targets.

Installing Openvas 9 on Kali Linux

To install Openvas 9 and its dependencies on our Kali Linux system we simply have to run the following command:

apt-get update && apt-get install openvas
OpenVAS 9
Press Y to continue the installation of OpenVAS and dependencies.

The next step is to run the setup procedure that will set up OpenVAS and download a large number of Network Vulnerability Tests (NVTs) or signatures.

Due to a large number of NVTs (50.000+), the setup procedure might take a while to complete and consume a considerable amount of data.

If you follow the tutorial by the letter, it will take you no more than 10 minutes to complete.

Run the following command to start the setup process:

openvas-setup</pre?
OpenVAS 9
The setup process is running.

When the setup process is finished, all required OpenVAS processes are started, and the web interface will be opened automatically. The web interface is running locally on port 9392 and can be accessed through https://localhost:9392.

OpenVAS will also set up an admin account and automatically generate a password for this account which is displayed in the last section of the setup output:

OpenVAS 9
Take note of the admin password generated by openvas-setup.

Password reset
Did you forget to note down the password? You can change the admin password using the following commands:
openvasmd –user=[username]–new-password=[password]
openvasmd –user=admin –new-password=[password]

The next step is to accept the self-signed certificate warning and use the automatically generated admin credentials to log in on the web interface:

OpenVAS 9
Accept the self-signed certificate warning and use the generated admin credentials to log in.

After logging in on the web interface we’re redirected to the Greenbone Security Assistant dashboard. From this point on we can start to configure and run vulnerability scans.

Starting and stopping OpenVAS

The next to last thing you should do is familiarize yourself with how to start and stop OpenVAS services. OpenVAS services may consume a lot of resources, so it is best to terminate them when you’re not using OpenVAS. You should do this before the installation of the virtual appliance.

Run the following command to stop the services:

openvas-stop

To start the OpenVAS services again, run:

openvas-start

Setting up the OpenVAS Virtual Appliance

Instead of installing OpenVAS on Kali Linux you can also install the OpenVAS virtual appliance in a network and configure it to periodically run scans on the network. The virtual appliance can be downloaded using the following link: http://www.openvas.org/vm.html

After downloading the virtual appliance from the OpenVAS website you must configure a new virtual machine. In this tutorial, you will be using VMware but you can also use other hypervisors such as Hyper-V on Windows or Oracle VirtualBox. In production environments, you will most likely use VMware ESXi, Microsoft Hyper-V or other hypervisors.

Start with configuring a VM with the following specifications:

  • Processor cores: 2
  • 2 GB RAM
  • 10 GB Hard disk
  • Network: NAT (only when using VMware Workstation/Free/Virtualbox)
  • CD/DVD drive: ISO (choose the downloaded ISO file as a medium)
  • Guest operating system: Linux Kernel 4.x or later 64-bit (VMWare) or Other Linux (64bit) (VirtualBox)

For VMWare Workstation the virtual machine will be configured as follows:

And for VMWare ESXi we’ll create a virtual machine with the following specifications:

The next step is to boot the virtual machine which will take us to the following installation menu:

Choose setup to install the GSM appliance.

From this menu choose the setup option. Next, we’re asked if we really want to format the hard drive, choose yes:

Choose yes to proceed with the installation.

At this point, the virtual appliance will be installed and we’re presented with a dialog saying that the installation is in progress and the GSM community edition is being prepared. Please note that this process might take a while to complete. When the installation process is finished we have to specify a username for the administrator user. We’ll keep it default as admin as well as the password:

Tip: If you’re installing the appliance in your production network make sure that you choose a strong password for the administrative account.

After specifying the username and password we’re asked to reboot the machine, choose Yes to reboot and also to eject the installation medium:

Choose Yes to reboot the machine.

After the virtual machine has rebooted (twice) you will be taken to a login screen looking as follows:

Appliance login

Note: After the first reboot you will be presented with a different login screen, just wait until the second reboot happens.

Here we can log in using the credentials we’ve created earlier in the installation process (username: admin). After logging in we’re presented with the following message which tells us OpenVAS has not been fully configured yet. From here we can proceed with the setup process. Choose Yes in the following menu the proceed with the setup process:

Choose Yes to configure GSM.

Next, we’re asked to configure an IP address for the appliance, choose Yes:

Choose Yes.

For our test setup, we’ll keep the network configuration default and have it assigned an IP address by our DHCP server. Optionally you can set a static IP address which is, of course, the recommended option in a production environment. Choose Ready to proceed:

The next step is to create a web-admin user, choose Yes in the following menu:

Choose web-user username and password.

Create the user by choosing a username and password:

Create the web-admin user by specifying a username and password.

Finally, you’ll be asked about a subscription key, unless you’re in the possession of a subscription key, choose Skip which will provide us with the Greenbone community feed:

Choose Skip if you don’t have a subscription key.
IP address for the web interface.

When we browser to the web interface we’re presented with a login page. Use the credentials of the web-admin account we’ve created during the configuration process:

Use the web-admin account to login.

At this point we’ve got a fully functional OpenVAS virtual appliance up and running that can be configured to run vulnerability scans. This will conclude the installation process of the appliance.