Vulnerability Scanning with OpenVAS 9: Part Two

In the first tutorial, you installed OpenVAS onto your Kali Linux, as well as the virtual appliance. This tutorial will walk you through the configuration and operation of OpenVAS so you can try your first vulnerability scanning. For this lesson, you should download and install another program called Metasploitable 2, which you will use as a target with your OpenVAS. If you would like to download and install Metasploitable 3 instead, scroll down a tad bit more.

Before you start trying out vulnerability scanning using OpenVAS 9, you must complete the tasks below:

  • Create and configure your target
  • Create and set scan task
  • Run your scan

If you’re reading this portion of the tutorial, then you should have already read about, downloaded, installed, and configured OpenVAS 9.0. If you haven’t done any of these things as of yet, you should hold off on this part and return to part one of this tutorial.

For those readers who have already finished everything in part one, you’ll need to download and install Metasploitable and having it up and running. It should be accessible via OpenVAS 9.0 or your Kali Linux VM if OpenVAS is installed there. If everything is in order, set up your lab like this:

  • Host machine with VMWare Workstation Pro 12
  • Kali Linux 2018.2 VM with OpenVAS 9.0 installed (192.168.65.128)
  • Metasploitable 2 VM (192.168.65.137)

Every virtual machine uses something called the NAT Network. You can configure it in the network settings on the network adapter. Once you’ve got everything up and running, start by setting the target and configuring the scan task.

Tip: Did you forget to write down or change your OpenVAS admin password? Check out the installation tutorial to find out how to reset the admin password.

Creating a Target in OpenVAS

The first step is to create and configure a target using the OpenVAS/Greenbone Security Assistant web interface. This newly created target is selected in the following step where you configure a scanning task.

To create a target, you need to follow two steps:

  1. Go to Configuration in the top menu and select Targets
  2. Click the blue icon in the top left corner to create a new target
Vulnerability Scanning
Click Configuration and then new target.

Once you’ve clicked the new target button, you’ll see a dialogue box appear in the space where you have to enter this information:

  • Make the target name Metasploitable 2
  • The target IP host (the IP address for your Metasploitable 2 lab machine)
  • All other settings should remain as default
Vulnerability Scanning
Enter the target name, IP and click create.

The newly created target will now appear in the list of available targets:

Vulnerability Scanning
Newly created target.

Now that you’ve set up your target, continue with creating a scan task that will scan the Metasploitable 2 target for vulnerabilities.

Configuring a Scanning Task in OpenVAS

This section of the tutorial covers a new scanning task. Your scanning task defines which set of targets will be scanned, as well as scanning options such as schedules, scanning configurations, and targets already examined and NVTs per host. You will only create a scan task and use the program’s default scan configurations.

To create a new scan task, we have to perform the following steps:

  1. Go to ‘Scans’ in the top menu and select Tasks
  2. Point to the blue icon in the top left corner and select New Task
Vulnerability Scanning
Click scans -> Tasks and then new task.

After clicking the new scan option, a dialog screen appears where we have to enter the following information:

  • For this exercise, name the task “Scan Metasploitable 2
  • Make sure that the Metasploitable 2 target you created earlier is selected
  • Tick the schedule once checkbox.
  • Keep all other settings default and click the Create button to create the new task
Vulnerability Scanning
Enter the task name, target and schedule the task only once.

The newly created task will now appear in the task list as follows:

Vulnerability Scanning
Newly created scan task.

There’s also a few other options for creating scan tasks. You can use the scan task wizard to instantly scan a target, as well as the advanced scan task wizard, which gives a few more options to configure. For demonstration purposes, stick with the task you’ve just created.

Now that you’ve configured the scan task and added the Metasploitable 2 machine to the target list, all that remains is to run the task and wait for the results.

Running the OpenVAS Vulnerability Scan

To run the newly created task, click the green start button as follows:

Vulnerability Scanning
Run the scan task.

The scan task will now execute against the selected target. Please note that the full scan may take a while to complete. When you refresh the tasks page, you will be able to check the progress for the executed task. To do this, follow these steps:

  1. Reload the page.
  2. Check task status/progress.
Vulnerability Scanning
Vulnerability scan in progress…

After waiting for a while the scan task is finished and the status changes to Done:

Vulnerability Scanning
Vulnerability scan finished

As expected, OpenVAS found a number of severe vulnerabilities.

Interpreting the Scan Results

Once the vulnerability scan has finished, you can browse to Scans  Reports in the top menu. Looking at the reports page, you will find the report for the completed scanning task:

Vulnerability Scanning
Vulnerability scanning report.

By clicking the report name you get an overview of all discovered vulnerabilities on the Metasploitable 2 machine, which is a lot as already expected. The results are ordered on severity rate by default:

Vulnerability Scanning
Discovered vulnerabilities.

When you click on the vulnerability name you can get an overview of the details regarding the vulnerability. The following details apply to a backdoor vulnerability in Unreal IRCD covered in an earlier tutorial:

Vulnerability Scanning
Vulnerability details.

Finally, you can also export the report in a variety of formats, such as XML, HTML, and PDF. this can be done by selecting the desired format from the drop-down menu and click the green export icon as follows:

Vulnerability Scanning
Export vulnerability report to PDF.