OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks’ commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.
OpenVAS is composed of some elements, as OpenVAS-Cli, Greenbone Security Assistant, OpenVAS Scanner and OpenVAS Manager.
The official OpenVAS homepage is http://www.openvas.org.
From Kali Linux 2017.1 to Debian 9
Ok, this is a temporary solution. Now (June 2017), Debian 9 wasn’t released yet and OpenVAS 9 is not available in Debian in good conditions (it is in Experimental but a bit problematic). I think that we will have OpenVAS in backports soon.
The OpenVAS 9 from Kali is working perfect for Debian 9. So, to take advantage of this, adopt the following procedures:
1. Add a line to end of /etc/apt/sources.list file:
deb http://http.kali.org/kali kali-rolling main
# apt-get update # apt-get install -t kali-rolling openvas
(if you want to simulate before install, add a -s option before -t)
3. Rermove or comment the previous line added to /etc/apt/sources.list file to avoid future problems in your Debian.
4. Run the following command to configure the OpenVAS and to download the initial database:
This step may take some time. Note that the initial password for user admin will be created and shown.
5. Finally, open a web browser and access the address https://127.0.0.1:9392 (use https!!!). Alternatively, you can call http://127.0.0.1 to be automagically redirected to https://127.0.0.1:9392.
The default user is admin and the password was shown in the last step. You will can change this password inside OpenVAS (menu Administration > Users > Edit User, which is an blue icon).
If your password was lost, you will be able to create a new administrative user via shell command. See the section “Some tips” below.
6. To see the packages installed from Kali Linux, use the command:
$ dpkg -l | grep kali
To create a new administrative user called test:
# openvasmd --create-user test --role Admin
To update the database (NVTs):
# openvasmd --update # openvasmd --rebuild # service openvas-scanner restart
To solve the message “Login failed. Waiting for OMP service to become available”:
To make OpenVAS listen all network interfaces, allowing one to call the service in a remote web browser (http://remote-server, port 80 only), edit the /lib/systemd/system/greenbone-security-assistant.service and change:
ExecStart=/usr/sbin/gsad --foreground --listen=127.0.0.1 --port=9392 --mlisten=127.0.0.1 --mport=9390
ExecStart=/usr/sbin/gsad --foreground --listen=0.0.0.0 --port=9392 --mlisten=127.0.0.1 --mport=9390
After the change, reload the configuration and restart the service:
# systemctl daemon-reload # systemctl restart greenbone-security-assistant
Quick start for beginners
If OpenVAS isn’t familiar for you, I have a suggestion for a quick test. Firstly, download Ubuntu Server 8.04 from this page and install it inside a virtual machine, selecting all services as LAMP, SSH etc. I used the i386 version and VirtualBox. After this, use OpenVAS to scan the Ubuntu (menu Scans > Tasks > a pink icon with a magic wand in the upper left corner). After the scan, click over the blue bar where we will can see the word “Done”.