Vulnerability scanning is a crucial phase of a penetration test and having an updated vulnerability scanner in your security toolkit can often make a real difference by helping you discover overlooked vulnerable items. For this reason, we’ve manually packaged the latest and newly released OpenVAS 8.0 tool and libraries for Kali Linux. Although nothing major has changed in this release in terms of running the vulnerability scanner, I wanted to give a quick overview on how to Install, setup, configure and run OpenVAS on Kali Linux
Setting up Kali for installing OpenVAS
If you haven’t already, make sure your Kali is up-to-date and install the latest OpenVAS. Once done, run the
openvas-setup command to setup OpenVAS, download the latest rules, create an admin user, and start up the various services. Depending on your bandwidth and computer resources, this could take a while.
[email protected]:~# apt-get update && apt-get dist-upgrade -y [email protected]:~# reboot
After the reboot has completed, you need to open terminal again and install OpenVAS.
[email protected]:~# apt-get install openvas -y
This should take some time as the install is around 81.6MB assuming that none of the per-requisitities were ever installed. Sit back and keep reading this guide while the installation continues.
After the installation is finished, you need to run
openvas-setup. This again will take a VERY long time as at this point it will download a lot of CVE, sync NVT’s, Vulnerabilities etc. This process also generates a certificate for HTTPS login to OpenVAS gui.
[email protected]:~# openvas-setup [>] Checking redis.conf [*] Editing redis.conf [>] Checking openvassd.conf [*] Adding to openvassd.conf [>] Restarting redis-server [>] Checking OpenVAS certificate infrastructure ERROR: Directory for keys (/var/lib/openvas/private/CA) not found! ERROR: CA key not found in /var/lib/openvas/private/CA/cakey.pem [*] Creating OpenVAS certificate infrastructure Installed private key to /var/lib/openvas/private/CA/clientkey.pem. Installed certificate to /var/lib/openvas/CA/clientcert.pem. [>] Updating OpenVAS feeds [*] [1/3] Updating: NVT --2018-03-08 03:00:45-- http://dl.greenbone.net/community-nvt-feed-current.tar.bz2 Resolving dl.greenbone.net (dl.greenbone.net)... 188.8.131.52, 2a01:130:2000:127::d1 Connecting to dl.greenbone.net (dl.greenbone.net)|184.108.40.206|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 34536678 (33M) [application/octet-stream] Saving to: ‘/tmp/greenbone-nvt-sync.dsrKn1A33f/openvas-feed-2018-03-08-4271.tar.bz2’ /tmp/greenbone-nvt- 100%[===================>] 32.94M 2.46MB/s in 13s ... ... ... 2018/adobe/ 2018/adobe/gb_adobe_flash_player_within_chrome_apsb18-01_lin.nasl 2018/adobe/gb_adobe_acrobat_dc_classic_apsb17-36_macosx.nasl.asc 2018/adobe/gb_adobe_acrobat_reader_2017_apsb18-02_macosx.nasl.asc 2018/adobe/gb_adobe_flash_player_within_chrome_apsb18-01_lin.nasl.asc 2018/adobe/gb_adobe_acrobat_dc_cont_apsb18-02_macosx.nasl ... ... ... ... Mar 08 03:04:15 kali systemd: Starting Open Vulnerability Assessment System Manager Daemon... [*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1... [>] Checking for admin user [*] Creating admin user User created with password 'e432aa97-2fd3-4c1b-8c16-1166cbd19d70'. [+] Done
Checking for OpenVAS ports
openvas-setup completes its process, the OpenVAS manager, scanner, and GSAD services should be listening:
[email protected]:~# [email protected]:~# netstat -antp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 4782/gsad tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 4774/gsad tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 4776/openvasmd [email protected]:~#
Note those ports? 9392 is for WebGUI/OpenVAS Web Interface.
Checking OpenVAS services
Most guides including the official guides would say to run
openvas-start but I found it useful to run
openvas-check-setup before launching OpenVAS just in case something went missing. For example, in my setup; note that this is a FRESH Kali Installation with Fresh OpenVAS Installation, I found 1 error about
[email protected]:~# openvas-check-setup openvas-check-setup 2.3.7 Test completeness and readiness of OpenVAS-9 Please report us any non-detected problems and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss ... ... ... ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db) FIX: Run a SCAP synchronization script like greenbone-scapdata-sync. ERROR: Your OpenVAS-9 installation is not yet complete! Please follow the instructions marked with FIX above and run this script again. If you think this result is wrong, please report your observation and help us to improve this check routine: http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss Please attach the log-file (/tmp/openvas-check-setup.log) to help us analyze the problem.
The fix is given in the error as well, simple run
greenbone-scapdata-sync and it will sync OpenVAS SCAP database files.
[email protected]:~# greenbone-scapdata-sync OpenVAS community feed server - http://www.openvas.org/ This service is hosted by Greenbone Networks - http://www.greenbone.net/ All transactions are logged. If you have any questions, please use the OpenVAS mailing lists or the OpenVAS IRC chat. See http://www.openvas.org/ for details. By using this service you agree to our terms and conditions. Only one sync per time, otherwise the source ip will be blocked. receiving incremental file list ./ nvdcve-2.0-2005.xml 18,282,318 100% 3.05MB/s 0:00:05 (xfr#1, to-chk=76/89) ... ... ... oval/5.10/org.mitre.oval/v/family/windows.xml.asc 181 100% 0.34kB/s 0:00:00 (xfr#68, to-chk=0/89) sent 10,379 bytes received 884,066,503 bytes 2,847,268.54 bytes/sec total size is 926,410,667 speedup is 1.05 part 0 Done part 1 Done part 0 Done part 1 Done /usr/sbin/openvasmd
I have a really fast Internet connection, but this took some time! However after it finished, I ran openvas-check-setup again to ensure there’s to major errors.
[email protected]:~# openvas-check-setup ... ... It seems like your OpenVAS-9 installation is OK.
This time it came back as
OK. There were few warnings, if you want you can follow up on those.
Starting OpenVAS services
[email protected]:~# openvas-start [*] Please wait for the OpenVAS services to start. [*] [*] You might need to refresh your browser once it opens. [*] [*] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392 ● greenbone-security-assistant.service - Greenbone Security Assistant Loaded: loaded (/lib/systemd/system/greenbone-security-assistant.service; disabled; vendor preset: disabled) [*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1...
Setup OpenVAS User account and changing password
Remember the long password that was auto-created for
admin user by default? You don’t? Neither do I!
[email protected]:~# [email protected]:~# openvasmd --create-user=blackmore User created with password '19c29356-c59e-481a-8c3d-80225f80302b'. [email protected]:~# openvasmd --create-user=blackmoreops User created with password 'b4f70c8b-1c45-442d-a41b-b87b24f473b6'. [email protected]:~# [email protected]:~# openvasmd --user=blackmoreops --new-password=operations1 [email protected]:~# openvasmd --user=admin --new-password=administrator1 [email protected]:~# openvasmd --user=blackmore --new-password=operations1 [email protected]:~# [email protected]:~# openvasmd --get-users admin blackmore blackmoreops [email protected]:~#
Connecting to the OpenVAS Web Interface
Point your browser to https://127.0.0.1:9392, accept the self signed SSL certificate and plugin the credentials for the admin user.
The admin password was generated during the setup phase. We’ve changed it but if you haven’t look through the outputs of simply reset it.
Type in Admin username and password or one of the new users you’ve setup and bang, you’re in.
OpenVAS is now ready for you to configure a scan-config and run a scan against a given IP or range. You are going to love that part!