Install OpenVAS (GVM) in Kali Linux

Published by necrolingus on

Installing OpenVAS in Kali Linux can be a bit confusing. Below I outlined the steps.

OpenVAS is sometimes also referred to as GVM, or “Greenbone Vulnerability Management”, that is why sometimes you need to use the gvm command, and sometimes the Greenbone command. Below are some of the components that make up OpenVAS:

  1. Greenbone Vulnerability Manager (GVM): This is the central management component of the suite. It integrates several tools and databases to facilitate vulnerability scanning, management, and reporting.
  2. OpenVAS Scanner: This is the scanner component responsible for actively scanning networks and systems for vulnerabilities. It uses a database of Network Vulnerability Tests (NVTs) to perform these scans.
  3. Greenbone Security Assistant (GSA): GSA is the web interface provided by GVM. It allows users to configure and manage scans, view scan results, generate reports, and manage user accounts.
  4. Greenbone Community Feed: This is a free feed provided by Greenbone that includes a collection of NVTs, SCAP data, and other security content. It’s essential for keeping the scanning tools up-to-date with the latest vulnerability information.
  5. SCAP (Security Content Automation Protocol) Data: SCAP data includes standardized formats for expressing and manipulating security-related information, such as vulnerability checks, configuration benchmarks, and security checklists.
  6. Greenbone Management Protocol (GMP): GMP is the protocol used for communication between components within GVM, allowing for automation and integration with other systems.

How to install OpenVAS in Kali Linux

sudo apt install gvm

This will configure the postgresDB, create a new user called _gvm, download Notus files, NASL files (scripts), SCAP data, etc.

This command takes quite a while to run, so just leave it.

After the command is done, it will display your admin password. We will reset it later on, so if you missed it, don’t worry.

Run the setup command

sudo gvm-setup

This will check that everything was installed and configured properly. It can also take a few minutes to run so be patient.

Start the OpenVAS server

To start the OpenVAS service, run this command.

sudo gvm-start

And to stop the OpenVAS server run this command.

sudo gvm-stop

If you want to change your password, stop the OpenVAS server and run the below commands.

How to open the Web Interface

Go to “https://localhost:9392” and log in using “admin” as your username and your password.

“SCAP database is required” error

When you start OpenVAS for the first time and log into the web interface, go to the menu option “SecInfo” and then click on “NVTs”. I you get the error “SCAP database is required”, don’t worry.

OpenVAS does a bunch of stuff in the background the first time you run it, so leave the web interface open and give it about an hour to do its thing (this is a once off and should never happen again).

You will also notice quite high CPU usage during this time, it is normal. Just wait a while.

Reset your OpenVAS admin password

Stop the service, run the below command, start the service, and try to log in with your newly set password. If it did not work, stop the service again, then run the second command, and start the service again.

sudo gvmd --user=admin --new-password=myNewPass

The second command

This command executes gvmd as the _gvm user (which got created when we ran “sudo apt install gvm“).

sudo runuser -u _gvm -- gvmd --user=admin --new-password=myNewPass

How to create a new user

sudo runuser -u _gvm -- gvmd --create-user=newUser --new-password=newUserPass

How to update the vulnerability feeds

This will update everyting

greenbone-feed-sync

To update only certain feeds

greenbone-nvt-sync
greenbone-scapdata-sync
greenbone-certdata-sync

Brief summary of each of the feeds

NVT (Network Vulnerability Tests): NVTs are scripts or test definitions used by the OpenVAS scanner to detect vulnerabilities in network services, applications, and operating systems.

SCAP Data (Security Content Automation Protocol): SCAP basically contains your CVEs. it is a suite of standards for automating the management of vulnerabilities and ensuring security compliance. SCAP data includes standardized formats for expressing and manipulating security-related information, such as vulnerability descriptions, configuration benchmarks, and security checklists. (but it does so much more)

CERT data (Computer Emergency Response Team): CERT data includes information about security advisories, incident reports, and other threat intelligence provided by CERT organizations.

Categories: General Coding
Tags:

Related Posts

Local ChatGPT using LMStudio, Lanchain, and our RAG data

This post follows from my previous post about RAGs (steps 1, 2, and 3) which can be found here: https://techstuff.leighonline.net/2024/04/30/creating-a-vector-database-for-rag-using-chroma-db-langchain-gpt4all-and-python/ In this post we will spin up the LMStudio server and use Langchain to chat Read more…

Creating a vector database for RAG using Chroma DB, Langchain, GPT4all, and Python

In its simplest form, a RAG consists of these steps. We will focus on step 1, 2, and 3 in this post: In our follow up post we will perform step 4, 5, and 6: Read more…

Automation with Ansible – Setup and examples

You can run Ansible in a VM, a laptop with Linux installed, an LXC container, etc. In this tutorial we will cover the following: Authentication For every host I want Ansible to be able to Read more…