OPENVAS(KALI)

Task OpenVAS Uitilization Guide for Kali Linux

Conditions

Utilizing the provided sudo privileges, run vulnerability scans on UNIX/Linux hosts

Standards

• Setup OpenVAS on Kali Linux
• Conduct vulnerability scan

End State

Completed a vulnerability scan utilizing OpenVAS via Kali Linux

1. OpenVAS – Verification

• Verify ONLY if OpenVAS is installed already. If OpenVAS(GVM) is not installed, move onto Step 2
  From a terminal shell as root type the following:
  

  $ openvas-check-setup
  

Verify that all checks are good and openvas responds with OK

2. (OpenVAS) Greenbone Vulnerability Manager Installation for Kali Linux

• Install the packages through apt install openvas
  

  apt update
  apt upgrade
  apt install openvas
  

• Configuration
  

  openvas-setup
  

• Verify that the Green Security Assistant Daemon (gsad) is in a running and listening status
  

  netstat -apn | grep LISTEN
  

You should see something like the following output:

tcp    0  0 127.0.0.1:9390      0.0.0.0:*           LISTEN      128108/openvasmd    
tcp    0  0 127.0.0.1:80        0.0.0.0:*           LISTEN      128112/gsad         
tcp    0  0 127.0.0.1:9392      0.0.0.0:*           LISTEN      128106/gsad

2a. OpenVAS – Verify all signatures and feeds are up-to-date

• Access the OpenVAS web front-end at https://localhost:9392/. To access the web front-end interface from another node, use the following format: https://hostname:9392/
• Click on Administration -> NVT Feed and verify that the Feed Version is the latest version Format is in the form of a timestamp: YYYYMMDDHHSS
• Completed the above for all feeds under Administration Menu, or to update all feeds from the terminal type the following:
  

  openvas-nvt-sync
  

3. OpenVAS – Simple Scan

• Access the OpenVAS web front-end at https://localhost:9392/. To access the web front-end interface from another node, use the following format: https://hostname:9392/

• If you do not know the username and password see [Note 2] below

• Enter the IP address or host name of the system(s) you wish to scan and press Start Scan

• You will be presented with an updated progress bar as the scan progresses through the scan

• Once the scan is completed you will be presented with a results page

• Verify results are in compliance with enclave SOP and local policy

• Review the report

• The complete report as well as only filtered results can be viewed and downloaded
• By default, only the High and Medium risks are displayed

4. OpenVAS – Authenticated / Credentialed Scan

This option can be heavy on the network

• Access the OpenVAS web front-end at https://localhost:9392/. To access the web front-end interface from another node, use the following format: https://hostname:9392/

  • If you do not know the username and password see [Note 2] below

• Create Credentials for Host being scanned

  • From the top menu select Configuration -> credentials
  • Click the Blue Star icon – New Credential and fill in the information below
  • Click Create Credential Button
  • For Linux / Unix hosts ensure SSH is utilized
  • If you receive an error when saving, please see [Note 3] below

• Start the Advanced Wizard

  • Hovering over the purple New Wizard icon and selecting Advanced Wizard
  • Enter in Task Name for scan
  • Change Scan Config to Full and Fast
  • Enter in IP address or CIDR address range for Target Hosts
  • Ensure Start immediately radio button is selected
  • Select the credentials created in step 2 above:
    • Ensure Linux/Unix hosts use SSH Credentials
    • Ensure Windows hosts use SMB Credentials

• Click Create Task to start your scan

Once the scan is complete it will state Done in the Tasks pane. Click on the completed scan to view results. Verify that the scan completed with credentials by checking the status of the SMB Login

5. OpenVAS – Report and remediate all High Medium and Low findings

• From the OpenVAS web page click on the Completed Report Date of the Report you would like to review
• Vulnerabilities will be listed in order of severity (High, Medium, Low)
• Click on each vulnerability and review/implement suggested remediation and workarounds per local SOP

Notes:

• Note 1: To perform Credentialed / Authenticated scans on windows hosts you must:

  • Ensure remote registry service is started
  • The credentials used must be members of the Local or Domain administrator group on scanned hosts
  • The File and Printer Sharing is activated – if host is Windows XP do not use Simple File Sharing

• Note 2: To change your OpenVAS password type the following as root

  openvasmd --user=admin --new-password=password
  

• Note 3: If you receive an error while creating user credentials verify that the following directory exists

  • /var/lib/openvas/gnupg
  • If the above directory does not exist create it by typing on the server as root
    • mkdir /var/lib/openvas/gnupg

Running Script

NA

Dependencies

Kali Linux

Other available tools

N/A

References

Install OpenVAS(GVM) on Kali Linux 2019
A Brief Introduction to the OpenVAS Scanner

Revision History