OpenVas tutorial for beginners

OpenVas tutorial for beginners

This is a basic openvas tutorial for beginners. It will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. It will also show how to import an openvas report into the metasploit database.

On the first run of ovenvas scanner on kali linux you need to run a setup script – if you do this as part of this OpenVas tutorial for beginners, then you will not need to do it again.
apps > kali > vlnerability analysis > openvas > openvas initial setup
You only need to run this once

You’ll need to set a password so that you can sign in:
openvasmd –user=admin –new-password=Your_New_password
You only need to run this once

You will then need to start the openvas services:
apps > kali > vlnerability analysis > openvas > start openvas

OpenVas tutorial for beginners

You then have a choice how you want to continue:

Web ui

Once openvas has started, open your browser and point it to:

https://127.0.0.1:9392

This opens the ‘greenbone’ web interface for openvas and sign in.
To initiate a simple scan of an ip address or hostname, click the small (tiny) purple icon with the wand in it. This will take you to a screen with an input where you can perform a full fast scan of a host.

There are loads of menus in the greenbone web ui:

Scan management
The most important entry in this menu is ‘New Task’ – you can start complex scans from this screen.

Asset Management
Currently contains a single item: Hosts
This is where the list of accumulated hosts form all your scans appear.

Sec Info Management
Contains a few items, each representing the vulnerability databases that openvas knows about

Configuration
Various configuration options, targets and scan configurations

Extras
Configuration of the web ui itsself

Administration
User management, Feed synchronisation, update, etc

You can do lots of things from the web ui. I use it to start scans and sometimes to export scans to import into metasploit. For more advanced usage, its usually better to use the msfconsole:

inside metasploit

Open a terminal and type:


msfconsole

This will load msfconsole. For a beginners metasploit tutorial, please see my post on metasploit for beginners)
To show help for openvas inside metasploit type the command:

openvas_help

To start using openvas inside metasploit, you need to select the openvas modules:


load openvas

The next step is to connect to your openvas database
# default username and password are set the first time you start openvas in a terminal


openvas_connect username password localhost 9390 ok

Once the database has connected, create a target to scan


openvas_target_create target_name ip_address comments

This command will show the list of configured scans


openvas_config_list

This command will shoe the list of your targets


openvas_target_list

You then need to string it together to create a scan task


openvas_task_create scan_name comment scan_id target_id

This command will then show the scan tasks

openvas_task_list

You then need to start the scan

openvas_task_start task_id

You can use this commant to check the scan as it is running

openvas_task_list

This command will show the reports once the scans have completed

openvas_report_list

And this command will show the available formats for export

openvas_format_list

You can download reports in any of the formats from the above command..

openvas_report_download report_id format_id /path/to/saved/file report_name

Or you can import reports into metasploit – metasploit can only import xml and nbe reports

openvas_report_import report_id format_id

Once the report has imported into metasploit then the vulnerabilites will be available in the metasploit database / on the web ui for metasploit :D

You can find out more information on openvas at the projects website


Openvas tutorial for beginners
By OpenVAS project – http://openvas.org/, GFDL, https://commons.wikimedia.org/w/index.php?curid=12183599

I hope you have enjoyed this OpenVas tutorial for beginners and that it helps you get to grips with Openvas.

  • dcsuraj

    Thanks buddy, newbie but on the road without a fuss. A great tutorial.