OpenVas tutorial for beginners using web and metasploit

This is a basic openvas tutorial for beginners. I will explain a little of how to use openvas web ui to perform a test of your systems. It will give you the basic options for using metasploit msfconsole to run an openvas vulnerability scan. You will also learn how to import an openvas report into the metasploit database.

On the first run of ovenvas scanner on kali linux you need to run a setup script – if you do this as part of this OpenVas tutorial for beginners, then you will not need to do it again.
apps > kali > vulnerability analysis > openvas > openvas initial setup
You only need to run this once

You’ll need to set a password so that you can sign in:
openvasmd –user=admin –new-password=Your_New_password
You only need to run this once

You will then need to start the openvas services:
apps > kali > vlnerability analysis > openvas > start openvas

OpenVas tutorial for beginners

You then have a choice how you want to continue:

OpenVas tutorial for beginners: Web ui

Once openvas has started, open your browser and point it to:

https://127.0.0.1:9392

This opens the ‘greenbone’ web interface for openvas and sign in.
To initiate a simple scan of an ip address or hostname, click the small (tiny) purple icon with the wand in it. This will take you to a screen with an input where you can perform a full fast scan of a host.

There are loads of menus in the greenbone web ui:

Scan management
The most important entry in this menu is ‘New Task’ – you can start complex scans from this screen.

Asset Management
Currently contains a single item: Hosts
This is where the list of accumulated hosts form all your scans appear.

Sec Info Management
Contains a few items, each representing the vulnerability databases that openvas knows about

Configuration
Various configuration options, targets and scan configurations

Extras
Configuration of the web ui itsself

Administration
User management, Feed synchronisation, update, etc

You can do lots of things from the web ui. I use it to start scans and sometimes to export scans to import into metasploit. For more advanced usage, its usually better to use the msfconsole:

OpenVas tutorial for beginners: Inside metasploit

Open a terminal and type:

msfconsole


This will load msfconsole. For a beginners metasploit tutorial, please see my post on metasploit for beginners)
To show help for openvas inside metasploit type the command:

openvas_help

To start using openvas inside metasploit, you need to select the openvas modules:

load openvas


The next step is to connect to your openvas database
# default username and password are set the first time you start openvas in a terminal

openvas_connect username password localhost 9390 ok


Once the database has connected, create a target to scan

openvas_target_create target_name ip_address comments


This command will show the list of configured scans

openvas_config_list


This command will shoe the list of your targets

openvas_target_list


You then need to string it together to create a scan task

openvas_task_create scan_name comment scan_id target_id


This command will then show the scan tasks

openvas_task_list

You then need to start the scan

openvas_task_start task_id

You can use this commant to check the scan as it is running

openvas_task_list

This command will show the reports once the scans have completed

openvas_report_list

And this command will show the available formats for export

openvas_format_list

You can download reports in any of the formats from the above command..

openvas_report_download report_id format_id /path/to/saved/file report_name

Or you can import reports into metasploit – metasploit can only import xml and nbe reports

openvas_report_import report_id format_id

Once the report has imported into metasploit then the vulnerabilites will be available in the metasploit database / on the web ui for metasploit :D

You can find out more information on openvas at the projects website

Openvas tutorial for beginners

I hope you have enjoyed this OpenVas tutorial for beginners and that it helps you get to grips with Openvas.
I also have a Metasploit tutorial for beginners that you might like

If you enjoy this tutorial, please check out my metasploit tutorials below

This Post Has One Comment

  1. dcsuraj

    Thanks buddy, newbie but on the road without a fuss. A great tutorial.

Leave a Reply