Scribd
Upload
859 views

Basic Openvas Tutorial

This document provides a tutorial for beginners on how to use the OpenVAS vulnerability scanner. It explains how to set up OpenVAS on Kali Linux, including running the initial setup script and starting the OpenVAS services. It then describes two options for using OpenVAS - through the Greenbone web interface at 127.0.0.1:9392 or within Metasploit using the openvas_ commands. The tutorial outlines the basic workflow for performing vulnerability scans using both the web interface and Metasploit.

Uploaded by

atul
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
859 views

Basic Openvas Tutorial

This document provides a tutorial for beginners on how to use the OpenVAS vulnerability scanner. It explains how to set up OpenVAS on Kali Linux, including running the initial setup script and starting the OpenVAS services. It then describes two options for using OpenVAS - through the Greenbone web interface at 127.0.0.1:9392 or within Metasploit using the openvas_ commands. The tutorial outlines the basic workflow for performing vulnerability scans using both the web interface and Metasploit.

Uploaded by

atul
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

This is a basic openvas tutorial for beginners.

It will explain a little of how to use openvas


web ui to perform a test of your systems. It will give you the basic options for using
metasploit msfconsole to run an openvas vulnerability scan. It will also show how to
import an openvas report into the metasploit database.

On the first run of ovenvas scanner on kali linux you need to run a setup script – if you do
this as part of this OpenVas tutorial for beginners, then you will not need to do it again.
apps > kali > vlnerability analysis > openvas > openvas initial setup
You only need to run this once

You’ll need to set a password so that you can sign in:


openvasmd –user=admin –new-password=Your_New_password
You only need to run this once

You will then need to start the openvas services:


apps > kali > vlnerability analysis > openvas > start openvas

OpenVas tutorial for beginners


You then have a choice how you want to continue:

 OpenVAS web ui
 OpenVAS inside metasploit

Web ui
Once openvas has started, open your browser and point it to:

https://127.0.0.1:9392

This opens the ‘greenbone’ web interface for openvas and sign in.
To initiate a simple scan of an ip address or hostname, click the small (tiny) purple icon
with the wand in it. This will take you to a screen with an input where you can perform a
full fast scan of a host.

There are loads of menus in the greenbone web ui:

Scan management
The most important entry in this menu is ‘New Task’ – you can start complex scans from
this screen.

Asset Management
Currently contains a single item: Hosts
This is where the list of accumulated hosts form all your scans appear.
Sec Info Management
Contains a few items, each representing the vulnerability databases that openvas knows
about

Configuration
Various configuration options, targets and scan configurations

Extras
Configuration of the web ui itsself

Administration
User management, Feed synchronisation, update, etc

You can do lots of things from the web ui. I use it to start scans and sometimes to export
scans to import into metasploit. For more advanced usage, its usually better to use the
msfconsole:

inside metasploit
Open a terminal and type:

msfconsole

This will load msfconsole. For a beginners metasploit tutorial, please see my post on
metasploit for beginners)
To show help for openvas inside metasploit type the command:

openvas_help

To start using openvas inside metasploit, you need to select the openvas modules:

load openvas

The next step is to connect to your openvas database


# default username and password are set the first time you start openvas in a terminal

openvas_connect username password localhost 9390 ok

Once the database has connected, create a target to scan

openvas_target_create target_name ip_address comments

This command will show the list of configured scans

openvas_config_list

This command will shoe the list of your targets


openvas_target_list

You then need to string it together to create a scan task

openvas_task_create scan_name comment scan_id target_id

This command will then show the scan tasks

openvas_task_list

You then need to start the scan

openvas_task_start task_id

You can use this commant to check the scan as it is running

openvas_task_list

This command will show the reports once the scans have completed

openvas_report_list

And this command will show the available formats for export

openvas_format_list

You can download reports in any of the formats from the above command..

openvas_report_download report_id format_id /path/to/saved/file


report_name

Or you can import reports into metasploit – metasploit can only import xml and nbe reports

openvas_report_import report_id format_id

Once the report has imported into metasploit then the vulnerabilites will be available in the
metasploit database / on the web ui for metasploit :D

You can find out more information on openvas at the projects website

By OpenVAS project – http://openvas.org/, GFDL,


https://commons.wikimedia.org/w/index.php?curid=12183599

I hope you have enjoyed this OpenVas tutorial for beginners and that it helps you get to
grips with Openvas.

You might also like