So, let's Start How you can install OpenVAS on Kali Linux.
First Of all open Linux command terminal to download and install OpenVAS:
Type In Following Commands:
- Apt-get install openvas
The last command sets up the OpenVAS and synchronizes the NVT feed with NVT collection on Kali Linux.
Time depends on the speed of your internet connection.
After the installation is finished you will be presented with a long password on the last line of the console.This password will be used to login to the OpenVAS web interface so you need to save it somewhere and you can change it after logging in.
After the OpenVAS setup is finished processing the OpenVAS, manager, scanner and all the services listening on the port 9390,9391,9392 and port 80.Use the following command to check that services are listening:
- Netstat –antp
- Netstat –antp command
- -a all
- -n show up instead of hostnames
- -t shows TCP connections
- -p show process id
Running The OpenVAS
If any of the services are not running use the following command to start all services:
Then connect to a web interface using the browser and goto:
Accept the SSL certificate and sign in with the user ‘admin’ and the long password that was generated while setup process.
Below is the overview of web interface after logging in:
Scanning Metasploitable 2 with OpenVAS
To start the scan with OpenVAS is very easy.Enter the target hostname or IP address in the quick start field and then click the ‘Start Scan’ button.Try Scanning the server that you physically own or have permission to scan.OpenVAS scanner produces a lot of network traffic that may lead to crash or DOS the server.
When scanning will be finished click the report page under the Scan Management menu and take a look at an overview of scanning results:
You will see the Metasploitable 2 vulnerable machine contains 19 high, 32 medium and 6 lower rated vulnerabilities.When You click the report you will see a more detailed overview of the vulnerabilities found.
OpenVAS offer a lot of more functionality, including the database of vulnerability database from feed categorized in CVE’s, NVT’s and CPE’s.
Hope you may have an understanding of how you can use OpenVAS for vulnerabilities scanning.
Hopefully, this tutorial has proven useful for you and will help you get started in automated vulnerability scanner.Thanks!