One of the greatest things about Linux is the amount of open source tools at your disposal, although they might not be installed. In this how-to, we will install OpenVas, an open-source vulnerability scanning and management application, and then run your first vulnerability scan.
First things first, we have to choose our base Linux distro. This walkthrough will use Ubuntu. Some other distros, such as Kali Linux, may already have it installed.
In addition to our Ubuntu installation we will need to choose which version of OpenVas we will be working with. Currently, there are three versions in circulation. For this tutorial we will be using the newest – the Greenbone Vulnerability Management (GVM) version 10. To read more details on OpenVas or GVM, they can be found here.
In order to begin the installation of GVM, we also will need to install the proper required repository, which GVM is dependent on. To do this we will begin opening a terminal session by pressing Ctrl + Alt + T and run the following command:
The output of the above command will give text-based instruction for GVM but also give you optional instructions.
Updating Your Ubuntu Installation
Starting with a fresh installation of Ubuntu 18.04, we will want to make sure that we are fully updated. To do this, run the following command:
Installation of OpenVas
At this point, we are ready to install GVM. The default database used for GVM is SQLite. If you prefer another database for use with this solution, you can find additional instructions at the link provided above.
To install GVM, run the following:
During your installation, you will be prompted with additional configuration steps:
To configure the Unix Socket, select “Yes.”
To configure GVMD-sqlite, select “Yes.”
To configure GVMD-sqlite-cert, select “Yes.”
To configure GVMD-sqlite-scap, select “Yes.”
When the installation completes, the final step is to update the greenbone nvt/cert/scap data with the following set of commands:
Running Your First scan
Congratulations on completing the installation of GVM – now the fun begins. First, to give ourselves the warm fuzzies, let’s check the status of our installation. All properly-running applications should show a green dot or ‘active’ status when run. We can do that by launching the following-
GVM gives users the ability to use a Web interface. To access the Web interface, navigate your web browser to:
Login with the following credentials:
Once logged in using the admin credentials, we can now set up our first scan. To do this, select “Scan -> Tasks” from the application menu.
Then from the task window, find the ‘wand’ icon and select Task Wizard.
When the Task Wizard window appears, we will enter the IP address of our host. Since we are only using one machine, we will scan our local host. To do this, confirm that 127.0.0.1 is entered. If not, manually enter it in the space provided.
Click “Start Scan” and wait. This may take a few minutes, depending on whether you used a fresh install of Ubuntu or an existing machine.
Once the scan has completed, you will see a page similar to the following notifications.
Now to see your results, go to “Scans -> Reports.” Due to the fact that this is a new test machine, my results have no findings. If you run a scan on an existing machine on your company or home network, you may have different results.
To conclude, we have just hit the tip of the iceberg in what GVM can do for finding system vulnerabilities. I challenge you to configure different scans and uncover things you may not have known existed. You will be surprised at what you find, I guarantee. Happy Scanning!