OpenVAS Vulnerability Scanner

OpenVAS is a preinstalled vulnerability tool in both Kali and Parrot. It is completely free and even if it is preinstalled in these OSs, you need to do something before you use it.

First, you need to start a new installation;

Meanwhile, if you updated your Kali or Parrot, it is possible you see such error while trying to run OpenVAS;

“the default postgresql version is not 13 required by libgvmd”

It is because there are two versions of postgresql on the machine, and very easy to solve it. You can easily find the solution in here (https://joepke.com/).

After solving the postgresql issue, you can try to start a new installation again (it is also same with the “gvm-setup” command), and it was take a time to install all modules;

After the complete of the installation, OpenVAS will create a complex password for admin user. Do not forget to save it.

We need to start OpenVAS service to use after these steps; “gvm-start”

Then, it is ready to use; https://localhost:9392

🙂 ————————————————————>

It is possible to check if the installation is successful, with the “gvm-check-setup” command or from “Applications > Pentesting > Vulnerability Analysis > OpenVAS – Greenbone > Check Setup of Greenbone Vulnerability Management” menu.

You can check newly updated CVEs from the “SecInfo > CVEs” menu. All CVEs you have will be listed here.

Scanning with OpenVAS:

To start scanning, we first need to create a target from Configuration> Targets menu.

From Scans>Tasks menu, we create a new scanning task and show the target we created in previous step, as Scan Targets and we save the task. Then, we can start scanning in the Scans>Tasks menu. When the scanning is completed, the status is shown as “Done”.

Leave a Reply