OpenVAS Setup

Rich
3 min readApr 24, 2023

TL;DR setting up the free OpenVAS on Kali

Part I: Howto Setup BloodHound

Part II: Howto Setup BlueHound

Part III: Howto Setup OpenVAS

Background

I recently got around to finally setting up OpenVAS on Kali. I should have done it back before I took eJPT. It would have helped, luckily we passed regardless. There was a bit of Googling and trial & error involved so I figured I’d post my notes in case they help anyone else. I’ll probably be reading this myself in a year from now when I forget what I did.

Update Kali & install OpenVAS

sudo apt update -y
sudo apt upgrade -y
sudo apt install openvas

Update the DB

You may or may not have to do this bit. I was getting weird errors. It turns out that I had to update PostgreSQL from version 14 to 15.

#Show versions
pg_lsclusters
pg_dropcluster --stop 15 main
pg_upgradecluster 14 main
pg_dropcluster --stop 14 main

Setup OpenVAS

Configure OpenVAS via

sudo gvm-setup

Note the password shown at the end. In the worst case though you can always reset it via

gvmd --user=admin --new-password=Password!!;

Troubleshooting

This is where things get fun and exciting. Normally you would just

sudo gvm-start

However I had a couple issues like the below. Luckily OpenVAS includes a check that’ll let you know most of what you need to do.

In my case I had to do the below:

sudo gvm-check-setup
sudo runuser -u _gvm - greenbone-feed-sync - type SCAP
systemctl start redis-server@openvas.service
sudo chmod 666 /var/log/gvm/openvas.log

Fortunately CW6 Google let me know to make that last change to the log’s file permissions. It would have taken me ages to figure that one out based solely on the errors.

Once everything is good the check will pass.

Scanning

One can create a new task and upload a target list. Just bear in mind that it has to be a comma separated list. As an example my scan of SlayerLabs looked like the below:

10.65.1.4, 10.65.1.21–43, 10.65.3.40, 10.65.3.90, 10.65.10.91–92, 10.65.20.20–30

Once it’s done you will see something like the below.

Personally I prefer to export the scan results to PDF and then view them by host. This makes it easy to see vulnerabilities by host.

Obviously this one jumped out at me. We go over exploiting what OpenVAS found and post exploitation here.

Updating OpenVAS

I had to update OpenVAS on my Kali VM recently while running a TryHackMe room on Vulnerability Management.

This was done via:

#Show versions
pg_lsclusters
pg_dropcluster --stop 16 main
pg_upgradecluster 15 main
pg_dropcluster --stop 15 main

apt install postgresql-16-pg-gvm
sudo runuser -u postgres -- /usr/share/gvm/create-postgresql-database
sudo runuser -u _gvm -- gvmd --migrate

sudo gvm-check-setup
sudo gvm-start

Summary

Nessus has a trial version, but it’s only good for running X number of scans. This version of OpenVAS is completely free. Like many Linux programs though it can have some dependency issues.

References

PostgreSQL update: https://www.netvizura.com/blog/how-to-upgrade-postgresql-from-13-to-14

OpenVAS setup: https://www.geeksforgeeks.org/installing-openvas-on-kali-linux/#

--

--

Rich

I work various IT jobs & like Windows domain security as a hobby. Most of what’s here is my notes from auditing or the lab.