installation & run#

apt-get update && apt-get -y full-upgrade
apt-get install gvm && openvas
gvm-setup
# wait ~30m for the installation to complete
gvn-start
open https://localhost:8080

configurations tab#

Targets#

Here we can add targets for the tasks to scan, including:

  • ports
  • authentication
    • leverage a high privileged user (root, Administrator) if possible to get the maximum amount of information about the target
  • host reachability identification methods
    • For the Alive Test, the Scan Config Default option leverages the NVT Ping Host in the NVT Family

💡 NVT Family

Known as OpenVAS Network Vulnerability Test Family. The Families consist of many different categories of vulnerabilities for Linux, Windows, Web Application etc.

OpenVAS has various configurations to choose from by default. The ones listed below should be safe to use and not disrupt the network.

  • Base
    • information about the host and OS
    • does not check for vulns
  • Discovery
    • services, accessible ports, software used on the target
  • Host Discovery
    • tests whether the host is alive and determines what devices are active on the network
    • does not check for vulns
    • uses ping to check if the host is alive
  • System Discovery
    • going further than the Discovery Scan and attempts to identify the OS and hardware associated with the host
  • Full and Fast
    • safest option
    • leverages intelligence to use the best NVT checks, based on the accessible port

scans tab#

  • Lists already finished scans
  • Allows to create new Tasks to run a scan
    • The tasks work off of the pre-made scanning configurations (in the Configuration Tab)
  • Allows to export the results

exporting#

  • possible formats: xml, csv, pdf, itg and txt

The exported XML can be parsed further. For example we can convert XML to XLSX with openvasreporting tool:

python3 -m openvasreporting -i report-2bf466b5-627d-4659-bea6-1758b43235b1.xml -f xlsx