Install OpenVAS Vulnerability Scanner On Ubuntu

In this article , I have explained how to install openvas vulnerability scanner on Ubuntu.

Also we will learn to add a target hosts to scanner and scan the servers.

What Is OpenVAS Vulnerability Scanner?

OpenVAS also known as Open Vulnerability Assessment System is a an opensource tool offering vulnerability scanning and management.

Plugins for OpenVAS are written in Nessus Attack Scripting Language.

Its capabilities includes authenticated testing , unauthenticated testing and low and high level internet and industrial protocols , performance tuning for large-scale scans and a powerful internal programming language to implement any type of vulnerability test.

OpenVAS includes several services and tools.

  • Greenbone Security Assistant – A graphical interface that allows us to manage scans from web application.
  • Scanner – Which runs the NVT (Network Vulnerability tests).
  • A database to store results and configurations.

Lets go ahead and install openvas vulnerability scanner on ubuntu system.

Installing OpenVAS On Ubuntu

Before installing openvas tool on ubuntu , Update the Ubuntu’s default APT package repository.

sudo apt-get update

Then we need to add the PPA repository to the system.make sure you have root or sudo permission to execute below commands.

sudo add-apt-repository ppa:mrazavi/openvas

When you run the above command , It will display the all the commands that needs to be executed to setup openvas on the server.

After adding the PPA repository , We need to update the system.

sudo apt-get update

Then install SQLite , Which will be used as a database to store scanned results and configurations.

sudo apt-get install sqlite3

Now Lets go ahead and install openvas software using the below command.

sudo apt-get install openvas9 -y

While installing, It will ask us to configure Redis Unix socket , Choose Yes and hit Enter

After the openvas packages are installed , We need to install some of the packages.

We need to install the below packages which will help us to get the scanned reports in the PDF format.

sudo apt install texlive-latex-extra --no-install-recommends -y
sudo apt install texlive-fonts-recommended -y

After the above packages are installed , We need to install openvas-nasl tool which can be installed using libopenvas9-dev package.

The purpose of this package is to run OpenVAS NASL scripts against the target servers to check for errors.

sudo apt install libopenvas9-dev -y

And then we need to add the vulnerability data to the database by syncing with the openvas feeds.

Execute the below command to download the network vulnerability tests from OpenVAS feeds.

greenbone-nvt-sync

And also sync the security content automation protocol data and cert vulnerability data using the below commands.

greenbone-scapdata-sync
greenbone-certdata-sync

The above sync’s will take some time to complete.

After the update is done , We should restart the openvas services.

Restarting OpenVAS Services

Below are the commands to restart openvas services,

Restart OpenVAS Manager.

systemctl restart openvas-manager

Restart the OpenVAS Scanner.

systemctl restart openvas-scanner

Restart the Greenbone Security Assistant.

systemctl restart openvas-gsa

Enable them to auto start on system reboot.

systemctl enable openvas-manager
systemctl enable openvas-scanner
systemctl enable openvas-gsa

Lets check the openvas processes using the below command.

ps -ef |grep openvas

The Greenbone Security Assistant (OpenVAS Web Interface) runs on the port 4000.It can be checked using the below command.

netstat -nltp |grep gsa

We need to rebuild the OpenVAS database, so that the openvas manager can access the NVT data which we downloaded previously.

openvasmd --rebuild --progress

We are almost done installing and configuring the openvas vvulnerability scanner on ubuntu system.

Now If you Go to your browser and access http://PublicIP:4000 , You may get the below error.

The request contained an unknown or invalid Host header. If you are trying to access GSA via its hostname or a proxy, make sure GSA is set up to allow it.

To fix this issue , Go to the server , and open the below file.

vi /etc/default/openvas-gsa

You can see that the ALLOW_HEADER_HOST is commented out. Uncomment it and enter the Public IP address of the instance as shown below.

Once done , Save and Close the file.

We need to restart GSA for the changes to take effect.

systemctl restart openvas-gsa

Now If you access GSA (Greenbone Security Assistant) – http://PublicIP:4000 , You should see the following login page.

The default Username and Password to login is admin.

You can use the following command to change the password for admin.

openvasmd --user=admin --new-password=Testing@123

After login , You will see the following dashboard.

Adding Targets

To add target to the Scanner , Hover to Scans and click Tasks

You will get the following screen.

To perform immediate scanning for a host , Click Task Wizard

Then provide the IP address or Hostname of the target host and click Start Scan.

The scan will start immediately.

After the scanning is completed , You will get the scanned results in Low , Medium and High Severity.

Click the Host , Under Vulnerability , You can find the Scanned report.

To check the lists of hosts added to the Scanner , Under Configuration , Choose Targets.

We have successfully installed and configured OpenVAS Vulnerability Scanner on Ubuntu , Also we have added a host and performed a Scan for that host.

Thanks for reading.Please do check out my other blogs.