Basic Tutorial: OpenVAS Vulnerability Scanning

OpenVAS is a free and open-source network assessment vulnerability scanner. It helps in identifying outdated network services, missing security patches, badly configured servers, and other vulnerabilities. Click Here if you are interested in learning Top Vulnerability Scanning Tool ZAP. This blog covers the installation of OpenVAS and how to scan IT systems using this tool. This blog uses the Kali Linux distro which is quite a popular operating system among security professionals.

Installation

While installing OpenVAS, just remember to allocate at least 4 GB of memory to a virtual machine of Kali Linux.

Step 1: Update

First, update the Kali system

sudo apt update

The below command takes more time if you have not upgraded your system for a while. In my case, it takes around 20 minutes to complete this system. While upgrading, you can check some snacks in your kitchen.

sudo apt dist-upgrade

Step 2: Install Openvas

sudo apt install openvas

Step 3: Setup script of OpenVAS

openvas-setup

How to set up OpenVAS

Just select OpenVAS initial setup option from Menu. Open a browser and enter the below URL. While opening the URL, some errors related to the self-signed certificate. As of now, you can ignore those errors.

https://localhost:<port>

You can log in by using the admin username and password you can identify while setup the tool.

How to initiate the first scan

After login OpenVAS, Open Task Wizard and enter the target IP or target hostname.

You can initiate an advanced scan also by using Advanced Task Wizard. You can enter Task Name, Scan Config, Target Host, Start Time, SSH credential (if available), SMB credential (if available), Email (if needed).

Uninstallation

Use the below command for uninstallation:

sudo apt-get remove openvas

Remove dependencies also

sudo apt-get remove --auto-remove openvas

Conclusion

OpenVAS is a vulnerability scanner tool that helps in analyzing vulnerabilities in IT infrastructure. But currently, it is not maintained and may be outdated. You can use other tools such as Nessus, Lynis to assess the system for vulnerabilities.

Subscribe us to receive more such articles updates in your email.

If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!

Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

10 Blockchain Security Vulnerabilities OWASP API Top 10 - 2023 7 Facts You Should Know About WormGPT OWASP Top 10 for Large Language Models (LLMs) Applications Top 10 Blockchain Security Issues