This article explains how to install OpenVAS on Kali Linux. OpenVAS (GVM) is an open-source vulnerability scanner that performs network vulnerability tests in Linux. This scanner plays a vital role in penetration testing. You can handle more than one target host at a time using OpenVAS.
OpenVAS, or Open Vulnerability Assessment System, is a pen-testing framework that uses a database to scan and test systems for vulnerabilities. The database is constantly updated and comprises a collection of known exploits and vulnerabilities. For security professionals, having a robust environment is key, which is why many choose to buy Kali Linux VPS to ensure their scanning tools have 24/7 availability and high-speed network access.
To ensure you have the latest features and security patches for OpenVAS and other tools, it's essential to keep your Kali Linux installation updated. For a step-by-step guide on updating Kali Linux, check out our how-to-update-kali-linux post.
OpenVAS consists of several core components that work together to provide a comprehensive security analysis:
- A database comprised of results and configurations
- A Scanner that runs various Network Vulnerability Tests (NVT)
- A Collection of Network Vulnerability tests (The Feed)
- A Greenbone Security Assistant: a web interface that allows you to run and manage scans in the browser
We recommend that if you want to install OpenVAS, use Kali Linux instead of CentOS or any other Linux-based distributions. The process is much smoother when installed on Kali compared to other distributions because most dependencies are pre-configured.
๐ก๏ธ System resources for OpenVAS
When using Kali Linux for any OpenVAS scanning, you should pay close attention to resource usage. Whether using a virtual machine or a bare metal, you should have the minimum CPU and memory requirements to avoid system crashes during heavy scans.
To further secure your system, you may also want to ensure that all user passwords are strong and updated regularly. Learn how to choose a strong password to enhance security measures when working with OpenVAS on Kali Linux.
| Resource | Minimum Requirement | Recommended Requirement |
| CPU | 4 Cores | 8 Cores+ |
| Memory (RAM) | 8 GB | 16 GB+ |
| Disk Space | 20 GB Free | 50 GB+ (For Logs/Reports) |
You will need significantly more resources if you plan to run multiple scans parallel to each other or if you are scanning large enterprise networks with thousands of IPs.
๐ Installing OpenVAS on Kali Linux (Legacy Method)
Before installing OpenVAS, you should update your system (You can skip this step if you have an updated system). Keeping your system fresh ensures that the apt-get command fetches the latest dependencies.
apt-get update
apt-get dist-upgrade
Now that the system is up to date, we can start the installation process for OpenVAS.
apt-get install openvas
Now that OpenVAS is installed, you will get access to the setup script. It would be best if you launched it to configure the OpenVAS for first-time use. This script will configure OpenVAS with the needed services, user accounts and the latest NVT updated from the Greenbone Community Feed.
openvas-setup
This setup is completely automated, and you will get working and up-to-date OpenVAS installation once the installation is completed. You can take a small coffee break because this takes a bit of time to install, as it downloads thousands of vulnerability signatures.
During the configuration process, you will be given a password. Note it as it will be needed to access the Greenbone Security Assistant web interface.
Now start the OpenVAS service:
openvas-start
Once the service is running, you may also want to enhance your Kali Linux experience by learning how to install additional packages; check out our guide on how to install packages in Linux for more information.
๐ GVM: An alternative method for installing OpenVAS
The main difference between this method and the above-mentioned one is the switch from 'openvas' to 'gvm' (Greenbone Vulnerability Management) rebranding. This is the method you should use for current versions of Kali Linux. Once you have the Kali Linux system up and running, first, let's go ahead and update the system:
apt-get update
apt-get upgrade
Install GVM using the following command:
apt-get install gvm*
Now run the setup program. This step will synchronize the feeds and create the admin user.
gvm-setup
Don't forget to note down the password that will be generated at the very end of the process. This will be needed to access the web interface.
If you are using the OpenVAS system as a server on a remote server, such as a Linux VPS, you need to allow remote access to the service. To do that, make the following configurations on your Firewall. This step can be avoided if you use it on your local workstation!
apt-get install ufw
ufw enable
ufw allow 80
ufw allow 9392
Now everything is set. Start the GVM service by entering:
gvm-start
๐ ๏ธ Common Errors and Solutions
You might encounter some errors when installing OpenVAS on older versions of Kali or other Debian-based distros. Depending on your system configurations, you might need to install the SQLite database or the PostgreSQL database.
- PostgreSQL Error: Often occurs if the service isn't initialized.
- Feed Sync Error: Usually caused by network interruptions or firewall blocks.
To install and start PostgreSQL:
apt-get install postgresql
service postgresql start
To install SQLite3 database:
apt-get install sqlite3
service sqlite3 start
๐ Using OpenVAS via the web interface (Greenbone Security Assistant)
The Greenbone web client can be accessed via your browser, a built-in feature with OpenVAS. Using a graphical user interface (GUI), you can log in using the user credentials and perform scans within minutes.
Before we get to the browser, let's check if the Greenbone Security Assistant Daemon (gsad) is running and listening on the correct ports. You can use the netstat command to verify this:
netstat -apn | grep LISTEN
We can continue the process if your output is similar to this one.
tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 128108/openvasmd
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 128112/gsad
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 128106/gsad
Open your browser and type https://127.0.0.1:9392 in the address bar. This will give a self-signed SSL certificate warning. You should accept this and continue to the window where you should enter the Username and Password.
Login to your dashboard using admin as the username, and for the password, use the string generated during the setup script.
๐ How to create a scan in OpenVAS?
Now that we have access to the OpenVAS web UI, let's initiate a scan task. A task in OpenVAS defines the target(s) you want to be scanned and the required scanning parameters. For simplicity, we will use the default scan options.
If you're looking to expand your Linux server capabilities beyond security, you might also find it useful to explore how to create a Linux streaming server. This can enhance your understanding of server configurations.
You can navigate the Scans menu and click on the Tasks submenu to launch a new scan.
That will launch a window allowing you to provide all relevant information for a scanning task:
- Task name: A descriptive name for your audit.
- Scan target: The host or network range.
- Schedule: When the scan should run.
Use the default settings and click on Create.
To run the task, click the play button on the bottom left of the task list. The status will change from "New" to "Requested" and then "Running".
๐ฏ How to add a target in OpenVAS?
To add new targets, navigate to the Configuration menu and select Targets.
Select the blue icon on the top left corner to start adding targets. Doing that will launch a dialogue window that allows you to add information about the target, such as:
- Target Name (e.g., Office_Network)
- The IP address or Hostname
Once you add all the relevant information about the target, you should see it listed in the targets section.
๐ฅ How do I add new users to OpenVAS?
You can add new users to OpenVAS and assign them various roles (Admin, User, Observer). To add a user or a role, go to the Administration section and click on Users. Select New and add the user information. For managing users at the OS level, you can also check our guide on how to list users in Linux.
๐ Conclusion
Congratulations on making it to this article's end and successfully installing OpenVAS. We covered the installation steps of OpenVAS on Kali Linux and how to access it via the browser. OpenVAS is a powerful tool that brings the power of cybersecurity research into your hands. You can use it to monitor devices in your network and websites on remote servers.
For those interested in further exploring the foundation of this powerful operating system, check out our article on What is Linux? to enhance your understanding of the environment in which OpenVAS operates.
If you're interested in running Kali Linux on a VPS, it can offer you enhanced flexibility and scalability for your security assessments. A VPS allows you to configure your Kali Linux environment according to your specific needs. Whether you're performing penetration testing or vulnerability scanning, having Kali Linux on a VPS can significantly streamline your workflow. When you buy linux vps, you gain a dedicated environment optimized for security tools.
If you are facing any problems with the installation, feel free to contact us through the comment section here. We will reach out to you and help.
People also read:
- How to Install SearchSploit on Kali Linux?
- How to create users in Linux?
- mkdir Command in Linux with Examples
- What Are The Easiest Ways to Create Files in Linux?
- How to Rename File in Linux?
Leave A Comment