Vulnerability scanning is a crucial phase of a penetration test. Having an updated vulnerability scanner in your security toolkit can often make a real difference by allowing you to spot overlooked vulnerable elements. For this reason, the latest and newly released OpenVAS tool and libraries for Kali Linux have been manually packaged. How to install OpenVas on Kali Linux will be demonstrated below.
Unless you have already done so, make sure that the Kali Linux is up to date and install the latest OpenVAS. When finished, run the openvas-setup command to configure OpenVAS. You automatically download the latest rules, create admin users, and start the various services. Depending on bandwidth and computer resources, this may take a while.
root@kalilinux:~# apt-get update
root@kalilinux:~# apt-get -y dist-upgrade
root@kalilinux:~# apt-get -y install openvas
[i] This script synchronizes an NVT collection with the 'OpenVAS NVT Feed'.
[i] Online information about this feed: 'http://www.openvas.org/openvas-nvt-feed
sent 1143 bytes received 681741238 bytes 1736923.26 bytes/sec
total size is 681654050 speedup is 1.00
[i] Initializing scap database
[i] Updating CPEs
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2002.xml
[i] Updating /var/lib/openvas/scap-data/nvdcve-2.0-2003.xml
Write out database with 1 new entries
Data Base Updated
Restarting Greenbone Security Assistant: gsad.
User created with password '6062d074-0a4c-4de1-a26a-5f9f055b7c88'.
When openvas-setup is done with its process, you should test if the OpenVAS Manager, Scanner and GSAD services are running:
root@kalilinux:~# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 9583/openvasmd
tcp 0 0 127.0.0.1:9391 0.0.0.0:* LISTEN 9570/openvassd
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 9596/gsad
Once OpenVAS is configured, you can start all necessary services by running openvas-start.
Starting OpenVas Services
Starting Greenbone Security Assistant: gsad.
Starting OpenVAS Scanner: openvassd.
Starting OpenVAS Manager: openvasmd.
If you need to fix problems, you can use openvas-check-setup to identify the problem.
Enter your browser 127.0.0.1 and accept the self-signed SSL certificate, then log in with the credentials for the administrator. The administrator password was generated during the setup phase (see the above issue if you missed it). You can customize the password for the user admin under "Administration => Users".
Now OpenVAS is ready for the deployment to configure it and run a scan for a specific IP or range. Happy Vulnerability Scanning!