Vulnerability scanning is a crucial stage of a penetration assay out together with having an updated vulnerability scanner inward your safety toolkit tin give notice oft brand a existent divergence past times helping you lot uncovering overlooked vulnerable items. For this reason, we’ve manually packaged the latest together with newly released OpenVAS 8.0 tool together with libraries for Kali Linux. Although aught major has changed inward this unloosen inward price of running the vulnerability scanner, I wanted to give a quick overview on how to Install, setup, configure together with run OpenVAS on Kali Linux
Setting upwards Kali for installing OpenVAS
If you lot haven’t already, brand certain your Kali is up-to-date together with install the latest OpenVAS. Once done, run the openvas-setup ascendancy to setup OpenVAS, download the latest rules, practise an admin user, together with kickoff upwards the diverse services. Depending on your bandwidth together with calculator resources, this could convey a while.
root@kali: # apt-get update && apt-get dist-upgrade -y
root@kali: # reboot
After the reboot has completed, you lot necessitate to opened upwards concluding in 1 lawsuit again together with install OpenVAS.
root@kali: # apt-get install openvas -y
This should convey some fourth dimension every bit the install is some 81.6MB assuming that none of the per-requisitities were e'er installed. Sit dorsum together with maintain reading this conduct piece the installation continues.
After the installation is finished, you lot necessitate to run openvas-setup. This in 1 lawsuit again volition convey a VERY long fourth dimension every bit at this signal it volition download a lot of CVE, sync NVT’s, Vulnerabilities etc. This procedure also generates a certificate for HTTPS login to OpenVAS gui.
root@kali: # openvas-setup
[>] Checking redis.conf
[*] Editing redis.conf
[>] Checking openvassd.conf
[*] Adding to openvassd.conf
[>] Restarting redis-server
[>] Checking OpenVAS certificate infrastructure
ERROR: Directory for keys (/var/lib/openvas/private/CA) non found!
ERROR: CA telephone commutation non found inward /var/lib/openvas/private/CA/cakey.pem
[*] Creating OpenVAS certificate infrastructure
Installed someone telephone commutation to /var/lib/openvas/private/CA/clientkey.pem.
Installed certificate to /var/lib/openvas/CA/clientcert.pem.
[>] Updating OpenVAS feeds
[*] [1/3] Updating: NVT
--2018-03-08 03:00:45-- http://dl.greenbone.net/community-nvt-feed-current.tar.bz2
Resolving dl.greenbone.net (dl.greenbone.net)... 89.146.224.58, 2a01:130:2000:127::d1
Connecting to dl.greenbone.net (dl.greenbone.net)|89.146.224.58|:80... connected.
HTTP asking sent, awaiting response... 200 OK
Length: 34536678 (33M) [application/octet-stream]
Saving to: ‘/tmp/greenbone-nvt-sync.dsrKn1A33f/openvas-feed-2018-03-08-4271.tar.bz2’
/tmp/greenbone-nvt- 100%[===================>] 32.94M 2.46MB/s inward 13s
...
...
...
2018/adobe/
2018/adobe/gb_adobe_flash_player_within_chrome_apsb18-01_lin.nasl
2018/adobe/gb_adobe_acrobat_dc_classic_apsb17-36_macosx.nasl.asc
2018/adobe/gb_adobe_acrobat_reader_2017_apsb18-02_macosx.nasl.asc
2018/adobe/gb_adobe_flash_player_within_chrome_apsb18-01_lin.nasl.asc
2018/adobe/gb_adobe_acrobat_dc_cont_apsb18-02_macosx.nasl
...
...
...
...
Mar 08 03:04:15 kali systemd[1]: Starting Open Vulnerability Assessment System Manager Daemon...
[*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1...
[>] Checking for admin user
[*] Creating admin user
User created amongst password 'e432aa97-2fd3-4c1b-8c16-1166cbd19d70'.
[+] Done
Checking for OpenVAS ports
Once openvas-setup completes its process, the OpenVAS manager, scanner, together with GSAD services should last listening:
root@kali: # root@kali: # netstat -antp
Active Internet connections (servers together with established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program rear
tcp 0 0 127.0.0.1:80 0.0.0.0:* LISTEN 4782/gsad
tcp 0 0 127.0.0.1:9392 0.0.0.0:* LISTEN 4774/gsad
tcp 0 0 127.0.0.1:9390 0.0.0.0:* LISTEN 4776/openvasmd
root@kali: #
Note those ports? 9392 is for WebGUI/OpenVAS Web Interface.
Checking OpenVAS services
Most guides including the official guides would enjoin to run openvas-start but I found it useful to run openvas-check-setup earlier launching OpenVAS exactly inward instance something went missing. For example, inward my setup; banking concern annotation that this is a FRESH Kali Installation amongst Fresh OpenVAS Installation, I found 1 fault almost greenbone-scapdata-sync.
root@kali: # openvas-check-setup
openvas-check-setup 2.3.7
Test completeness together with readiness of OpenVAS-9
Please study us whatsoever non-detected problems and
assist us to better this banking concern fit routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
...
...
...
ERROR: No OpenVAS SCAP database found. (Tried: /var/lib/openvas/scap-data/scap.db)
FIX: Run a SCAP synchronization script similar greenbone-scapdata-sync.
ERROR: Your OpenVAS-9 installation is non all the same complete!
Please follow the instructions marked amongst FIX inward a higher house together with run this
script again.
If you lot mean value this effect is wrong, delight study your observation
and assist us to better this banking concern fit routine:
http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
Please attach the log-file (/tmp/openvas-check-setup.log) to assist us analyze the problem.
The fix is given inward the fault every bit well, uncomplicated run greenbone-scapdata-sync together with it volition sync OpenVAS SCAP database files.
root@kali: # greenbone-scapdata-sync
OpenVAS community feed server - http://www.openvas.org/
This service is hosted past times Greenbone Networks - http://www.greenbone.net/
All transactions are logged.
If you lot get got whatsoever questions, delight piece of job the OpenVAS mailing lists
or the OpenVAS IRC chat. See http://www.openvas.org/ for details.
By using this service you lot grip to our price together with conditions.
Only 1 sync per time, otherwise the source ip volition last blocked.
receiving incremental file list
./
nvdcve-2.0-2005.xml
18,282,318 100% 3.05MB/s 0:00:05 (xfr#1, to-chk=76/89)
...
...
...
oval/5.10/org.mitre.oval/v/family/windows.xml.asc
181 100% 0.34kB/s 0:00:00 (xfr#68, to-chk=0/89)
sent 10,379 bytes received 884,066,503 bytes 2,847,268.54 bytes/sec
total size is 926,410,667 speedup is 1.05
part 0 Done
part 1 Done
part 0 Done
part 1 Done
/usr/sbin/openvasmd
I get got a actually fast Internet connection, but this took some time! However later on it finished, I ran openvas-check-setup in 1 lawsuit again to ensure there’s to major errors.
root@kali: # openvas-check-setup
...
...
It seems similar your OpenVAS-9 installation is OK.
This fourth dimension it came dorsum every bit OK. There were few warnings, if you lot desire you lot tin give notice follow upwards on those.
Starting OpenVAS services
Now that we’ve configured OpenVAS, updated all NVT’s together with Scrap Databases, nosotros tin give notice launch OpenVAS. You tin give notice exactly kickoff all the necessary services past times running openvas-start. 
root@kali: # openvas-start
[*] Please hold off for the OpenVAS services to start.
[*]
[*] You mightiness necessitate to refresh your browser in 1 lawsuit it opens.
[*]
[*] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392
● greenbone-security-assistant.service - Greenbone Security Assistant
Loaded: loaded (/lib/systemd/system/greenbone-security-assistant.service; disabled; vendor preset: disabled)
[*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1...
Setup OpenVAS User concern human relationship together with changing password
Remember the long password that was auto-created for admin user past times default? You don’t? Neither practise I!
I exactly experience that it’s a lot easier to laid a manual password together with practise a novel user from CLI. You tin give notice practise that too: 
root@kali: #
root@kali: # openvasmd --create-user=blackmore
User created amongst password '19c29356-c59e-481a-8c3d-80225f80302b'.
root@kali: # openvasmd --create-user=blackmoreops
User created amongst password 'b4f70c8b-1c45-442d-a41b-b87b24f473b6'.
root@kali: #
root@kali: # openvasmd --user=blackmoreops --new-password=operations1
root@kali: # openvasmd --user=admin --new-password=administrator1
root@kali: # openvasmd --user=blackmore --new-password=operations1
root@kali: #
root@kali: # openvasmd --get-users
admin
blackmore
blackmoreops
root@kali: #
Connecting to the OpenVAS Web Interface
Point your browser to https://127.0.0.1:9392, convey the self signed SSL certificate together with plugin the credentials for the admin user.
The admin password was generated during the setup phase. We’ve changed it but if you lot haven’t expect through the outputs of exactly reset it.
Type inward Admin username together with password or 1 of the novel users you’ve setup together with bang, you’re in.
OpenVAS is straight off fix for you lot to configure a scan-config together with run a scan against a given IP or range. You are going to dearest that part!
