OpenVAS 9 is the latest version of the most well-known open source vulnerability scanner. OpenVAS allows easy scanning of networks with support for a number of vulnerability feeds, both commercial and community driven. Version 9 adds to the list of features and, above all, includes a newer interface with a reduced chance of making your eyeballs bleed.
Here’s my rough, but pretty ready, guide on how to install OpenVAS 9 on to Ubuntu 16.04.2 LTS (Long Term Support).
- Install Ubuntu 16 LTS in your VM of choice. OpenVAS is processor intensive so the more oompf you can give it the better.
- Once it’s ready, update your sources and apply any upgrades to the OS, with a reboot for good measure.
123sudo apt-get updatesudo apt-get upgradesudo reboot
- Install the requirements for OpenVAS 9.
Shell123sudo apt-get install python-software-propertiessudo apt-get install sqlite3sudo apt-get install software-properties-common
- Next you’ll need to add the OpenVAS source to your list of apt sources and tell apt to update it’s uber-database.
Shell12sudo add-apt-repository ppa:mrazavi/openvassudo apt-get update
- Now we get serious and get OpenVAS settled in to place.
MS DOS1sudo apt-get install openvas9
- With OpenVAS in place we need to make sure that its feeds are up to date. This is where you go and get a cup of tea as this can take 30 mins or more.
MS DOS123sudo greenbone-nvt-syncsudo greenbone-scapdata-syncsudo greenbone-certdata-sync
- With the feeds in place lets just be cautious and restart the scanner and manager services and also rebuild the OpenVAS databases. I’m not sure if this is still needed in v9, but hey-ho, let’s roll with it.
MS DOS123sudo service openvas-scanner restartsudo service openvas-manager restartsudo openvasmd --rebuild --progress
- The following two lines are needed for PDF reporting. We’ll install the texlive bits and also the font kit. If you are seeing blank PDF reports in OpenVAS 9 then it’s likely you’ve missed the font kit line below.
MS DOS12sudo apt-get install texlive-latex-extra --no-install-recommendssudo apt-get install texlive-fonts-recommended
- Install the OpenVAS 9 dev stuff if you need to.
MS DOS1sudo apt-get install libopenvas9-dev
- With OpenVAS now running on your box you need to just allow TCP port 4000 through the firewall. If you haven’t already enabled it then you should, so lets do that now.
MS DOS123sudo ufw allow sshsudo ufw allow 4000/tcpsudo ufw enable
- So, with OpenVAS ready, the firewall suitably firewalled, you can point your browser to https://serverip:4000 and log in with the user admin and password admin.
If you can see anything I might have missed then let me know in the comments section below.