OpenVAS Installation Tutorial on Kali Linux: Your Pentesting Guide

Getting OpenVAS, also known as Greenbone Vulnerability Management (GVM), up and running on Kali Linux involves installing the GVM package, initializing its services, updating the vulnerability feeds, and creating an administrative user to access its web interface. For pentesters and red teamers, OpenVAS is a crucial tool for identifying network and system vulnerabilities, offering a comprehensive scanning engine that’s vital for reconnaissance phases and OSCP exam preparation. I'll walk you through the entire process, sharing the practical steps I follow in my own labs to get this powerful scanner deployed and ready for action.

Understanding OpenVAS: A Core Vulnerability Scanner for Pentesters

When you're staring down a target network, knowing where the weaknesses lie is half the battle. That's exactly where a robust vulnerability scanner like OpenVAS comes in. It's a cornerstone of any serious pentesting toolkit, helping you map out potential entry points and prioritize your attack vectors.

What is OpenVAS and How Does It Work?

OpenVAS, now primarily referred to as Greenbone Vulnerability Management (GVM), is an open-source framework of several services and tools that combine to create a powerful vulnerability scanning and management solution. At its heart, GVM uses a regularly updated feed of Network Vulnerability Tests (NVTs) to detect security flaws in target systems. Think of these NVTs as signatures for vulnerabilities. When you point GVM at an IP address or a range, it checks those systems against its massive database of known weaknesses, ranging from misconfigurations to missing patches and exploitable services.

The process typically involves a scanner (openvas) that performs the actual vulnerability checks, a manager (gvmd) that handles tasks and results, and a web interface (Greenbone Security Assistant - GSA) that lets you control everything from your browser. This modular design makes GVM incredibly flexible and scalable for different environments.

Why Choose OpenVAS for Your Pentesting Toolkit?

From my experience, OpenVAS offers a significant bang for your buck – or rather, for your time, since it's free. Here's why I often recommend it:

• Comprehensive Coverage: It boasts a vast and frequently updated database of NVTs, meaning it can detect a wide array of vulnerabilities across various operating systems, applications, and network devices.
• Cost-Effective: Being open-source, it costs nothing to acquire, making it perfect for budget-conscious labs or independent pentesters.
• Customization: You can create custom scan policies, target specific vulnerability types, and even perform authenticated scans for deeper insights into internal system configurations.
• Report Generation: GVM provides detailed reports that are incredibly useful for documenting findings, a crucial part of any pentest and especially important for the OSCP exam.
• Integration with Kali: It's readily available in Kali Linux repositories, making installation relatively straightforward compared to compiling from source.

Key Takeaway: OpenVAS (GVM) isn't just a scanner; it's a comprehensive vulnerability management platform. Its open-source nature, extensive NVT database, and integration with Kali Linux make it an indispensable tool for identifying and documenting system weaknesses, which is crucial for successful pentesting and OSCP preparation.

OpenVAS vs. Nessus: A Quick Look for Kali Users

Often, I get asked, "Should I use OpenVAS or Nessus?" Both are excellent vulnerability scanners, but they cater to slightly different needs and budgets. Here's a quick comparison to help you decide for your specific use case, especially if you're working on Kali Linux.

For a deeper dive into Nessus, you might find my Nessus Tutorial Kali: Your Ultimate Guide to Vulnerability Scanning helpful. Both tools have their place, but for the OSCP, OpenVAS provides all the functionality you'll typically need to identify vulnerabilities without incurring costs.

Prerequisites for OpenVAS Installation on Kali Linux

Before you jump into installing OpenVAS, it's critical to ensure your Kali Linux environment is properly prepared. Skipping these steps can lead to headaches and failed installations later on. Trust me, I've learned this the hard way more times than I care to admit.

Kali Linux System Requirements for OpenVAS

While OpenVAS can technically run on modest hardware, for a smooth experience, especially when scanning larger networks or running multiple scans, you'll want decent resources. Here's what I recommend:

• RAM: Minimum 4GB, but 8GB or more is highly recommended. GVM services, especially the database, can be quite memory-hungry.
• CPU: At least 2 cores, 4 cores or more will significantly speed up scan times.
• Disk Space: A minimum of 40GB free space. The vulnerability feeds (NVTs, SCAP, CERT) grow constantly and can consume a lot of space. I usually allocate 80GB-100GB to be safe.
• Operating System: A recent, fully updated Kali Linux installation. This tutorial assumes you're running Kali 2023.x or newer. If you're new to Kali, check out my Kali Linux Tutorial for Beginners for a solid foundation.

Essential System Updates Before Installing OpenVAS

This step is non-negotiable. Always, always update your Kali system before installing major new software. It ensures you have the latest packages, dependencies, and security patches, which prevents conflicts and potential vulnerabilities down the line.

1. Update your package lists:

   sudo apt update

   This command fetches the latest information about available packages from the repositories.

2. Upgrade installed packages:

   sudo apt full-upgrade -y

   This command upgrades all your installed packages to their newest versions. The full-upgrade option also handles dependency changes and removes obsolete packages, which is crucial. The -y flag automatically confirms any prompts.

3. Reboot (if necessary):

   sudo reboot

   If the kernel or core system components were updated, a reboot is essential to ensure everything is running on the latest versions.

Key Takeaway: Sufficient system resources and a fully updated Kali Linux are foundational for a successful and stable OpenVAS installation. Don't skimp on RAM or disk space, and never skip the apt full-upgrade.

Step-by-Step OpenVAS Installation and Setup on Kali

Alright, let's get our hands dirty. The installation process for OpenVAS (GVM) on Kali Linux has become much more streamlined over the years, thanks to dedicated Kali packages and a helpful setup script. Follow these steps precisely to get your scanner online.

Installing the Greenbone Vulnerability Management (GVM) Package

Kali Linux includes the Greenbone Vulnerability Management (GVM) suite directly in its repositories. This makes installation a breeze.

1. Install the GVM meta-package:

   sudo apt install gvm -y

   This command installs the main GVM package along with all its necessary dependencies, including the scanner, manager, and web interface components.

Initial GVM Setup and Service Configuration

After installation, you need to run a setup script that initializes the database, creates necessary directories, and performs some initial configurations. This script is paramount for GVM to function correctly.

1. Run the GVM setup script:

   sudo gvm-setup

   This script can take a considerable amount of time, often 15-30 minutes or more, depending on your internet speed and system resources. It downloads the initial vulnerability feeds (NVTs, SCAP, CERT), builds the NVT cache, and configures the PostgreSQL database. Be patient; let it complete without interruption.

   During this process, it might prompt you for a password for a new administrative user. Make sure to note this down carefully.

2. Verify GVM services are running:

   sudo gvm-check-setup

   Once gvm-setup finishes, run this command. It performs a series of checks to ensure all GVM components are properly installed and running. You should see output indicating that all checks passed. If any checks fail, the output usually provides hints on what went wrong.

   For instance, if you see issues with the OpenVAS scanner or GVM manager, you might need to restart services: sudo systemctl restart greenbone-vulnerability-manager.service openvas-scanner.service.

Updating the OpenVAS NVT, SCAP, and CERT Feeds

The strength of OpenVAS lies in its constantly updated feeds. The gvm-setup command performs an initial download, but you'll need to keep them current. This often happens automatically, but it's good to know how to trigger it manually.

1. Manually update the feeds (if needed):

   sudo greenbone-feed-sync --type GVMD_DATA

   sudo greenbone-feed-sync --type SCAP

   sudo greenbone-feed-sync --type CERT

   sudo greenbone-feed-sync --type NVT

   These commands sync the respective feeds. The NVT sync (the last one) is the most critical and often the largest. Again, these can take a while, especially the first time or if you haven't updated in a while. Running gvm-setup handles all of these, so manual syncing is usually for maintenance or troubleshooting.

Creating an Admin User for Your OpenVAS Web Interface

The gvm-setup script creates an initial admin user with a randomly generated password. You need this password to log into the GSA web interface.

1. Get the initial admin password:

   sudo cat /var/lib/gvm/tmp/openvas_admin_password.txt

   This command will display the randomly generated password for the admin user. Copy this password carefully.

   Alternatively, you can manually create a user and set a password if the script didn't generate one or if you prefer a different user:

   sudo gvmd --create-user=myadmin --password=MyStrongPassword123!

   Remember to replace myadmin and MyStrongPassword123! with your desired username and a strong password.

Troubleshooting Common OpenVAS Installation Issues

Even with the streamlined process, you might encounter bumps. Here are a few common ones and their fixes:

• "Service not starting" or "connection refused":

  This often means one of the GVM services (gvmd or openvas) isn't running. Check their status:

  sudo systemctl status greenbone-vulnerability-manager.service

  sudo systemctl status openvas-scanner.service

  If they're not active, try restarting them:

  sudo systemctl restart greenbone-vulnerability-manager.service openvas-scanner.service

  Give them a minute or two to start up fully.

• "Feed synchronization failing/slow":

  Ensure you have a stable internet connection. Sometimes, the Greenbone feed servers can be slow. Try running the greenbone-feed-sync commands individually, as mentioned above. If it consistently fails, check your DNS settings or firewall rules.

• "GVM-check-setup fails":

  Read the output carefully. It usually tells you exactly what's wrong. Common issues include permissions problems (usually fixed by reinstalling or re-running gvm-setup), services not running, or missing components. Sometimes, a full system reboot after gvm-setup can resolve lingering issues.

• "No hosts found" or "no results":

  This usually isn't an installation issue but a scan configuration problem. Double-check your target IP addresses, scan task settings, and ensure your Kali machine can reach the target network.

Key Takeaway: The gvm-setup script is your best friend for a smooth OpenVAS installation. Patiently await its completion, verify with gvm-check-setup, and always retrieve that admin password. Troubleshooting often comes down to service status and feed syncs.

Your First OpenVAS Scan: From Target to Report

With OpenVAS installed and configured, the real fun begins: scanning for vulnerabilities. This section will guide you through setting up your first scan using the Greenbone Security Assistant (GSA) web interface.

Accessing the OpenVAS Greenbone Security Assistant (GSA) Web Interface

The GSA is your command center for OpenVAS. It's a web application that runs locally on your Kali machine.

1. Start the GSA service (if not already running):

   sudo systemctl start greenbone-security-assistant.service

   The gvm-setup script usually starts all services, but it's good to know how to start it manually.

2. Open your web browser:

   Navigate to https://127.0.0.1:9392 or https://localhost:9392. You'll likely encounter a browser warning about a self-signed certificate. You'll need to accept the risk and proceed.

3. Log in:

   Use the admin username and the password you retrieved earlier from /var/lib/gvm/tmp/openvas_admin_password.txt (or your custom user/password).

Once logged in, you'll see the GSA dashboard, which provides an overview of your scans and tasks.

Configuring a Target and Scan Task in OpenVAS

Scanning in OpenVAS involves two main components: defining a target (what you want to scan) and creating a scan task (how you want to scan it).

1. Define a New Target:
   • Go to Configuration > Targets.
   • Click the "New Target" icon (a star or a document with a plus sign).
   • Give it a meaningful Name (e.g., "MyTestServer").
   • Enter the Hosts you want to scan (IP addresses, CIDR ranges, or hostnames).
   • Under Port List, select "All IANA assigned TCP and UDP ports" for comprehensive coverage, or a more specific list if you know what you're looking for.
   • Leave other settings as default for your first scan, or explore options like SSH/SMB credentials for authenticated scans (highly recommended for deeper vulnerability discovery).
   • Click "Save."
2. Create a New Scan Task:
   • Go to Scans > Tasks.
   • Click the "New Task" icon.
   • Give the task a Name (e.g., "Full Scan MyTestServer").
   • Under Scan Config, choose "Full and fast" for a good balance, or "Full and deep" for a very thorough (but longer) scan.
   • Select the Target you just created from the dropdown list.
   • Ensure "Scanner" is set to "OpenVAS Default."
   • You can schedule scans under Schedule or run them immediately.
   • Click "Save."
3. Start the Scan:
   • Back on the Scans > Tasks page, find your newly created task.
   • Click the "Play" icon (a green triangle) next to your task to start it.
   • The status will change from "New" to "Requested," then "Running." You can refresh the page to see progress.

Interpreting OpenVAS Scan Results and Prioritizing Vulnerabilities

Once your scan completes (it could take minutes to hours depending on the target and scan configuration), it's time to analyze the results.

1. View the Results:
   • Go to Scans > Results.
   • You'll see a list of vulnerabilities found, typically sorted by severity.
   • Click on a vulnerability to see detailed information, including a description, solution, severity score (CVSS), and references.
2. Understand Severity Levels:

   OpenVAS uses a severity scale (often 0-10, based on CVSS) to help you prioritize. Focus on High (7.0-8.9) and Critical (9.0-10.0) vulnerabilities first. These represent the most significant risks.

3. Generate Reports:
   • From the Scans > Tasks page, click the "Report" icon (a document with an arrow) next to a completed task.
   • Choose your desired report format (e.g., PDF, XML). PDF is great for human readability, while XML is useful for parsing with other tools.
   • Click "Download."

The reports provide a detailed breakdown of all findings, which is invaluable for documenting your pentest process, especially for something like the OSCP where thorough reporting is expected. When I'm working on an OSCP lab machine, an OpenVAS scan report is often my first step after initial enumeration. It quickly highlights low-hanging fruit and guides my further exploitation efforts. For more on the OSCP, you can refer to my Mastering OSCP Exam Preparation guide.

Practical Tips for Effective OpenVAS Scanning

To get the most out of OpenVAS, consider these tips:

• Authenticated Scans: Whenever possible, perform authenticated scans. Provide SSH credentials for Linux targets or SMB/Windows credentials for Windows targets. This allows OpenVAS to log in and check for vulnerabilities that aren't externally exposed, like missing patches or insecure configurations.
• Custom Scan Policies: Don't always stick to "Full and fast." For specific scenarios, create custom scan configurations that target particular families of NVTs (e.g., only web application tests, or only operating system checks). This saves time and focuses your efforts.
• Small Scans First: For larger networks, start with smaller, less intrusive scans (e.g., just port scanning or a very light NVT set) to understand the landscape before launching a full, deep scan.
• Avoid Production Systems (Initially): While OpenVAS is generally safe, aggressive scans can sometimes destabilize older or poorly configured systems. Always get explicit permission and start with non-production environments or isolated lab machines.

Key Takeaway: OpenVAS scans provide a wealth of information. Focus on high-severity findings first, use authenticated scans for deeper insights, and leverage custom scan policies to optimize your reconnaissance efforts. Detailed reports are crucial for documenting your findings.

Maintaining Your OpenVAS Installation on Kali

Like any sophisticated tool, OpenVAS requires a bit of ongoing maintenance to remain effective. Neglecting it means you'll miss new vulnerabilities or encounter performance issues. It’s a routine I always stick to.

Regular Feed Updates for OpenVAS

The vulnerability feeds are the lifeblood of OpenVAS. New vulnerabilities are discovered daily, and if your feeds aren't current, your scanner won't find them.

• Automatic Updates: Kali Linux usually configures GVM to update its feeds automatically. You can check the status of these services:

  sudo systemctl status greenbone-feed-sync.timer

  If it's enabled and running, your feeds should be updating regularly.

• Manual Updates: If you suspect your feeds are out of date or want to force an update, you can run the sync commands manually:

  sudo greenbone-feed-sync --type GVMD_DATA

  sudo greenbone-feed-sync --type SCAP

  sudo greenbone-feed-sync --type CERT

  sudo greenbone-feed-sync --type NVT

  I typically run these once a week in my lab, especially before starting a new assessment.

Upgrading Your OpenVAS GVM Installation

Since GVM is part of the Kali Linux repositories, upgrading it is as simple as upgrading your entire Kali system.

1. Update and Upgrade Kali:

   sudo apt update && sudo apt full-upgrade -y

   This command will fetch the latest versions of all installed packages, including GVM components.

2. Run gvm-check-setup after upgrade:

   sudo gvm-check-setup

   After a major upgrade, it's always a good idea to run this script to ensure all components are still configured correctly and running as expected.

Security Best Practices for Your OpenVAS Server

Your OpenVAS scanner is a powerful tool, but it also has access to sensitive network information. Protect it!

• Strong Passwords: Always use strong, unique passwords for the GSA admin user.
• Restrict Access: By default, GSA listens on 127.0.0.1 (localhost), meaning only your Kali machine can access it. Do NOT expose the GSA web interface directly to the internet. If you need remote access, use a secure VPN or SSH tunneling.
• Keep Kali Updated: Regularly update your entire Kali Linux system, not just GVM. This ensures the underlying OS and all other tools are patched against known vulnerabilities.
• Backup: While not strictly an OpenVAS function, regularly back up your Kali VM or system, especially if you've done extensive customization or have critical reports.

Maintaining your OpenVAS installation is crucial for its effectiveness. A scanner with outdated feeds is like a detective using an old phone book – it's going to miss a lot of important leads. Regular updates and good security practices ensure OpenVAS remains a reliable asset in your pentesting arsenal.

You've successfully navigated the complexities of OpenVAS installation on Kali Linux. This tool will become an invaluable asset in your pentesting and red teaming efforts, providing deep insights into target vulnerabilities. Remember, installation is just the first step; consistent practice and continuous learning are key to truly mastering any pentesting tool. Go forth and scan responsibly!

Frequently Asked Questions

What is the difference between OpenVAS and GVM?

OpenVAS (Open Vulnerability Assessment System) was the original name for the open-source vulnerability scanner. It is now part of the broader Greenbone Vulnerability Management (GVM) framework. So, GVM is the complete suite, and OpenVAS refers specifically to the scanning engine within GVM. Most current Kali installations and documentation refer to it as GVM.

How long does OpenVAS installation take on Kali Linux?

The actual installation of the gvm package is quick, usually a few minutes. However, the subsequent sudo gvm-setup script, which downloads and initializes the extensive vulnerability feeds (NVTs, SCAP, CERT) and configures the database, can take anywhere from 15 minutes to over an hour, depending on your internet speed and system resources. Be patient during this crucial step.

Can OpenVAS detect zero-day vulnerabilities?

No, OpenVAS primarily detects known vulnerabilities by comparing target system information against its database of Network Vulnerability Tests (NVTs). It relies on signatures and definitions of already discovered flaws. Zero-day vulnerabilities are, by definition, unknown to the public and therefore won't be in the NVT feed until they are discovered and added.

Is OpenVAS suitable for OSCP exam preparation?

Absolutely. OpenVAS is an excellent tool for OSCP exam preparation. It helps you quickly identify common vulnerabilities on target machines, providing a solid starting point for your exploitation efforts. While the OSCP emphasizes manual exploitation, using a scanner like OpenVAS for initial reconnaissance is a realistic and permitted part of a pentest methodology.