As a cybersecurity professional, having an effective vulnerability scanning tool is essential for identifying security flaws in your systems before attackers do. OpenVAS is one of the most powerful open source vulnerability scanners available today. Originally a fork of Nessus when it switched to closed source, OpenVAS provides comprehensive threat identification capabilities rivaling commercial scanners.
In this expert guide, I will walk through installing OpenVAS on Ubuntu Linux and leveraging its sophisticated scanning features to audit your systems‘ security.
Installing OpenVAS – Prerequisites and Setup
OpenVAS requires a few packages to enable all capabilities. As a penetration testing framework, some optional components like Metasploit integration are also available. We will focus our installation on the core scanning capabilities.
The main packages we need to install first are:
- OpenVAS scanner and associated utilities
- OpenVAS manager
- Certdata to classify vulnerabilities accurately
- Plugins and Network Vulnerability Tests (NVTs)
First, edit the apt sources list:
This ensures we pull packages from the appropriate repository. Next, update and install the OpenVAS scanner:
Follow the prompts to configure database settings and initialization routines.
With the core packages installed, we need to download vulnerability tests and signatures:
This can take awhile depending on connection speeds. Once completed, restart the OpenVAS services:
service openvas-scanner restart
service openvas-manager restart Finally, rebuild the vulnerability database:
openvasmd --rebuild --progressThis compiles all vulnerability tests made available by the downloads earlier into an optimized database format readable by OpenVAS.
Verifying Installation and Web Interface
To validate everything works correctly, connect to the web interface at https://localhost:4000. You may see SSL errors, which you can safely ignore for now.
Log in with the default admin/admin credentials. Before proceeding to configure targets and scans, I recommend customizing user accounts under Configuration > Users for enhanced security.
Now OpenVAS is fully installed and ready to perform vulnerability scans.
Configuring Targets
The first step to scanning anything is defining targets. Under the Configuration menu, choose Targets and click the "+" icon to add one:
You can specify targets by IP address, hostname, network segment, or import lists of assets from a file. Exclude filters are also available to ignore certain systems when defining larger netblocks.
Some key options:
Reverse Lookup – Resolve hostnames from IPs. Useful for network discovery.
Alive Test – Ping systems before scanning. May miss some hosts due to firewall policies.
Credentials – Specify admin credentials to enable local checks for vulnerabilities like weak passwords.
For now, let‘s just define a single IP address target:
Repeat the process to add any other IPs or ranges you want to scan. Complex target definitions take some practice to master fully.
Launching Your First Scan
Under Scans > Tasks, create a new vulnerability scan task with the green "+" button.
Choose a descriptive name and your desired target(s). You can tune many aspects of the scan behavior, but we‘ll use defaults for now.
Launch the scan by clicking the green play button on the toolbar. Progress bars will display counts of detected vulnerabilities.
Depending on scan options, completion can take anywhere from a few minutes to hours for comprehensive tests. Results will be stored under Scans > Dashboard when finished.
Analyzing Scan Results
From the dashboard, click on your recent scan to view and analyze the results:
Grouped bars give high level visibility into the detected vulnerabilities by severity. You can drill down into specific hosts and vulnerabilities.
Remediation recommendations provide starting points to close the security gaps. As with any automated scanner, some amount of false positives exist, so verify impact before investing effort into fixes.
For audit tracking or integration into other systems, scan reports can also be exported in standard formats like XML.
And that‘s it! In about 30 minutes we installed OpenVAS, configured targets, executed vulnerability scans, and inspected the results. This foundations empower you to take full advantage of OpenVAS to bolster the security posture of your systems.
Customizing OpenVAS Beyond the Basics
While running basic network vulnerability scans is straightforward, OpenVAS has numerous advanced capabilities that can be layered on to tailor it to your specific environment and use cases.
A few ideas to explore:
- Authenticate scans with supplied credentials to find privilege escalation risks.
- Tune scan policies for fewer false positives or maximum thoroughness.
- Trigger email alerts when specific high risks are detected.
- Schedule regular scans to run automatically.
- Correlate OpenVAS findings with other security tools via API integration.
Mastering OpenVAS takes time given its breadth of configuration options. The built-in auditing and reporting gives excellent visibility into what is has tested, making the configuration very tweakable for your goals.
Closing Thoughts
An exhaustive vulnerability scanner like OpenVAS is invaluable for securing both infrastructure and applications. While simple to run out of the box, spending the time to tailor scans to your specific environment will maximize both accuracy and actionability of results.
I hope this guide has demystified OpenVAS and provided you the right foundation to implement continuous scanning with it. As threats evolve, leveraging it will provide ongoing visibility into risks in your environment to lock things down.
