I show you how to install OpenVAS on ParrotSec in a step-by-step tutorial.
What is OpenVAS?
OpenVAS is THE open source vulnerability scanner. OpenVAS started under the name of GNessUs, a fork of the previously open-source Nessus scanning tool (which costs you money now). OpenVAS is also under the GNU General Public License (GPL).
I personally used this software in many different kinds of assessments and was always satisfied with the results I got (keeping in mind that it is completely free).
Of course tools like Nessus and NeXpose are more feature-rich, but they come with a high price-tag too.
For starters, OpenVAS is simply perfect and gives you a good idea of how a vulnerability scanner is working. I also found it very intuitive to work with.
So without further ado, let’s dive right into the installation.
I install OpenVAS on a freshly installed ParrotSec in VirtualBox. If you want to know how to install ParrotSec on Virtual Box check out this article.
Step 1 Installing OpenVAS on ParrotSec
First, we are going to run the initial setup. Open a terminal window and type:
This will run you through the initial setup, it will take a couple of minutes.
Once this is done, do not close the window! Your admin password is displayed right there. Copy it.
In case you forgot to copy it, you can reset the password by typing:
sudo openvasmd --user=admin --new-password=new_password
Now we just need to start OpenVAS by typing:
Step 2 Logging in to the Web Interface
Now we can go ahead and login to the Web Interface. Open your Web Browser and go to https://127.0.0.1:9392/
Add a Security Exception:
Now log in with the username admin and the password you copied earlier.
Step 3 Changing the Password
The first thing we want to do is to change the admin password. You will probably not be able to remember the automated password OpenVAS assigned you the next time you want to log in.
Navigate to Administration / Users.
Click on the little wrench symbol next to your admin user.
Finally, change your password.
That is it for the initial Setup. Your OpenVAS is now fully operational.
Step 4 Running your first Scan
To run your first Scan, Navigate to Scans / Tasks.
Now choose the little Wizard Wand Symbol to start the Task Wizard.
Simply enter an IP Address you want to Scan and hit Start Scan.
And there you have it. Easy, right?
This concludes this tutorial.
More OpenVAS goodness is coming in the near future. Subscribe to get informed about now content.
*All the techniques provided in the tutorials on ceos3c.com are solely meant for educational purposes only.
All of the techniques taught here are only meant to be used in a closed laboratory environment or in consent with a second party.
If you are using any of those techniques for illegal purposes, Ceos3c can’t be held responsible for possible lawful consequences.