You are here

Setting up OpenVAS on Kali

OpenVAS is a software package similar to Nessus that runs vulnerability scanning.

Kali has several packages, open vas is one of them.

Here are instructions on how to set up openvas on Kali.  This version is OpenVAS 8 on Kali Linux 2.0.0.0 and the sha1sum is 2b49bf1e77c11ecb5618249ca69a46f23a6f5d2d

Instructions

  1. Download Kali and install it on your ESXi host, I used VMWare converter 6.0.
  2. Power it on.
  3. Press ESC and Log in as root with the password toor
  4. Configure SSH
    I prefer to do things via ssh session in putty
    1. Couple things I do prior to working with openvas, I allow root access to log in via ssh by editing /etc/ssh/sshd_config and change PermitRootLogin to yes
    2. Then I set it to start on reboot systemctl enable ssh
    3. Then I start it using systemctl start ssh
  5. Creating Local System User
    1. Create a regular user.
    2. Give the user sudo rights.
    3. Optional, revert back the PermitRootLogin
  6. System Time Zone - Set time zone on system
    dpkg-reconfigure tzdata
  7. GPG Key
    Create GPG Key this takes a long time
    mkdir /etc/openvas/gnupg
    gpg --homedir=/etc/openvas/gnupg --gen-key
    1. While this is running you should proceed, this will generate entropy it needs.
    2. When done download and import they key
      wget http://www.openvas.org/OpenVAS_TI.asc
      gpg --homedir=/etc/openvas/gnupg --import OpenVAS_TI.asc
  8. Setup OpenVAS
    Run
    /usr/bin/openvas-setup
    as root, this will take a long time.
  9. Create User on OpenVAS
    Create the user
    openvasmd --create-user=admin --role=Admin
    Set Password
    openvasmd --user=admin --new-password=ABcd1234
    Search Users
    openvasmd --get-users
  10. Install other packages
    apt-get install rpm nsis alien
  11. Enable External access (non localhost
    mkdir -p /etc/systemd/system/greenbone-security-assistant.service.d/
    vi /etc/systemd/system/greenbone-security-assistant.service.d/local.conf

    [Service]
    ExecStart=
    ExecStart=/usr/sbin/gsad --foreground --listen=192.168.1.10 --port=9392

    Where 192.168.1.10 is the IP address of your server

  12. Reboot

 

Maintenance stuff

To update scan database

openvas-nvt-sync

Using a Cert by a CA

Installing a proper Certificate

Create Key

openssl genrsa 2048 > /var/lib/openvas/private/CA/serverkey.pem

Create a Certificate Request

openssl req -new -key /etc/openvas/ssl.key/server.key -new -out /root/client.csr -subj "/C=US/ST=Washington/L=Renton/O=Example Corp/OU=Lab Services/CN=kali.example.local/emailAddress=support@example.local"

Upload /root/client.csr to be signed by CA

Install cert at

/var/lib/openvas/CA/servercert.pem

Validate

Download and run

wget --no-check-certificate http://svn.wald.intevation.org/svn/openvas/trunk/tools/openvas-check-setup

./openvas-checksetup

 

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer