Hey there, tech adventurers! 🌟 Are you ready to embark on an epic journey through the realms of cybersecurity? Grab your gear because today, we're diving into the world of vulnerability scanning with the powerful OpenVAS tool, and our trusty sidekick, the Metasploitable 2 machine. πŸ–₯οΈπŸ”

What’s the Buzz About OpenVAS?

Before we jump into action, let's get to know our hero of the day – OpenVAS! OpenVAS (Open Vulnerability Assessment System) is like the Swiss Army knife of vulnerability scanning. It's packed with features to help you discover security weaknesses in your network. From defining targets to generating detailed reports, OpenVAS has got your back!

Setting the Stage

Meet Metasploitable 2

First, let's introduce Metasploitable 2 – our vulnerable machine. Think of it as the haunted house of cybersecurity, filled with intentional vulnerabilities for us to uncover. It’s the perfect playground for OpenVAS to show off its skills!

Getting Started with OpenVAS

Step 1: Installing OpenVAS

Setting up OpenVAS is a breeze! Just a few commands and you're good to go:

sudo apt update    # update the system

sudo apt install gvm    #install OpenVAS

sudo gvmd --user=admin --new-password=admin    # create a new user

sudo gvm-setup    # setup OpenVAS for the first time

sudo gvm-check-setup    #check OpenVAS setup if configured correctly


When you see this line "It seems like your GVM-*.*.* installation is OK" it means everything went successfully and voila! OpenVAS is ready to rock and roll. 🎸

Open the OpenVAS web ui in the browser, go to https://localhost:9392

After opening the web ui login with the credentials you've setup earlier.

After opening the web ui go to administration and then feed status to check if the updates are finished or not. Wait until the "Update in progress" shows "Current" for all feed type. This takes about an hour.

Running and Analyzing Scans

Step 3: Creating a Scan Task

To start scanning go to scans and the tasks.

We can quickly start the scan by using the Task Wizard. It provides two types of scanning. First one is a basic scanner that only takes IP and starts the scan no additional configurations can be done here.

Whereas in advanced task wizard we can configure many things like which scan config to choose, we can also schedule the scan for later and user credentials for the scan. We can also send the report to an email. Now go ahead put your vulnerable machines IP here and start the scan with default settings.

We can also use advanced task methods that will allow to configure more things.

The new task menu will allow to configure many things like custom scans, custom targets, custom scan configs and many more. I'll leave it up to you to explore.

Step 4: Analyzing the results

After the scan results are finished it will show in the dashboard.


Scroll down to your scan and click Last reported and it will open the full report. Click on results tab to see scan results. We can filter by severity, type, or target in the report page.


We can click on individual vulnerability to get more information about it.

Step 5: Generating Reports

To generate a report for the scan, click on scans tab and then report, it will prompt how you want your report.


Exploring OpenVAS Features

User Management

     - Navigate to "Administration" > "Users" to create and manage user accounts.

Here we can add new users and also modify the password of the current user. To create a new user, click on create new user button on left corner.


In OpenVAS, various user roles define different levels of access and control within the system. 

The Admin role has full privileges, allowing the creation, modification, and deletion of users, as well as the ability to configure all settings, manage scans, schedules, and policies, and access and manage all scan results. 

The Guest role is likely to have limited, primarily read-only access, allowing the user to view specific scan results or reports as permitted by an admin, without the ability to modify configurations or initiate scans. 

The Info role may provide access to informational content, enabling the user to view scan results, reports, and dashboards, but without the permissions to perform scans or make configuration changes. 

The Monitor role is designed for users focused on monitoring activities, granting them the ability to view and track ongoing scans and their progress, with access to dashboards and real-time monitoring tools, though they cannot initiate or configure scans. 

The Observer role is similar to Monitor but potentially with more restricted access, allowing users to view the status of scans and possibly some results, without the ability to make changes or initiate actions. 

Lastly, the User role is intended for regular users who have permissions to perform scans and configure and run their own scans, but with limited access to system-wide settings and user management. These role descriptions are based on common practices and may vary depending on the specific implementation and version of OpenVAS.

Scan configurations.

To check for scan configurations, go to "Configuration" > "Scan Configs." Here we can see the default scan configurations that are provided by OpenVAS are present.

Creating and Managing Targets

To define the targets for your scan, navigate to "Configuration" > "Targets."

We can add new target by clicking on the left corner button, it will prompt a configuration menu. Here we can configure many things, we can import hosts we can exclude hosts, assign port list, use credentials and others. 

Conclusion: Empowering Your Cybersecurity Journey with OpenVAS

As we wrap up our adventure into the world of vulnerability scanning with OpenVAS, it's clear that this powerful tool is an essential ally in the ever-evolving landscape of cybersecurity. From its user-friendly installation process to its comprehensive scanning capabilities, OpenVAS proves to be a valuable asset for both beginners and seasoned professionals alike.

We've explored the basics of setting up OpenVAS, creating and running scans, analyzing results, and generating detailed reports. We've also touched on more advanced features like user management and custom scan configurations, which allow you to tailor OpenVAS to your specific needs.

Remember, vulnerability scanning is not just a one-time task, but an ongoing process in maintaining a robust security posture. Regular scans with tools like OpenVAS can help you stay one step ahead of potential threats, allowing you to identify and address vulnerabilities before they can be exploited.

As you continue your cybersecurity journey, we encourage you to dive deeper into OpenVAS's features, experiment with different scan configurations, and integrate this tool into your regular security practices. The more familiar you become with OpenVAS, the better equipped you'll be to protect your digital assets. Stay curious, keep learning, and happy scanning! Your network's security is in your hands, and with tools like OpenVAS, you're well-prepared for the challenges ahead. πŸ›‘οΈπŸš€