Skip to main content

OpenVAS Setup & Configuration

OpenVAS (Open Vulnerability Assessment System) — now part of Greenbone Vulnerability Management (GVM) — is a full-featured, open-source framework for scanning networks, hosts, and applications for known vulnerabilities. It allows security professionals and system administrators to identify security weaknesses, misconfigurations, and compliance gaps efficiently.

This guide walks through installation, configuration, and first scan setup, with clear instructions and hands-on lab examples.

warning

Always scan only systems you own or have explicit permission to test. Unauthorized scanning can be illegal.

Why Use OpenVAS

  • Detect known vulnerabilities in hosts, networks, and services
  • Schedule regular vulnerability scans to maintain security posture
  • Generate comprehensive reports for IT teams and auditors
  • Open-source and actively maintained by Greenbone
  • Integrates with SIEMs or security dashboards for enterprise environments

Installing OpenVAS

OpenVAS can be installed on Linux (Debian/Ubuntu/Kali) or run in a Docker container.

# Update repositories
sudo apt update && sudo apt upgrade -y

# Install OpenVAS / GVM
sudo apt install -y gvm

# Setup and initialize the database and feeds
sudo gvm-setup

# Check installation status
sudo gvm-check-setup
note

gvm-setup may take 20–30 minutes as it downloads the latest vulnerability feeds.

2. Installing on Ubuntu/Debian

sudo apt update && sudo apt install -y gvm
sudo gvm-setup
sudo gvm-check-setup

3. Running OpenVAS in Docker (Alternative)

docker pull greenbone/gvm
docker run -d -p 8080:9392 --name openvas greenbone/gvm
  • Access the web interface at https://localhost:8080/
  • Default credentials are usually printed in container logs. Change immediately.

Initial Configuration

After installation:

  1. Create Admin User
sudo gvm-manage-certs -a
sudo gvm-manage-certs -c
  1. Start Services
sudo gvm-start
  1. Access Web Interface
  • Default: https://127.0.0.1:9392/
  • Log in using the admin credentials from setup

Setting Up Your First Scan

1. Add Target Host(s)

  • Go to Configuration → Targets → New Target

  • Provide:

    • Name (e.g., Lab-Server)
    • IP address or range
    • Port range (default: 1-65535)

2. Configure Scan Task

  • Go to Scans → Tasks → New Task
  • Name your task and select the target
  • Select a Scan Config (e.g., Full and Fast, Discovery, or Custom)
  • Assign schedule (optional for recurring scans)

3. Launch Scan

  • Click Start next to your task
  • Monitor progress and view logs in the Tasks section

Understanding Scan Results

OpenVAS produces detailed vulnerability reports, including:

  • Vulnerability ID and severity (CVSS score)
  • Description and affected service or application
  • Steps to reproduce / test vulnerability
  • Recommended mitigation or patching advice
  • Export options: PDF, CSV, HTML, or XML

Use findings to prioritize patching and security hardening.

Common Scan Configurations

Scan ConfigDescription
Full and FastCovers all known vulnerabilities but optimized for speed
Full and Very DeepMaximum coverage; can be slower
Host DiscoveryDetect live hosts without performing full vulnerability checks
CustomSelect specific plugins, ports, or scan types

Hands-On Lab Ideas

Lab 1: Scan a Local VM

  1. Spin up a lab VM (Ubuntu or Windows test machine)
  2. Add the VM’s IP as a target
  3. Run Full and Fast scan
  4. Review the report for vulnerabilities like open ports, outdated packages, or weak configurations

Lab 2: Targeted Service Scan

  1. Scan only specific services (e.g., HTTP, SSH)
  2. Use Custom Scan Config
  3. Observe CVSS scores and prioritize patching

Lab 3: Scheduled Scans

  • Configure recurring scans to practice monitoring changes over time
  • Compare results after patching or applying updates

Best Practices

  • Always scan authorized targets
  • Keep vulnerability feeds up to date (greenbone-nvt-sync)
  • Use segmented test environments to avoid impacting production
  • Combine OpenVAS results with other tools (e.g., Nessus, Nmap, Metasploit) for comprehensive assessment
  • Export reports regularly for documentation and auditing