π‘οΈ Methodology Checklist
- Start OpenVAS:
sudo gvm-start - Log in at https://localhost:9392 (or configured port)
- Create target: Tasks β Targets β New Target
- Create scan config and launch scan task
- Monitor scan: Dashboard β Tasks
- Review results by severity: Critical β High β Medium
- Export findings and integrate with manual testing notes
π― Operational Context
Think Dumber First:
gvm-startbootstraps all GVM services β wait for it to complete before accessing the GSA web UI. NVT sync must complete before your first scan or youβll miss current CVEs. Add SSH credentials to Credential Manager before creating the scan task for authenticated results.
When you land here: Need an open-source VA scanner. sudo gvm-start. Access GSA at https://127.0.0.1:9392. Create credentials β create target β create task β start. Monitor scan progress. Export report in XML for import into reporting tools.
β‘ Tactical Cheatsheet
| Command | Tactical Outcome |
|---|---|
mkdir -p ~/gvm_data/gvmd && mkdir -p ~/gvm_data/openvas | Create data directories |
sudo chmod -R 777 ~/gvm_data | Fix permissions |
sudo docker run -d -p 8080:9392 --name openvas --restart always --security-opt apparmor=unconfined -v /home/user/gvm_data:/var/lib/gvm immauss/openvas | Deploy OpenVAS via Docker |
sudo docker logs -f openvas | Monitor initialization progress |
sudo docker start openvas | Start OpenVAS |
sudo docker stop openvas | Stop OpenVAS (saves RAM) |
sudo docker logs openvas 2>&1 | grep "Password" | Retrieve auto-generated admin password |
python3 -m openvasreporting -i [REPORT].xml -f xlsx | Convert XML report to Excel |
π¬ Deep Dive & Workflow
Access: https://localhost:8080 | Default: admin / admin (or openvas)
Why Docker?
Native OpenVAS installation on Parrot OS (especially ARM64) often causes βdependency hell.β Docker runs it in a self-contained environment.
Initial Setup (One-Time)
mkdir -p ~/gvm_data/gvmd ~/gvm_data/openvas
sudo chmod -R 777 ~/gvm_data
sudo docker run -d -p 8080:9392 --name openvas \
--restart always \
--security-opt apparmor=unconfined \
-v ~/gvm_data:/var/lib/gvm \
immauss/openvasFirst run takes 20-40 minutes β watch docker logs -f openvas for gsad ... Listening on port 9392.
Scan Configurations
| Mode | Description | Vuln Checks? |
|---|---|---|
| Full and fast | RECOMMENDED β uses port intelligence to select NVTs | YES |
| Base | OS info only | No |
| Discovery | Services, hardware, ports | No |
| Host Discovery | Ping only | No |
| System Discovery | OS + hardware (deep) | No |
Workflow
- Configuration β Targets β New Target β set IP, Alive Test
- Credentials (for auth scan): Linux = SSH, Windows = SMB
| OS | Username | Password |
|---|---|---|
| Linux | htb-student_adm | HTB_@cademy_student! |
| Windows | administrator | Academy_VA_adm1! |
- Scans β Task Wizard β Name + Target + Scanner + Config (Full and fast) β Start
- Analyze as results appear β donβt wait for 100%
Export Workflow
- Scan β Reports β Export as XML β convert with
openvasreporting - Output Excel has: Dashboard charts, TOC with CVSS scores, per-vuln detail tabs
Troubleshooting
| Problem | Fix |
|---|---|
| βUnable to Connectβ / white screen | Still initializing β watch docker logs -f openvas |
| βPermission Deniedβ in logs | Delete container, redo setup with ~/gvm_data method |
| AppArmor errors | Ensure --security-opt apparmor=unconfined in run command |
π οΈ Troubleshooting & Edge Cases
| Problem | Cause | Fix |
|---|---|---|
| gvm-start fails with service errors | PostgreSQL or Redis not running | sudo systemctl start postgresql redis-server; then sudo gvm-start; check sudo gvm-check-setup |
| GSA web UI inaccessible on port 9392 | Firewall or service not bound correctly | Check: netstat -tlnp | grep 9392; use https (not http): https://127.0.0.1:9392; accept self-signed cert |
| Scan stuck at 0% for 10+ minutes | NVT feed sync not complete | Run sudo greenbone-nvt-sync; wait for completion; check sudo gvm-check-setup for sync status |
| Admin password unknown | Initial setup, no password set | sudo runuser -u _gvm -- gvmd --user=admin --new-password=[NEWPASS]; then log in with new password |
| Report export fails or is blank | Browser download blocked or disk space full | Use gvm-cli to export: gvm-cli socket --gmp-username admin --xml '<get_reports/>'; check disk space with df -h |
π Reporting Trigger
Finding Title: (OpenVAS findings exported as XML contain CVE references β map each plugin to CVE for report integration. OpenVAS NVT ID is the equivalent of Nessus Plugin ID. Include NVT description, CVSS score from NVT, and target IP in each finding entry.)