Summary
There are many tutorials out there on installing OpenVAS, some of which are just outdated or not right. While installation is quite simple, many doesn’t know about the namechange OpenVAS had, or the outdated tutorials can make installation a lot harder than it is. I’ll even include the dockerized version, because once again, there are several versions out there which are outdated, but because of the old name they come up as first results when searching.
The problem
Because of the namechange of OpenVAS and the large amount of outdated knowledge and tutorials, it might be confusing how to install an up-to-date version of the software in 2022. The dockerized versions are even more confusing, since if you search OpenVAS docker, the first few results are all extremely outdated, because OpenVAS is not called OpenVAS anymore.
Solution
First we’ll look at the normal way of installation, then using docker.
Install normally
If gvm is not installed on the system yet, first you have to install it. Parrot and I think Kali comes with it preinstalled.
To install, run:
|
|
The next step is to initialize the setup
|
|
Make sure to save the auto-generated password somewhere safe. The default user is admin. Take note that the first setup can take a while, go grab a coffee or something while it’s going, it really takes long.
Once it’s one, check if everything is set up properly by running
|
|
We can finally attempt to start the service by running
|
|
You can open the webUI at https://127.0.0.1:9392/login where you can login with the username admin and the password you got during the setup stage.
Stop the service by running
|
|
Using the dockerized version
The currently (2022-05-25) available most up-to-date version of OpenVAS / GVM is the version maintained / made by immauss. This can be found at https://hub.docker.com/r/immauss/openvas. One can play around with https://hub.docker.com/r/securecompliance/gvm as well, but I personally will be covering the immauss version, since it’s simple and just works.
First of all, if you don’t have docker installed yet, install it by running
|
|
Once this is done, you can test your instance by running
|
|
If you see something like
--- SNIP ---
Hello from Docker!
This message shows that your installation appears to be working correctly.
--- SNIP ---
then the installation was successful.
If you have docker set up properly, it’s time to pull the image from dockerhub, and run it.
Currently there is a way to run this with or without a persistent volume, but it is recommended to use the persistent volume option, and therefor store some data persistently, since otherwise with each restart the container will be reset to the base state.
To create a persistent volume, run
|
|
To start the container after, using this volume, run
docker run --detach --publish 8080:9392 -e PASSWORD="Your admin password here" --volume openvas:/data --name openvas immauss/openvas
where 8080 can be replaced with any port you want to serve the gvm webapp on. Don’t forget to set the administrator password environmental variable, just change the “Your admin password here” part to w/e password you want to use.
This will pull everything needed, then start it. Take note: once the terminal shows that everything is done, I had to wait quite a bit before the service was actually set up properly, so be patient and keep trying to reach the app. If you haven’t changed the port, it should be at https://127.0.0.1:8080. If you did not get any error messages, the app should work, but you can always check the logs by running
|
|
