GVM

GVM (Greenbone Vulnerability Management), formerly known as OpenVAS, is an enterprise-grade open-source vulnerability scanner. It provides a web-based interface (GSA), comprehensive NVT (Network Vulnerability Tests) feed, detailed reporting, and API access for automated security assessments and compliance auditing.

Installation

Docker Installation (Recommended)

Pull Official GVM Image

# Latest stable version
docker pull greenbone/openvas:latest

# Specific version
docker pull greenbone/openvas:23.4

Run GVM Container

# Simple single container (basic setup)
docker run -d -p 9392:9392 \
  -v gvm-data:/data \
  --name openvas \
  greenbone/openvas:latest

# Access at https://localhost:9392

Docker Compose Full Stack

version: '3.8'
services:
  openvas:
    image: greenbone/openvas:latest
    ports:
      - "9392:9392"
    volumes:
      - gvm-data:/data
    environment:
      - ADMIN_USERNAME=admin
      - ADMIN_PASSWORD=changeme
    restart: unless-stopped

  postgres:
    image: greenbone/postgres:13
    volumes:
      - postgres-data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=gvm
    restart: unless-stopped

volumes:
  gvm-data:
  postgres-data:

docker-compose up -d

Source Installation (Ubuntu/Debian)

Install Dependencies

sudo apt-get update
sudo apt-get install -y \
  cmake \
  pkg-config \
  libglib2.0-dev \
  libgpgme-dev \
  libgnutls28-dev \
  uuid-dev \
  libssh-dev \
  libhiredis-dev \
  libxml2-dev \
  libpcap-dev \
  libnet-dev \
  clang \
  libksba-dev

Compile OpenVAS Scanner

git clone https://github.com/greenbone/openvas.git
cd openvas
mkdir build && cd build
cmake ..
make
sudo make install

Install GVM Daemon

git clone https://github.com/greenbone/gvmd.git
cd gvmd
mkdir build && cd build
cmake ..
make
sudo make install

Install GSA (Web Interface)

git clone https://github.com/greenbone/gsa.git
cd gsa
npm install
npm run build

Verification

# Check OpenVAS version
openvas --version

# Check GVM daemon
gvmd --version

# Test service startup
systemctl start openvas
systemctl start gvmd

Initial Setup

Docker Setup

Default Credentials

# After container startup (wait 2-3 minutes)
# Access web interface
https://localhost:9392

# Default credentials:
# Username: admin
# Password: admin

# Change password immediately after login

Verify Installation

# Check container logs
docker logs openvas

# Verify ports open
netstat -tlnp | grep 9392
ss -tlnp | grep 9392

# Test connectivity
curl -k https://localhost:9392

Source Setup

Initialize GVM Database

# Create user for GVM
sudo useradd -m -s /bin/bash gvm

# Initialize database
sudo su - gvm
gvmd --create-admin admin

Start Services

sudo systemctl start openvas
sudo systemctl start gvmd
sudo systemctl start gsad  # GVM web service

Access Web Interface

# Open browser
https://localhost:9392

# Login with created credentials

Web Interface (GSA)

Dashboard

# Main overview
- Vulnerability count
- CVE severity distribution
- Task status summary
- System health
- Recent activities

Navigation Structure

Home
├── Dashboards
├── Scans
│   ├── Tasks
│   ├── Targets
│   ├── Scan Configs
│   ├── Scan Schedules
│   └── Reports
├── Assets
│   ├── Hosts
│   ├── Operating Systems
│   ├── Services
│   └── NVTs
├── Configuration
│   ├── Users
│   ├── Roles
│   ├── Alerts
│   └── Preferences
└── Administration
    ├── NVT Feeds
    ├── Tasks
    └── Performance

Creating Targets

Add New Target (Manual)

# Steps via GSA:
1. Click "Assets" → "Targets" → "Create Target"
2. Enter target name
3. Enter IP address or hostname
4. Allow/Deny rules (optional)
5. Port list (SSH, HTTP, HTTPS, etc.)
6. Save

Target Configuration Options

Option	Description
Target Name	Unique identifier for the target
Allow Hosts	IP range (192.168.1.0/24, 10.0.0.1-10.0.0.255)
Exclude Hosts	IPs to skip during scan
Port List	Open ports to scan (22, 80, 443, etc.)
Credentials	SSH, SMB, SNMP for deeper scanning

Bulk Target Import

# Via CSV or API
# Format: target_name, ip/range, port_list

Port List Configuration

# Default port lists:
- OpenVAS Default NVT Ports (common ports)
- All TCP Ports (1-65535)
- Nessus Ports
- Custom (22, 80, 443, 3306, etc.)

Scan Configurations

Predefined Scan Profiles

Profile	Purpose	Speed
Full and fast	Comprehensive scan, common NVTs	Fast
Full and very deep	Exhaustive testing, all NVTs	Slow
System Discovery	Network reconnaissance	Very fast
Empty	Custom configuration	Varies

Create Custom Scan Config

# Via GSA:
1. Click "Configuration" → "Scan Configs"
2. Create New Config
3. Select base profile
4. Adjust NVT selection
5. Set timeout per NVT
6. Configure performance options

NVT Selection

# Include specific vulnerability tests
- Authentication tests
- Default credentials
- Buffer overflows
- SQL injection
- XSS vulnerabilities
- Weak encryption

Performance Tuning

# Scan options:
- Parallel NVT execution (default: 4)
- Timeout per NVT (default: 300s)
- Network timeout
- Memory limit
- Report format

Running Scans

Create and Run Task

# Via GSA:
1. Click "Scans" → "Tasks"
2. Create Task
3. Select Target
4. Select Scan Config
5. Set Preferences (timing, credentials)
6. Run/Schedule

Start Scan Immediately

# Steps:
1. Create task
2. Click "Start Scan" or play icon
3. Monitor progress in Task details
4. Wait for completion

Schedule Recurring Scans

# Recurring scan setup:
1. Create Task
2. Set Schedule
3. Daily/Weekly/Monthly/Custom
4. Set timezone
5. Enable email alerts (optional)

# Example: Weekly scan every Monday 2 AM
# Cron expression: 0 2 * * 1

Scan Progress Monitoring

# During scan:
- Live vulnerability count
- NVTs completed vs. remaining
- Estimated time remaining
- Current NVT being tested
- Scan status (Running, Paused, Stopped)

Pause/Resume/Stop Scan

# Via GSA Task detail:
- Pause button: Temporarily halt scan
- Resume button: Continue paused scan
- Stop button: Terminate current scan
- Delete: Remove task entirely

NVT Feed Management

Check NVT Feed Status

# Via GSA:
Administration → NVT Feed

# Shows:
- Last feed update time
- Number of loaded NVTs
- Feed type (Greenbone Feed, Community Feed)

Manual Feed Update (Docker)

# Inside container
docker exec openvas greenbone-nvt-sync

# Wait for sync to complete (10-30 minutes)
docker logs openvas --follow | grep "NVT"

Automatic Feed Updates

# Docker configuration:
# Edit container to enable auto-sync
docker run ... -e GREENBONE_FEED_SYNC=1 ...

# Via cron (source installation):
# Add to crontab:
0 */4 * * * /usr/local/bin/greenbone-nvt-sync

Feed Information

# Available feeds:
- Greenbone Community NVT Feed (free)
- Greenbone Enterprise NVT Feed (paid)
- Custom NVT repositories

# NVT count:
- Community: ~50,000+ NVTs
- Enterprise: ~60,000+ NVTs

Credential Scanning

Add Credentials

# Via GSA:
Configuration → Credentials → Create Credential

# Credential types:
- SSH (username/password or key)
- SMB (Windows username/password)
- SNMP (community string or SNMPv3)
- PostgreSQL
- ESXi/vCenter

SSH Credential Setup

# Steps:
1. Credentials → Create
2. Type: SSH
3. Username
4. Either password OR private key
5. Port (default 22)
6. Save

SMB/Windows Credential Setup

# Steps:
1. Credentials → Create
2. Type: SMB
3. Domain (or leave blank)
4. Username
5. Password
6. Save

Apply Credentials to Target

# Steps:
1. Edit Target
2. Add SSH Credential
3. Add SMB Credential
4. Add SNMP Credential (if applicable)
5. Save

Credential Scanning Benefits

# Deeper vulnerability detection:
- Local file access
- Registry inspection (SMB)
- Service enumeration
- Configuration review
- Patch level detection
- User account enumeration

Report Formats

Available Report Types

Format	Purpose	Details
CSV	Data analysis	Spreadsheet-compatible
PDF	Management review	Professional formatting
HTML	Quick review	Browser-viewable
XML	System integration	Structured data
TXT	Simple report	Text format

Generate Report

# Via GSA:
1. Scans → Reports
2. Select completed scan
3. Click "Download Report"
4. Select format
5. Download

# Or Generate New:
1. Tasks → Select Task
2. "Report" button
3. Format selection
4. Generate

Report Customization

# Report options:
- Include/exclude rows
- Filter by severity
- Include/exclude notes
- Configure headers/footers
- Add company branding (enterprise)

Report Contents

# Typical report includes:
- Executive Summary
- Vulnerability Breakdown by Severity
- Affected Hosts
- Vulnerability Details (CVE, CVSS, Solution)
- Configuration Review
- Compliance Findings
- Recommendations

Scan Policies

Built-in Policies

Policy	Configuration
Lightweight	Minimal NVTs, fast scan
Simple Network Scan	Common ports and services
Full Scan	All NVTs and ports
Database Assessment	Database-focused NVTs
Web Application	Web app vulnerabilities
Compliance	Compliance-focused checks

Create Custom Policy

# Steps:
1. Configuration → Scan Configs
2. "Create New Config"
3. Select Base Policy
4. Modify NVTs
5. Adjust timeouts
6. Save as New Policy

Policy Performance Settings

# Options:
- Max parallel NVTs: 1-32 (higher = faster, more resources)
- Timeout per NVT: 60-3600 seconds
- Allow KB timeout: Enable/disable
- Optimize for memory vs. speed

Scheduled Scans

Create Schedule

# Via GSA:
Scans → Schedules → Create Schedule

# Options:
- Once (one-time)
- Hourly
- Daily (specific time)
- Weekly (day + time)
- Monthly (date + time)
- Yearly

Schedule Configuration

# Steps:
1. Set schedule frequency
2. Set timezone (important!)
3. Set start time
4. Optional: Set end time (max duration)
5. Select email alert recipients
6. Save schedule

Attach Schedule to Task

# Steps:
1. Create/Edit Task
2. Set Schedule
3. Select from existing schedules
4. Save Task

# Task will auto-run on schedule

Monitor Scheduled Tasks

# Via Task list:
- View next run time
- View last run time
- View scan duration
- View vulnerability trends

Compliance Auditing

Compliance Checks

# GVM provides compliance scanning for:
- PCI DSS
- HIPAA
- NIST
- SOC 2
- CIS Benchmarks
- Custom policies

Run Compliance Scan

# Steps:
1. Create Target (compliance hosts)
2. Select Compliance Scan Config
3. Add credentials (SMB, SSH)
4. Run scan
5. Generate Compliance Report

Compliance Report

# Includes:
- Compliance status per host
- Failed controls
- Severity of violations
- Remediation guidance
- Evidence for auditors

API Access (GMP)

GMP Protocol Overview

# GVM Management Protocol (GMP)
# XML-based API for automation
# Default port: 9392

Authentication

# GMP authentication:
curl -k --user admin:password \
  https://localhost:9392

Create Task via API

# GMP XML request:
<create_task>
  <name>API Task</name>
  <target id="target_id"/>
  <config id="config_id"/>
  <preferences>
    <preference>
      <scanner_name>port_timeout</scanner_name>
      <value>300</value>
    </preference>
  </preferences>
</create_task>

List Targets via API

curl -k --user admin:password \
  'https://localhost:9392' \
  -X POST -d '<get_targets/>'

Get Task Results

curl -k --user admin:password \
  'https://localhost:9392' \
  -X POST \
  -d '<get_reports task_id="UUID"/>'

Python API Client Example

from gvm.connections import SSHConnection
from gvm.protocols import Gmpv214

# Connect
connection = SSHConnection(hostname='localhost', timeout=60)
gmp = Gmpv214(connection)

# Authenticate
gmp.authenticate('admin', 'password')

# List targets
targets = gmp.get_targets()
print(targets)

# Create task
response = gmp.create_task(
    name='API Scan',
    config_id='config_id',
    target_id='target_id'
)

Alerting

Create Alert

# Via GSA:
Configuration → Alerts → Create Alert

# Alert triggers:
- Task Done
- Task Error
- Scan Done
- Security event

Alert Methods

# Notification methods:
- Email
- HTTP GET/POST
- Syslog
- Slack (webhook)
- Custom script

Email Alert Setup

# Steps:
1. Alerts → Create
2. Condition: Task Done
3. Method: Email
4. Recipients: admin@company.com
5. Save

# Configure SMTP:
Administration → Settings → Email Configuration

Alert Example

# Task Done Email:
Subject: GVM Scan Complete
Body: Task "Weekly Scan" completed with X vulnerabilities found
- Critical: 2
- High: 5
- Medium: 12

Common Scan Profiles

Profile	Use Case	Duration
Discovery	Network reconnaissance	15 min
Full and Fast	Standard vulnerability scan	30-60 min
Full and Very Deep	Thorough assessment	2-4 hours
Database Assessment	Database servers	30-90 min
Web Application	Web apps only	20-45 min

Performance Optimization

Scanner Resource Management

# Adjust parallel NVT execution:
Configuration → Preferences

# Settings:
- Parallel NVTs: 4-16 (higher = faster)
- Timeout per NVT: 300-600 seconds
- Memory limits
- Network bandwidth throttling

Database Optimization

# For PostgreSQL backend:
# Increase work_mem
# Increase shared_buffers
# Increase maintenance_work_mem
# Run VACUUM periodically

Network Optimization

# Run scanner near targets
# Use separate VLAN for scans
# Limit scan threads to avoid network saturation
# Schedule heavy scans during off-hours

Troubleshooting

Issue	Solution
High memory usage	Reduce parallel NVTs, increase timeout
Slow scans	Reduce NVT count, check network latency
Connection refused	Verify port open, check firewall rules
NVT feed outdated	Run feed sync, check feed subscription
Credentials not working	Verify service running, test credentials manually
Report generation fails	Check available disk space, restart services

Best Practices

• Schedule scans during off-hours to minimize network impact
• Update NVT feed regularly (daily or weekly)
• Use credentials for deeper vulnerability detection
• Create separate targets/tasks for different networks
• Review reports weekly and track remediation
• Set severity thresholds for alerts (don’t alert on low)
• Archive old reports for compliance tracking
• Test scan configs on test systems first
• Document all scans for compliance audits
• Keep scanner system patched and secured
• Isolate scanner on separate network segment
• Use strong credentials for admin accounts
• Disable default accounts after setup

Additional Resources

# Official documentation
https://docs.greenbone.net/

# Community forums
https://community.greenbone.net/

# GitHub repositories
https://github.com/greenbone/

# GVM Feeds
https://www.greenbone.net/en/feeds/

# OpenVAS releases
https://www.openvas.org/