Appearance
OpenVAS Cheat Sheet
Overview
OpenVAS (Open Vulnerability Assessment System) is a full-featured vulnerability scanner that provides comprehensive vulnerability management capabilities. It's part of the Greenbone Vulnerability Management (GVM) framework and offers extensive vulnerability testing, including network vulnerability tests, authenticated testing, and compliance auditing. OpenVAS maintains a constantly updated feed of Network Vulnerability Tests (NVTs) and provides detailed reporting capabilities.
⚠️ Warning: Only use OpenVAS in environments you own or have explicit permission to test. Unauthorized vulnerability scanning may violate terms of service or local laws.
Installation
Docker Installation (Recommended)
bash
# Pull the official Greenbone Community Edition container
docker pull greenbone/community-edition
# Create persistent volumes
docker volume create gvm-postgres-data
docker volume create gvm-var-lib
docker volume create gvm-var-log
docker volume create gvm-var-run
# Run Greenbone Community Edition
docker run -d \
--name gvm \
-p 9392:9392 \
-v gvm-postgres-data:/var/lib/postgresql \
-v gvm-var-lib:/var/lib/gvm \
-v gvm-var-log:/var/log/gvm \
-v gvm-var-run:/var/run \
greenbone/community-edition
# Check container status
docker ps
docker logs gvm
# Access web interface at https://localhost:9392
# Default credentials: admin/adminUbuntu/Debian Installation
bash
# Add Greenbone repository
sudo apt update
sudo apt install -y software-properties-common
sudo add-apt-repository ppa:mrazavi/gvm
sudo apt update
# Install GVM components
sudo apt install -y gvm
# Setup GVM
sudo gvm-setup
# Start services
sudo systemctl start gvmd
sudo systemctl start gsad
sudo systemctl start ospd-openvas
# Enable services
sudo systemctl enable gvmd
sudo systemctl enable gsad
sudo systemctl enable ospd-openvas
# Create admin user
sudo gvmd --create-user=admin --password=admin
# Update vulnerability feeds
sudo gvm-feed-updateManual Installation
bash
# Install dependencies
sudo apt update
sudo apt install -y build-essential cmake pkg-config libglib2.0-dev \
libgpgme-dev libgnutls28-dev uuid-dev libssh-gcrypt-dev libldap2-dev \
doxygen graphviz libradcli-dev libhiredis-dev libpcap-dev \
bison libksba-dev libsnmp-dev gcc-mingw-w64 heimdal-dev \
libpopt-dev xmltoman redis-server xsltproc libical-dev postgresql \
postgresql-contrib postgresql-server-dev-all gnutls-bin nmap \
rpm nsis curl wget fakeroot gnupg sshpass socat snmp smbclient \
texlive-latex-extra texlive-fonts-recommended xmlstarlet zip \
python3-paramiko python3-lxml python3-defusedxml python3-pip \
python3-psutil python3-impacket
# Create gvm user
sudo useradd -r -M -U -G sudo -s /usr/sbin/nologin gvm
sudo usermod -aG gvm $USER
# Download and compile GVM components
export GVM_VERSION=22.4
export GVM_LIBS_VERSION=22.7.3
export GVMD_VERSION=23.0.1
export GSA_VERSION=22.7.1
export GSAD_VERSION=22.7.1
export OPENVAS_SMB_VERSION=22.5.3
export OPENVAS_SCANNER_VERSION=22.7.9
export OSPD_OPENVAS_VERSION=22.6.2
export NOTUS_VERSION=22.6.0
# Create installation directory
export INSTALL_PREFIX=/opt/gvm
export SOURCE_DIR=$HOME/source
mkdir -p $SOURCE_DIR
cd $SOURCE_DIR
# Build and install each component (detailed steps omitted for brevity)
# This is a complex process - refer to official documentationKali Linux Installation
bash
# OpenVAS is pre-installed on Kali Linux
sudo apt update
sudo apt install -y openvas
# Setup OpenVAS
sudo gvm-setup
# Start services
sudo gvm-start
# Check setup
sudo gvm-check-setup
# Access web interface
firefox https://localhost:9392Initial Configuration
First-Time Setup
bash
# Check GVM setup
sudo gvm-check-setup
# Update vulnerability feeds (this takes time)
sudo gvm-feed-update
# Check feed status
sudo gvmd --get-feeds
# Create admin user
sudo gvmd --create-user=admin --password=StrongPassword123
# Set admin user password
sudo gvmd --user=admin --new-password=NewStrongPassword123
# Get admin user UUID
sudo gvmd --get-users --verbose
# Create scanner
sudo gvmd --create-scanner="OpenVAS Scanner" --scanner-type="OpenVAS" --scanner-host=/var/run/ospd/ospd-openvas.sock
# Verify scanner
sudo gvmd --get-scannersWeb Interface Access
bash
# Start GSA daemon (web interface)
sudo gsad --listen=127.0.0.1 --port=9392
# Access web interface
# URL: https://localhost:9392
# Default credentials: admin/admin (change immediately)
# For remote access (security risk - use with caution)
sudo gsad --listen=0.0.0.0 --port=9392 --allow-header-host=your-domain.comFeed Updates
bash
# Update all feeds
sudo gvm-feed-update
# Update specific feeds
sudo greenbone-feed-sync --type GVMD_DATA
sudo greenbone-feed-sync --type SCAP
sudo greenbone-feed-sync --type CERT
# Check feed versions
sudo gvmd --get-feeds
# Schedule automatic updates
echo "0 2 * * * root /usr/sbin/gvm-feed-update" | sudo tee -a /etc/crontabBasic Scanning
Creating Targets
bash
# Command line target creation
sudo gvmd --create-target="Test Target" --hosts="192.168.1.0/24"
# Create target with credentials
sudo gvmd --create-target="Authenticated Target" \
--hosts="192.168.1.100" \
--ssh-credential="ssh-cred-uuid"
# Create target with port list
sudo gvmd --create-target="Custom Ports" \
--hosts="192.168.1.100" \
--port-list="Custom Port List"
# List targets
sudo gvmd --get-targetsCreating Scan Configurations
bash
# List available scan configs
sudo gvmd --get-configs
# Create custom scan config
sudo gvmd --create-config="Custom Full Scan" \
--copy="daba56c8-73ec-11df-a475-002264764cea"
# Modify scan config
sudo gvmd --modify-config="config-uuid" \
--nvt-selection="1.3.6.1.4.1.25623.1.0.10330"
# Get scan config details
sudo gvmd --get-configs --config-id="config-uuid"Running Scans
bash
# Create and start a task
sudo gvmd --create-task="Network Scan" \
--target="target-uuid" \
--config="config-uuid" \
--scanner="scanner-uuid"
# Start task
sudo gvmd --start-task="task-uuid"
# Check task status
sudo gvmd --get-tasks
# Stop task
sudo gvmd --stop-task="task-uuid"
# Resume task
sudo gvmd --resume-task="task-uuid"Advanced Scanning
Authenticated Scanning
bash
# Create SSH credential
sudo gvmd --create-credential="SSH Credential" \
--credential-type="up" \
--credential-login="username" \
--credential-password="password"
# Create SSH key credential
sudo gvmd --create-credential="SSH Key" \
--credential-type="usk" \
--credential-login="username" \
--credential-private-key="/path/to/private/key"
# Create Windows credential
sudo gvmd --create-credential="Windows Credential" \
--credential-type="up" \
--credential-login="domain\\username" \
--credential-password="password"
# Create SNMP credential
sudo gvmd --create-credential="SNMP Community" \
--credential-type="snmp" \
--credential-community="public"
# List credentials
sudo gvmd --get-credentialsCustom Port Lists
bash
# Create custom port list
sudo gvmd --create-port-list="Web Ports" \
--port-range="80,443,8080,8443"
# Create comprehensive port list
sudo gvmd --create-port-list="Common Ports" \
--port-range="1-1000,1433,1521,3306,3389,5432,5900"
# Import port list from file
echo "80,443,8080,8443" > web_ports.txt
sudo gvmd --create-port-list="Web Services" \
--port-range-file="web_ports.txt"
# List port lists
sudo gvmd --get-port-listsScan Scheduling
bash
# Create schedule for daily scans
sudo gvmd --create-schedule="Daily Scan" \
--schedule-period="1" \
--schedule-period-unit="day" \
--schedule-duration="2" \
--schedule-duration-unit="hour"
# Create weekly schedule
sudo gvmd --create-schedule="Weekly Scan" \
--schedule-period="1" \
--schedule-period-unit="week" \
--schedule-duration="4" \
--schedule-duration-unit="hour"
# Create monthly schedule
sudo gvmd --create-schedule="Monthly Scan" \
--schedule-period="1" \
--schedule-period-unit="month" \
--schedule-duration="8" \
--schedule-duration-unit="hour"
# Assign schedule to task
sudo gvmd --modify-task="task-uuid" \
--schedule="schedule-uuid"
# List schedules
sudo gvmd --get-schedulesReporting and Analysis
Report Generation
bash
# Get available report formats
sudo gvmd --get-report-formats
# Generate PDF report
sudo gvmd --get-report="report-uuid" \
--format="c402cc3e-b531-11e1-9163-406186ea4fc5" > report.pdf
# Generate XML report
sudo gvmd --get-report="report-uuid" \
--format="a994b278-1f62-11e1-96ac-406186ea4fc5" > report.xml
# Generate CSV report
sudo gvmd --get-report="report-uuid" \
--format="c1645568-627a-11e3-a660-406186ea4fc5" > report.csv
# Generate HTML report
sudo gvmd --get-report="report-uuid" \
--format="6c248850-1f62-11e1-b082-406186ea4fc5" > report.html
# List all reports
sudo gvmd --get-reportsReport Filtering
bash
# Filter by severity
sudo gvmd --get-report="report-uuid" \
--filter="severity>7.0" \
--format="pdf"
# Filter by host
sudo gvmd --get-report="report-uuid" \
--filter="host=192.168.1.100" \
--format="xml"
# Filter by vulnerability family
sudo gvmd --get-report="report-uuid" \
--filter="family=Web application abuses" \
--format="csv"
# Complex filter
sudo gvmd --get-report="report-uuid" \
--filter="severity>5.0 and host~192.168.1" \
--format="html"Delta Reports
bash
# Compare two reports
sudo gvmd --get-report="new-report-uuid" \
--delta-report="old-report-uuid" \
--format="pdf" > delta_report.pdf
# Generate trend analysis
sudo gvmd --get-reports \
--filter="task=task-uuid" \
--format="xml" > trend_data.xmlAutomation Scripts
Automated Scanning Script
bash
#!/bin/bash
# Automated OpenVAS scanning script
# Configuration
TARGET_NETWORK="192.168.1.0/24"
SCAN_NAME="Automated Network Scan"
CONFIG_NAME="Full and fast"
ADMIN_USER="admin"
ADMIN_PASS="password"
# Function to run gvmd commands
run_gvmd() {
sudo gvmd --user="$ADMIN_USER" --password="$ADMIN_PASS" "$@"
}
# Function to wait for task completion
wait_for_task() {
local task_id="$1"
local status=""
echo "[+] Waiting for task $task_id to complete..."
while [ "$status" != "Done" ]; do
status=$(run_gvmd --get-tasks --task-id="$task_id" | grep -oP 'status="[^"]*"' | cut -d'"' -f2)
echo " Status: $status"
if [ "$status" = "Stopped" ] || [ "$status" = "Interrupted" ]; then
echo "[-] Task failed or was stopped"
return 1
fi
sleep 30
done
echo "[+] Task completed successfully"
return 0
}
echo "[+] Starting automated OpenVAS scan"
# Get scanner ID
SCANNER_ID=$(run_gvmd --get-scanners | grep -oP 'id="[^"]*"' | head -1 | cut -d'"' -f2)
echo "[+] Using scanner: $SCANNER_ID"
# Get config ID
CONFIG_ID=$(run_gvmd --get-configs | grep "$CONFIG_NAME" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
echo "[+] Using config: $CONFIG_ID"
# Create target
echo "[+] Creating target for $TARGET_NETWORK"
TARGET_ID=$(run_gvmd --create-target="$SCAN_NAME Target" --hosts="$TARGET_NETWORK" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
echo "[+] Target created: $TARGET_ID"
# Create task
echo "[+] Creating scan task"
TASK_ID=$(run_gvmd --create-task="$SCAN_NAME" --target="$TARGET_ID" --config="$CONFIG_ID" --scanner="$SCANNER_ID" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
echo "[+] Task created: $TASK_ID"
# Start task
echo "[+] Starting scan task"
run_gvmd --start-task="$TASK_ID"
# Wait for completion
if wait_for_task "$TASK_ID"; then
# Get report ID
REPORT_ID=$(run_gvmd --get-reports --task-id="$TASK_ID" | grep -oP 'id="[^"]*"' | head -1 | cut -d'"' -f2)
# Generate reports
echo "[+] Generating reports"
# PDF report
run_gvmd --get-report="$REPORT_ID" --format="c402cc3e-b531-11e1-9163-406186ea4fc5" > "scan_report_$(date +%Y%m%d_%H%M%S).pdf"
# XML report
run_gvmd --get-report="$REPORT_ID" --format="a994b278-1f62-11e1-96ac-406186ea4fc5" > "scan_report_$(date +%Y%m%d_%H%M%S).xml"
# CSV report
run_gvmd --get-report="$REPORT_ID" --format="c1645568-627a-11e3-a660-406186ea4fc5" > "scan_report_$(date +%Y%m%d_%H%M%S).csv"
echo "[+] Reports generated successfully"
# Cleanup
echo "[+] Cleaning up"
run_gvmd --delete-task="$TASK_ID"
run_gvmd --delete-target="$TARGET_ID"
else
echo "[-] Scan failed"
exit 1
fi
echo "[+] Automated scan completed"Vulnerability Tracking Script
bash
#!/bin/bash
# Track vulnerability changes over time
TARGETS_FILE="targets.txt"
REPORTS_DIR="vulnerability_reports"
TRENDS_DIR="vulnerability_trends"
mkdir -p "$REPORTS_DIR" "$TRENDS_DIR"
# Function to scan target and generate report
scan_target() {
local target="$1"
local timestamp=$(date +%Y%m%d_%H%M%S)
local report_file="$REPORTS_DIR/${target//\//_}_$timestamp.xml"
echo "[+] Scanning $target"
# Create target
TARGET_ID=$(sudo gvmd --create-target="Tracking_$target" --hosts="$target" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
# Get default config
CONFIG_ID=$(sudo gvmd --get-configs | grep "Full and fast" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
# Get scanner
SCANNER_ID=$(sudo gvmd --get-scanners | grep -oP 'id="[^"]*"' | head -1 | cut -d'"' -f2)
# Create and start task
TASK_ID=$(sudo gvmd --create-task="Tracking_$target" --target="$TARGET_ID" --config="$CONFIG_ID" --scanner="$SCANNER_ID" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
sudo gvmd --start-task="$TASK_ID"
# Wait for completion
while true; do
status=$(sudo gvmd --get-tasks --task-id="$TASK_ID" | grep -oP 'status="[^"]*"' | cut -d'"' -f2)
if [ "$status" = "Done" ]; then
break
elif [ "$status" = "Stopped" ] || [ "$status" = "Interrupted" ]; then
echo "[-] Scan failed for $target"
return 1
fi
sleep 60
done
# Get report
REPORT_ID=$(sudo gvmd --get-reports --task-id="$TASK_ID" | grep -oP 'id="[^"]*"' | head -1 | cut -d'"' -f2)
sudo gvmd --get-report="$REPORT_ID" --format="a994b278-1f62-11e1-96ac-406186ea4fc5" > "$report_file"
# Cleanup
sudo gvmd --delete-task="$TASK_ID"
sudo gvmd --delete-target="$TARGET_ID"
echo "[+] Report saved: $report_file"
# Analyze trends
analyze_trends "$target" "$report_file"
}
# Function to analyze vulnerability trends
analyze_trends() {
local target="$1"
local current_report="$2"
local trend_file="$TRENDS_DIR/${target//\//_}_trends.csv"
# Extract vulnerability counts by severity
high_count=$(grep -c 'threat="High"' "$current_report" 2>/dev/null || echo "0")
medium_count=$(grep -c 'threat="Medium"' "$current_report" 2>/dev/null || echo "0")
low_count=$(grep -c 'threat="Low"' "$current_report" 2>/dev/null || echo "0")
# Add to trend file
if [ ! -f "$trend_file" ]; then
echo "Date,High,Medium,Low,Total" > "$trend_file"
fi
total=$((high_count + medium_count + low_count))
echo "$(date +%Y-%m-%d),$high_count,$medium_count,$low_count,$total" >> "$trend_file"
echo "[+] Trends updated: $trend_file"
}
# Main execution
if [ ! -f "$TARGETS_FILE" ]; then
echo "Creating example targets file: $TARGETS_FILE"
cat > "$TARGETS_FILE" << 'EOF'
192.168.1.0/24
10.0.0.0/24
172.16.0.0/24
EOF
echo "Edit $TARGETS_FILE with your target networks and run again"
exit 1
fi
echo "[+] Starting vulnerability tracking for targets in $TARGETS_FILE"
while IFS= read -r target; do
# Skip empty lines and comments
[[ -z "$target" || "$target" =~ ^#.*$ ]] && continue
scan_target "$target"
# Wait between scans to avoid overloading
sleep 300
done < "$TARGETS_FILE"
echo "[+] Vulnerability tracking completed"
# Generate summary report
python3 << 'EOF'
import csv
import glob
import os
from datetime import datetime
trends_dir = "vulnerability_trends"
summary_file = f"vulnerability_summary_{datetime.now().strftime('%Y%m%d')}.html"
html_content = """
<!DOCTYPE html>
<html>
<head>
<title>Vulnerability Trends Summary</title>
<style>
body { font-family: Arial, sans-serif; margin: 20px; }
table { border-collapse: collapse; width: 100%; margin: 20px 0; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; }
th { background-color: #f2f2f2; }
.high { color: #d32f2f; font-weight: bold; }
.medium { color: #f57c00; font-weight: bold; }
.low { color: #388e3c; }
</style>
</head>
<body>
<h1>Vulnerability Trends Summary</h1>
<p>Generated on: {}</p>
""".format(datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
for trend_file in glob.glob(os.path.join(trends_dir, "*_trends.csv")):
target = os.path.basename(trend_file).replace("_trends.csv", "").replace("_", "/")
html_content += f"<h2>Target: {target}</h2>\n"
html_content += "<table>\n<tr><th>Date</th><th>High</th><th>Medium</th><th>Low</th><th>Total</th></tr>\n"
with open(trend_file, 'r') as f:
reader = csv.DictReader(f)
for row in reader:
html_content += f"""
<tr>
<td>{row['Date']}</td>
<td class="high">{row['High']}</td>
<td class="medium">{row['Medium']}</td>
<td class="low">{row['Low']}</td>
<td>{row['Total']}</td>
</tr>
"""
html_content += "</table>\n"
html_content += """
</body>
</html>
"""
with open(summary_file, 'w') as f:
f.write(html_content)
print(f"Summary report generated: {summary_file}")
EOFCompliance Scanning Script
bash
#!/bin/bash
# Compliance scanning with OpenVAS
# Configuration
COMPLIANCE_TARGETS="compliance_targets.txt"
COMPLIANCE_CONFIGS=(
"PCI-DSS"
"NIST"
"ISO27001"
)
# Function to create compliance scan config
create_compliance_config() {
local compliance_type="$1"
local base_config_id="daba56c8-73ec-11df-a475-002264764cea" # Full and fast
echo "[+] Creating $compliance_type compliance configuration"
CONFIG_ID=$(sudo gvmd --create-config="$compliance_type Compliance" --copy="$base_config_id" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
# Customize config based on compliance type
case "$compliance_type" in
"PCI-DSS")
# Enable PCI-DSS specific tests
sudo gvmd --modify-config="$CONFIG_ID" --nvt-selection="1.3.6.1.4.1.25623.1.0.103692"
;;
"NIST")
# Enable NIST specific tests
sudo gvmd --modify-config="$CONFIG_ID" --nvt-selection="1.3.6.1.4.1.25623.1.0.103693"
;;
"ISO27001")
# Enable ISO27001 specific tests
sudo gvmd --modify-config="$CONFIG_ID" --nvt-selection="1.3.6.1.4.1.25623.1.0.103694"
;;
esac
echo "$CONFIG_ID"
}
# Function to run compliance scan
run_compliance_scan() {
local target="$1"
local compliance_type="$2"
local config_id="$3"
echo "[+] Running $compliance_type compliance scan for $target"
# Create target
TARGET_ID=$(sudo gvmd --create-target="$compliance_type-$target" --hosts="$target" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
# Get scanner
SCANNER_ID=$(sudo gvmd --get-scanners | grep -oP 'id="[^"]*"' | head -1 | cut -d'"' -f2)
# Create task
TASK_ID=$(sudo gvmd --create-task="$compliance_type Compliance - $target" --target="$TARGET_ID" --config="$config_id" --scanner="$SCANNER_ID" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
# Start task
sudo gvmd --start-task="$TASK_ID"
# Wait for completion
while true; do
status=$(sudo gvmd --get-tasks --task-id="$TASK_ID" | grep -oP 'status="[^"]*"' | cut -d'"' -f2)
if [ "$status" = "Done" ]; then
break
elif [ "$status" = "Stopped" ] || [ "$status" = "Interrupted" ]; then
echo "[-] Compliance scan failed for $target"
return 1
fi
sleep 60
done
# Generate compliance report
REPORT_ID=$(sudo gvmd --get-reports --task-id="$TASK_ID" | grep -oP 'id="[^"]*"' | head -1 | cut -d'"' -f2)
timestamp=$(date +%Y%m%d_%H%M%S)
report_file="compliance_${compliance_type}_${target//\//_}_$timestamp.pdf"
sudo gvmd --get-report="$REPORT_ID" --format="c402cc3e-b531-11e1-9163-406186ea4fc5" > "$report_file"
echo "[+] Compliance report generated: $report_file"
# Cleanup
sudo gvmd --delete-task="$TASK_ID"
sudo gvmd --delete-target="$TARGET_ID"
}
# Main execution
if [ ! -f "$COMPLIANCE_TARGETS" ]; then
echo "Creating example compliance targets file: $COMPLIANCE_TARGETS"
cat > "$COMPLIANCE_TARGETS" << 'EOF'
# Compliance scanning targets
# Format: IP/Network
192.168.1.100
192.168.1.0/24
10.0.0.0/24
EOF
echo "Edit $COMPLIANCE_TARGETS with your targets and run again"
exit 1
fi
echo "[+] Starting compliance scanning"
# Create compliance configurations
declare -A CONFIG_IDS
for compliance in "${COMPLIANCE_CONFIGS[@]}"; do
CONFIG_IDS["$compliance"]=$(create_compliance_config "$compliance")
done
# Run scans for each target and compliance type
while IFS= read -r target; do
# Skip empty lines and comments
[[ -z "$target" || "$target" =~ ^#.*$ ]] && continue
for compliance in "${COMPLIANCE_CONFIGS[@]}"; do
run_compliance_scan "$target" "$compliance" "${CONFIG_IDS[$compliance]}"
sleep 60 # Wait between scans
done
done < "$COMPLIANCE_TARGETS"
echo "[+] Compliance scanning completed"Integration with Other Tools
Nmap Integration
bash
# Use Nmap for initial discovery, then OpenVAS for vulnerability assessment
nmap_discover_and_scan() {
local network="$1"
echo "[+] Discovering live hosts with Nmap"
nmap -sn "$network" | grep -oP '\d+\.\d+\.\d+\.\d+' > live_hosts.txt
echo "[+] Found $(wc -l < live_hosts.txt) live hosts"
# Create OpenVAS target with discovered hosts
hosts=$(tr '\n' ',' < live_hosts.txt | sed 's/,$//')
TARGET_ID=$(sudo gvmd --create-target="Nmap Discovered Hosts" --hosts="$hosts" | grep -oP 'id="[^"]*"' | cut -d'"' -f2)
echo "[+] Created OpenVAS target: $TARGET_ID"
# Continue with OpenVAS scan...
}Metasploit Integration
bash
# Export OpenVAS results for Metasploit
export_for_metasploit() {
local report_id="$1"
# Generate XML report
sudo gvmd --get-report="$report_id" --format="a994b278-1f62-11e1-96ac-406186ea4fc5" > openvas_report.xml
# Convert to Metasploit format
python3 << 'EOF'
import xml.etree.ElementTree as ET
import json
# Parse OpenVAS XML
tree = ET.parse('openvas_report.xml')
root = tree.getroot()
# Extract vulnerabilities
vulns = []
for result in root.findall('.//result'):
host = result.find('host').text if result.find('host') is not None else ''
port = result.find('port').text if result.find('port') is not None else ''
nvt = result.find('nvt')
if nvt is not None:
name = nvt.find('name').text if nvt.find('name') is not None else ''
cve = nvt.find('cve').text if nvt.find('cve') is not None else ''
vulns.append({
'host': host,
'port': port,
'name': name,
'cve': cve
})
# Save for Metasploit
with open('metasploit_targets.json', 'w') as f:
json.dump(vulns, f, indent=2)
print(f"Exported {len(vulns)} vulnerabilities for Metasploit")
EOF
}SIEM Integration
bash
# Send OpenVAS alerts to SIEM
send_to_siem() {
local report_id="$1"
local siem_endpoint="$2"
# Generate JSON report
sudo gvmd --get-report="$report_id" --format="5057e5cc-b825-11e4-9d0e-28d24461215b" > openvas_report.json
# Send to SIEM
curl -X POST \
-H "Content-Type: application/json" \
-d @openvas_report.json \
"$siem_endpoint/api/events"
}Troubleshooting
Common Issues
Service Problems
bash
# Check service status
sudo systemctl status gvmd
sudo systemctl status gsad
sudo systemctl status ospd-openvas
# Restart services
sudo systemctl restart gvmd
sudo systemctl restart gsad
sudo systemctl restart ospd-openvas
# Check logs
sudo journalctl -u gvmd -f
sudo journalctl -u gsad -f
sudo journalctl -u ospd-openvas -f
# Check GVM logs
sudo tail -f /var/log/gvm/gvmd.log
sudo tail -f /var/log/gvm/gsad.log
sudo tail -f /var/log/gvm/openvas.logFeed Update Issues
bash
# Check feed sync status
sudo gvm-check-setup
# Manual feed update
sudo greenbone-feed-sync --type GVMD_DATA
sudo greenbone-feed-sync --type SCAP
sudo greenbone-feed-sync --type CERT
# Fix feed permissions
sudo chown -R gvm:gvm /var/lib/gvm/
sudo chmod -R 755 /var/lib/gvm/
# Check disk space
df -h /var/lib/gvm/Database Issues
bash
# Check PostgreSQL status
sudo systemctl status postgresql
# Connect to GVM database
sudo -u postgres psql gvmd
# Rebuild database
sudo gvmd --rebuild
# Check database integrity
sudo gvmd --check-dbScanner Issues
bash
# Check scanner connectivity
sudo gvmd --verify-scanner="scanner-uuid"
# Restart OpenVAS scanner
sudo systemctl restart ospd-openvas
# Check scanner socket
sudo ls -la /var/run/ospd/
# Test scanner manually
sudo ospd-openvas --helpPerformance Optimization
bash
# Increase scanner processes
sudo nano /etc/gvm/ospd-openvas.conf
# Set max_scans = 10
# Set max_checks = 5
# Optimize PostgreSQL
sudo nano /etc/postgresql/*/main/postgresql.conf
# shared_buffers = 256MB
# effective_cache_size = 1GB
# work_mem = 4MB
# Restart services
sudo systemctl restart postgresql
sudo systemctl restart gvmd
sudo systemctl restart ospd-openvasResources
- Official Greenbone Documentation
- OpenVAS GitHub Repository
- GVM Documentation
- Greenbone Community Edition
- OpenVAS NVT Feed
- Vulnerability Management Best Practices
- NIST Vulnerability Management Guide
This cheat sheet provides a comprehensive reference for using OpenVAS for vulnerability assessment and management. Always ensure you have proper authorization before using this tool in any environment.