GVM (Greenbone Vulnerability Management), formerly known as OpenVAS, is an enterprise-grade open-source vulnerability scanner. It provides a web-based interface (GSA), comprehensive NVT (Network Vulnerability Tests) feed, detailed reporting, and API access for automated security assessments and compliance auditing.
# Latest stable version
docker pull greenbone/openvas:latest
# Specific version
docker pull greenbone/openvas:23.4
# Simple single container (basic setup)
docker run -d -p 9392:9392 \
-v gvm-data:/data \
--name openvas \
greenbone/openvas:latest
# Access at https://localhost:9392
version: '3.8'
services:
openvas:
image: greenbone/openvas:latest
ports:
- "9392:9392"
volumes:
- gvm-data:/data
environment:
- ADMIN_USERNAME=admin
- ADMIN_PASSWORD=changeme
restart: unless-stopped
postgres:
image: greenbone/postgres:13
volumes:
- postgres-data:/var/lib/postgresql/data
environment:
- POSTGRES_PASSWORD=gvm
restart: unless-stopped
volumes:
gvm-data:
postgres-data:
docker-compose up -d
sudo apt-get update
sudo apt-get install -y \
cmake \
pkg-config \
libglib2.0-dev \
libgpgme-dev \
libgnutls28-dev \
uuid-dev \
libssh-dev \
libhiredis-dev \
libxml2-dev \
libpcap-dev \
libnet-dev \
clang \
libksba-dev
git clone https://github.com/greenbone/openvas.git
cd openvas
mkdir build && cd build
cmake ..
make
sudo make install
git clone https://github.com/greenbone/gvmd.git
cd gvmd
mkdir build && cd build
cmake ..
make
sudo make install
git clone https://github.com/greenbone/gsa.git
cd gsa
npm install
npm run build
# Check OpenVAS version
openvas --version
# Check GVM daemon
gvmd --version
# Test service startup
systemctl start openvas
systemctl start gvmd
# After container startup (wait 2-3 minutes)
# Access web interface
https://localhost:9392
# Default credentials:
# Username: admin
# Password: admin
# Change password immediately after login
# Check container logs
docker logs openvas
# Verify ports open
netstat -tlnp | grep 9392
ss -tlnp | grep 9392
# Test connectivity
curl -k https://localhost:9392
# Create user for GVM
sudo useradd -m -s /bin/bash gvm
# Initialize database
sudo su - gvm
gvmd --create-admin admin
sudo systemctl start openvas
sudo systemctl start gvmd
sudo systemctl start gsad # GVM web service
# Open browser
https://localhost:9392
# Login with created credentials
# Main overview
- Vulnerability count
- CVE severity distribution
- Task status summary
- System health
- Recent activities
Home
├── Dashboards
├── Scans
│ ├── Tasks
│ ├── Targets
│ ├── Scan Configs
│ ├── Scan Schedules
│ └── Reports
├── Assets
│ ├── Hosts
│ ├── Operating Systems
│ ├── Services
│ └── NVTs
├── Configuration
│ ├── Users
│ ├── Roles
│ ├── Alerts
│ └── Preferences
└── Administration
├── NVT Feeds
├── Tasks
└── Performance
# Steps via GSA:
1. Click "Assets" → "Targets" → "Create Target"
2. Enter target name
3. Enter IP address or hostname
4. Allow/Deny rules (optional)
5. Port list (SSH, HTTP, HTTPS, etc.)
6. Save
| Option | Description |
|---|
| Target Name | Unique identifier for the target |
| Allow Hosts | IP range (192.168.1.0/24, 10.0.0.1-10.0.0.255) |
| Exclude Hosts | IPs to skip during scan |
| Port List | Open ports to scan (22, 80, 443, etc.) |
| Credentials | SSH, SMB, SNMP for deeper scanning |
# Via CSV or API
# Format: target_name, ip/range, port_list
# Default port lists:
- OpenVAS Default NVT Ports (common ports)
- All TCP Ports (1-65535)
- Nessus Ports
- Custom (22, 80, 443, 3306, etc.)
| Profile | Purpose | Speed |
|---|
| Full and fast | Comprehensive scan, common NVTs | Fast |
| Full and very deep | Exhaustive testing, all NVTs | Slow |
| System Discovery | Network reconnaissance | Very fast |
| Empty | Custom configuration | Varies |
# Via GSA:
1. Click "Configuration" → "Scan Configs"
2. Create New Config
3. Select base profile
4. Adjust NVT selection
5. Set timeout per NVT
6. Configure performance options
# Include specific vulnerability tests
- Authentication tests
- Default credentials
- Buffer overflows
- SQL injection
- XSS vulnerabilities
- Weak encryption
# Scan options:
- Parallel NVT execution (default: 4)
- Timeout per NVT (default: 300s)
- Network timeout
- Memory limit
- Report format
# Via GSA:
1. Click "Scans" → "Tasks"
2. Create Task
3. Select Target
4. Select Scan Config
5. Set Preferences (timing, credentials)
6. Run/Schedule
# Steps:
1. Create task
2. Click "Start Scan" or play icon
3. Monitor progress in Task details
4. Wait for completion
# Recurring scan setup:
1. Create Task
2. Set Schedule
3. Daily/Weekly/Monthly/Custom
4. Set timezone
5. Enable email alerts (optional)
# Example: Weekly scan every Monday 2 AM
# Cron expression: 0 2 * * 1
# During scan:
- Live vulnerability count
- NVTs completed vs. remaining
- Estimated time remaining
- Current NVT being tested
- Scan status (Running, Paused, Stopped)
# Via GSA Task detail:
- Pause button: Temporarily halt scan
- Resume button: Continue paused scan
- Stop button: Terminate current scan
- Delete: Remove task entirely
# Via GSA:
Administration → NVT Feed
# Shows:
- Last feed update time
- Number of loaded NVTs
- Feed type (Greenbone Feed, Community Feed)
# Inside container
docker exec openvas greenbone-nvt-sync
# Wait for sync to complete (10-30 minutes)
docker logs openvas --follow | grep "NVT"
# Docker configuration:
# Edit container to enable auto-sync
docker run ... -e GREENBONE_FEED_SYNC=1 ...
# Via cron (source installation):
# Add to crontab:
0 */4 * * * /usr/local/bin/greenbone-nvt-sync
# Available feeds:
- Greenbone Community NVT Feed (free)
- Greenbone Enterprise NVT Feed (paid)
- Custom NVT repositories
# NVT count:
- Community: ~50,000+ NVTs
- Enterprise: ~60,000+ NVTs
# Via GSA:
Configuration → Credentials → Create Credential
# Credential types:
- SSH (username/password or key)
- SMB (Windows username/password)
- SNMP (community string or SNMPv3)
- PostgreSQL
- ESXi/vCenter
# Steps:
1. Credentials → Create
2. Type: SSH
3. Username
4. Either password OR private key
5. Port (default 22)
6. Save
# Steps:
1. Credentials → Create
2. Type: SMB
3. Domain (or leave blank)
4. Username
5. Password
6. Save
# Steps:
1. Edit Target
2. Add SSH Credential
3. Add SMB Credential
4. Add SNMP Credential (if applicable)
5. Save
# Deeper vulnerability detection:
- Local file access
- Registry inspection (SMB)
- Service enumeration
- Configuration review
- Patch level detection
- User account enumeration
| Format | Purpose | Details |
|---|
| CSV | Data analysis | Spreadsheet-compatible |
| PDF | Management review | Professional formatting |
| HTML | Quick review | Browser-viewable |
| XML | System integration | Structured data |
| TXT | Simple report | Text format |
# Via GSA:
1. Scans → Reports
2. Select completed scan
3. Click "Download Report"
4. Select format
5. Download
# Or Generate New:
1. Tasks → Select Task
2. "Report" button
3. Format selection
4. Generate
# Report options:
- Include/exclude rows
- Filter by severity
- Include/exclude notes
- Configure headers/footers
- Add company branding (enterprise)
# Typical report includes:
- Executive Summary
- Vulnerability Breakdown by Severity
- Affected Hosts
- Vulnerability Details (CVE, CVSS, Solution)
- Configuration Review
- Compliance Findings
- Recommendations
| Policy | Configuration |
|---|
| Lightweight | Minimal NVTs, fast scan |
| Simple Network Scan | Common ports and services |
| Full Scan | All NVTs and ports |
| Database Assessment | Database-focused NVTs |
| Web Application | Web app vulnerabilities |
| Compliance | Compliance-focused checks |
# Steps:
1. Configuration → Scan Configs
2. "Create New Config"
3. Select Base Policy
4. Modify NVTs
5. Adjust timeouts
6. Save as New Policy
# Options:
- Max parallel NVTs: 1-32 (higher = faster, more resources)
- Timeout per NVT: 60-3600 seconds
- Allow KB timeout: Enable/disable
- Optimize for memory vs. speed
# Via GSA:
Scans → Schedules → Create Schedule
# Options:
- Once (one-time)
- Hourly
- Daily (specific time)
- Weekly (day + time)
- Monthly (date + time)
- Yearly
# Steps:
1. Set schedule frequency
2. Set timezone (important!)
3. Set start time
4. Optional: Set end time (max duration)
5. Select email alert recipients
6. Save schedule
# Steps:
1. Create/Edit Task
2. Set Schedule
3. Select from existing schedules
4. Save Task
# Task will auto-run on schedule
# Via Task list:
- View next run time
- View last run time
- View scan duration
- View vulnerability trends
# GVM provides compliance scanning for:
- PCI DSS
- HIPAA
- NIST
- SOC 2
- CIS Benchmarks
- Custom policies
# Steps:
1. Create Target (compliance hosts)
2. Select Compliance Scan Config
3. Add credentials (SMB, SSH)
4. Run scan
5. Generate Compliance Report
# Includes:
- Compliance status per host
- Failed controls
- Severity of violations
- Remediation guidance
- Evidence for auditors
# GVM Management Protocol (GMP)
# XML-based API for automation
# Default port: 9392
# GMP authentication:
curl -k --user admin:password \
https://localhost:9392
# GMP XML request:
<create_task>
<name>API Task</name>
<target id="target_id"/>
<config id="config_id"/>
<preferences>
<preference>
<scanner_name>port_timeout</scanner_name>
<value>300</value>
</preference>
</preferences>
</create_task>
curl -k --user admin:password \
'https://localhost:9392' \
-X POST -d '<get_targets/>'
curl -k --user admin:password \
'https://localhost:9392' \
-X POST \
-d '<get_reports task_id="UUID"/>'
from gvm.connections import SSHConnection
from gvm.protocols import Gmpv214
# Connect
connection = SSHConnection(hostname='localhost', timeout=60)
gmp = Gmpv214(connection)
# Authenticate
gmp.authenticate('admin', 'password')
# List targets
targets = gmp.get_targets()
print(targets)
# Create task
response = gmp.create_task(
name='API Scan',
config_id='config_id',
target_id='target_id'
)
# Via GSA:
Configuration → Alerts → Create Alert
# Alert triggers:
- Task Done
- Task Error
- Scan Done
- Security event
# Notification methods:
- Email
- HTTP GET/POST
- Syslog
- Slack (webhook)
- Custom script
# Steps:
1. Alerts → Create
2. Condition: Task Done
3. Method: Email
4. Recipients: admin@company.com
5. Save
# Configure SMTP:
Administration → Settings → Email Configuration
# Task Done Email:
Subject: GVM Scan Complete
Body: Task "Weekly Scan" completed with X vulnerabilities found
- Critical: 2
- High: 5
- Medium: 12
| Profile | Use Case | Duration |
|---|
| Discovery | Network reconnaissance | 15 min |
| Full and Fast | Standard vulnerability scan | 30-60 min |
| Full and Very Deep | Thorough assessment | 2-4 hours |
| Database Assessment | Database servers | 30-90 min |
| Web Application | Web apps only | 20-45 min |
# Adjust parallel NVT execution:
Configuration → Preferences
# Settings:
- Parallel NVTs: 4-16 (higher = faster)
- Timeout per NVT: 300-600 seconds
- Memory limits
- Network bandwidth throttling
# For PostgreSQL backend:
# Increase work_mem
# Increase shared_buffers
# Increase maintenance_work_mem
# Run VACUUM periodically
# Run scanner near targets
# Use separate VLAN for scans
# Limit scan threads to avoid network saturation
# Schedule heavy scans during off-hours
| Issue | Solution |
|---|
| High memory usage | Reduce parallel NVTs, increase timeout |
| Slow scans | Reduce NVT count, check network latency |
| Connection refused | Verify port open, check firewall rules |
| NVT feed outdated | Run feed sync, check feed subscription |
| Credentials not working | Verify service running, test credentials manually |
| Report generation fails | Check available disk space, restart services |
- Schedule scans during off-hours to minimize network impact
- Update NVT feed regularly (daily or weekly)
- Use credentials for deeper vulnerability detection
- Create separate targets/tasks for different networks
- Review reports weekly and track remediation
- Set severity thresholds for alerts (don’t alert on low)
- Archive old reports for compliance tracking
- Test scan configs on test systems first
- Document all scans for compliance audits
- Keep scanner system patched and secured
- Isolate scanner on separate network segment
- Use strong credentials for admin accounts
- Disable default accounts after setup
# Official documentation
https://docs.greenbone.net/
# Community forums
https://community.greenbone.net/
# GitHub repositories
https://github.com/greenbone/
# GVM Feeds
https://www.greenbone.net/en/feeds/
# OpenVAS releases
https://www.openvas.org/
