Installing Network Scanning (OpenVAS)
Acunetix On-Premises can be configured to use OpenVAS to perform network scans of the Targets configured in Acunetix. The network scan results will be displayed in the Acunetix portal. This guide shows you how to configure OpenVAS on various Operating Systems, how to configure and use the Greenbone virtual appliance, and how to connect Acunetix On-Premises to each one of these.
NOTE: Network scanning is available to Acunetix Online customers through two of the default scan profiles. When scanning your targets for network vulnerabilities, use either the Full Web and Network Scan or the Network Scan profile. |
Installing GreenBone GVM/OpenVAS V20.08
The most recently tested version of GreenBone GVM/OpenVAS is V20.08. This guide shows you how to set it up in the following ways:
How to install the GreenBone OpenVAS GCE VirtualAppliance for VMWare and VirtualBox
- Download the Greenbone Security Manager VM
- VMWare: https://files.greenbone.net/download/VM/GSM-TRIAL-20.08.7-VMware-Workstation.ova
- VirtualBox: https://files.greenbone.net/download/VM/GSM-TRIAL-20.08.7-VirtualBox.ova
- Import the OVA file.
- Adjust the Network Adapter settings to use a Bridged Adapter. The appliance expects to receive an IP Address from a DHCP Server.
- Start up the Virtual Machine.
- Log in to the Greenbone OS using the default username (admin) and password (admin) to launch the Setup Wizard.
- Create a web administrator account.
- As an example you can set the username to "webadmin" and the password to "webadmin".
- Click Skip to continue with the community feed. You will see a status page, and then you will be taken to the Greenbone OS Administration Menu.
- Trigger a Feed Update from Maintenance > Feed > Update. This needs to finish in order for OpenVAS to work correctly. You can check the status of this operation from the Greenbone OS Administration Menu, in the About section.
- When the update is done, the About section will indicate the Feed Version that you are using and that No system operation is currently running.
- In order for Acunetix to connect to OpenVAS, you will need to enable SSH on OpenVAS. This can be done from the Greenbone OS Administration Menu > Setup > Services > SSH > State.
- Set the SSH State to Enabled.
- If the admin password is still set to the default, you will be prompted to change the password. For example, you can change the password to "Pass123%".
- Save the changes.
- You will also need to enable GMP in OpenVAS. This needs to be done from the Greenbone OS shell, which can be accessed from the Greenbone OS Administration Menu > Advanced > Support > Shell > Continue. From the shell, enter the following command:
gos-state-manager set public_gmp enabled |
- Make this change permanent by executing the following command from the shell:
gos-state-manager save |
- Now you need to enable Acunetix to connect to OpenVAS. From the Acunetix portal:
- Select Network Scanner from the side menu.
- Click Enable.
- Set the Address field to the IP Address of the OpenVAS machine.
- Set the Port field to 22.
- Set the Username field to the username of the HTTP Admin configured above.
- Set the Password field to the password of the HTTP Admin configured above.
- Set the Protocol field to SSH.
- Click Save.
How to install GVM/OpenVAS V20.08 on Kali Linux
- Install OpenVAS:
sudo apt install gvm |
- Launch the OpenVAS setup process:
sudo gvm-setup |
- During the installation take note of the password used to create the OpenVAS Administrator.
- By default, OpenVAS listens on 127.0.0.1. If Acunetix is going to run on a different machine, OpenVAS needs to be configured to listen on the machine’s IP address:
- For the GVM Web Interface, open /lib/systemd/system/greenbone-security-assistant.service:
sudo nano /lib/systemd/system/greenbone-security-assistant.service. |
- Change: ExecStart=/usr/sbin/gsad --listen=127.0.0.1 --port=9392
- To: ExecStart=/usr/sbin/gsad --listen=internal_ip --port=9392 --mlisten=internal_ip --mport=9390
- For the GVM Network Service, open /lib/systems/system/gvmd.service:
sudo nano /lib/systemd/system/gvmd.service |
- Change:
ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock
- to:
ExecStart=/usr/sbin/gvmd --listen=internal_ip --port=9390 --osp-vt-update=/run/ospd/ospd.sock
- Now you need to get gvm to build its vulnerability databases. Run the following commands:
sudo systemctl daemon-reload sudo gvm-start |
- Wait for the process to complete. This can take some time. You can tell that the process is still incomplete because the screens in the SecInfo menu will complain that the SCAP database is not present.
- If you wish to get the Greenbone/OpenVAS services running at reboot:
- Edit the crontab for root with:
sudo crontab -e |
- Add the following to the root crontab:
@reboot gvm-start |
- Reboot your machine
- Now you need to enable Acunetix to connect to OpenVAS. From the Acunetix portal:
- Select Network Scanner from the side menu.
- Click Enable.
- Set the Address field to the IP Address of the OpenVAS machine (or "127.0.0.1" if OpenVAS and Acunetix are on the same machine).
- Set the Port field to 9390.
- Set the Username field to admin.
- Set the Password field to the password of the HTTP Admin from step 3 above.
- Set the Protocol field to OMP.
- Click Save.
Previous Versions of OpenVAS
Here's how to set up a previous version on Debian 10 or Ubuntu 18.04.2 LTS:
Installing OpenVAS on Debian (V10) or Ubuntu (Version 18.04.2 LTS or later)
- Install OpenVAS:
sudo apt-get install openvas |
- During the installation you will see a dialog about enabling the "redis" database. You will need to answer Yes to this dialog.
- Create or edit the following file:
sudo nano /etc/openvas/openvassd.conf |
- If the ‘kb_location’ is not present in openvassd.conf, add it as follows:
kb_location=/var/run/redis/redis.sock |
- Exit nano and save openvassd.conf.
- By default, OpenVAS listens on 127.0.0.1. If Acunetix is going to run on a different machine, OpenVAS needs to be configured to listen on the machine’s IP address:
- Open /lib/systemd/system/openvas-manager.service:
sudo nano /lib/systemd/system/openvas-manager.service |
- Change:
ExecStart=/usr/sbin/openvasmd --listen=127.0.0.1 --port=9390 --database=/var/lib/openvas/mgr/tasks.db
to:
ExecStart=/usr/sbin/openvasmd --listen=internal_ip --port=9390 --database=/var/lib/openvas/mgr/tasks.db
- Launch the OpenVAS setup process:
sudo openvas-setup |
- During the installation, take note of the password used to create the OpenVAS Administrator.
- Reboot the openVAS machine.
- Run the following commands:
sudo openvasmd --rebuild sudo systemctl daemon-reload sudo openvas-stop sudo openvas-start |
- Now you need to enable Acunetix to connect to OpenVAS. From the Acunetix portal:
- Select Network Scanner from the side menu.
- Click Enable.
- Set the Address field to the IP Address of the OpenVAS machine (or "127.0.0.1" if OpenVAS and Acunetix are on the same machine).
- Set the Port field to 9390.
- Set the Username field to admin.
- Set the Password field to the password of the HTTP Admin from step 3 above.
- Set the Protocol field to OMP.
- Click Save.