Installing Network Scanning (OpenVAS)
Acunetix Premium can be configured to use OpenVAS to perform network scans of the Targets configured in Acunetix. The network scan results will be displayed in the Acunetix UI. The following will show how to configure OpenVAS on various Operating Systems, how to configure and use the Greenbone virtual appliance, and how to connect Acunetix to each one of these.
Installing GreenBone GVM/OpenVAS V20.08
The most recently tested version of GreenBone GVM/OpenVAS is V20.08. Hereunder are details about setting up in the following ways:
- Using the GreenBone Virtual Appliance
- Installing on Kali Linux
Installing the GreenBone OpenVAS GCE VirtualAppliance for VMWare and VirtualBox
- Download the Greenbone Security Manager VM here
- VMWare: https://files.greenbone.net/download/VM/GSM-TRIAL-20.08.7-VMware-Workstation.ova
- VirtualBox: https://files.greenbone.net/download/VM/GSM-TRIAL-20.08.7-VirtualBox.ova
- Import the OVA file
- Adjust the Network Adapter settings to use a Bridged Adapter; the appliance expects to receive an IP Address from a DHCP Server
- Start up the Virtual Machine
- Login to the Greenbone OS using the default username (admin) and password (admin) to launch the Setup Wizard
- Create a web administrator account
- As an example you can set the username to "webadmin" and the password to "webadmin"
- Continue with the community feed by clicking on the "Skip" button
- You will see a status page, and then you will be taken to the Greenbone OS Administration Menu
- Trigger a Feed Update from Maintenance -> Feed -> Update. This needs to finish in order for OpenVAS to work correctly. You can check the status of this operation from the Greenbone OS Administration Menu, in the About section
- When the update is done, the About section will indicate the Feed Version that you are using and that "No system operation is currently running".
- In order for Acunetix to connect to OpenVAS, you will need to enable SSH on OpenVAS. This can be done from the Greenbone OS Administration Menu > Setup > Services > SSH > State
- Set the SSH State to Enabled
- If the admin password is still set to the default, you will be prompted to change the password; for example, you can change the password to "Pass123%"
- Note that you must keep this password safe
- Save the changes.
- You will also need to enable GMP in OpenVAS. This needs to be done from the Greenbone OS shell, which can be accessed from the Greenbone OS Administration Menu > Advanced > Support > Shell > Continue. From the shell, enter the following command:
gos-state-manager set public_gmp enabled |
- Make this change permanent by executing the following command from the shell:
gos-state-manager save |
- You will now need to enable Acunetix to connect to OpenVAS. From the Acunetix Web Interface:
- Select "Network Scanner" from the sidebar
- Click the "Enable" button
- Set the "Address" field to the IP Address of the OpenVAS machine
- Set the "Port" field to "22"
- Set the "Username" field to the username of the HTTP Admin configured above
- Set the "Password" field to the password of the HTTP Admin configured above
- Set the "Protocol" field to "SSH"
- Click the "Save" button
Installing GVM/OpenVAS V20.08 on Kali Linux
- Install OpenVAS:
sudo apt install gvm - Launch the OpenVAS setup process:
sudo gvm-setup - During the installation take note of the password used to create the OpenVAS Administrator.
- By default, OpenVAS listens on 127.0.0.1. If Acunetix is going to run on a different machine, OpenVAS needs to be configured to listen on the machine’s IP address:
- For the GVM Web Interface:
- Open /lib/systemd/system/greenbone-security-assistant.service:
sudo nano /lib/systemd/system/greenbone-security-assistant.service - Change:
ExecStart=/usr/sbin/gsad --listen=127.0.0.1 --port=9392 - to:
ExecStart=/usr/sbin/gsad --listen=internal_ip --port=9392 --mlisten=internal_ip --mport=9390
- For the GVM Network Service:
- Open /lib/systems/system/gvmd.service:
sudo nano /lib/systemd/system/gvmd.service
- Change:
ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock
- to:
ExecStart=/usr/sbin/gvmd --listen=internal_ip --port=9390 --osp-vt-update=/run/ospd/ospd.sock
- Now we need to get gvm to build its vulnerability databases.
- Run the following commands:
sudo systemctl daemon-reload
sudo gvm-stop
sudo gvm-start
- ...and wait for the process to complete. This can take some time, and you can realise that the process is still incomplete because the screens in the SecInfo menu will complain that the SCAP database is not present.
- If you wish to get the Greenbone/OpenVAS services running at reboot:
- Edit the crontab for root with
sudo crontab -e
- Add the following to the root crontab:
@reboot gvm-start
- Reboot your machine
- You will now need to enable Acunetix to connect to OpenVAS. From the Acunetix Web Interface:
- Select "Network Scanner" from the sidebar
- Click the "Enable" button
- Set the "Address" field to the IP Address of the OpenVAS machine (or "127.0.0.1" if OpenVAS and Acunetix are on the same machine)
- Set the "Port" field to "9390"
- Set the "Username" field to "admin"
- Set the "Password" field to the password of the HTTP Admin from step 3 above
- Set the "Protocol" field to "OMP"
- Click the "Save" button
Previous Versions of OpenVAS
Hereunder are details about setting up a previous version on Debian 10 or Ubuntu 18.04.2 LTS
Installing OpenVAS on Debian (V10) or Ubuntu (Version 18.04.2 LTS or later)
- Install OpenVAS:
sudo apt-get install openvas
- During the installation you will see a dialog about enabling the "redis" database. You will need to answer "Yes" to this dialog.
- Create or edit the following file:
sudo nano /etc/openvas/openvassd.conf - If the ‘kb_location’ is not present in openvassd.conf, add it as follows:
kb_location=/var/run/redis/redis.sock - Exit nano and save openvassd.conf.
- By default, OpenVAS listens on 127.0.0.1. If Acunetix is going to run on a different machine, OpenVAS needs to be configured to listen on the machine’s IP address:
- Open /lib/systemd/system/openvas-manager.service:
sudo nano /lib/systemd/system/openvas-manager.service - Change:
ExecStart=/usr/sbin/openvasmd --listen=127.0.0.1 --port=9390 --database=/var/lib/openvas/mgr/tasks.db
to:
ExecStart=/usr/sbin/openvasmd --listen=internal_ip --port=9390 --database=/var/lib/openvas/mgr/tasks.db
- Launch the OpenVAS setup process:
sudo openvas-setup - During the installation take note of the password used to create the OpenVAS Administrator.
- Reboot the openVAS machine.
- Run the following commands:
sudo openvasmd --rebuild
sudo systemctl daemon-reload
sudo openvas-stop
sudo openvas-start
- You will now need to enable Acunetix to connect to OpenVAS. From the Acunetix Web Interface:
- Select "Network Scanner" from the sidebar
- Click the "Enable" button
- Set the "Address" field to the IP Address of the OpenVAS machine (or "127.0.0.1" if OpenVAS and Acunetix are on the same machine)
- Set the "Port" field to "9390"
- Set the "Username" field to "admin"
- Set the "Password" field to the password of the HTTP Admin from step 3 above
- Set the "Protocol" field to "OMP"
- Click the "Save" button