Vulnerability assessment tools play a very important role in penetration testing. These tools help a pen-tester in analyzing vulnerabilities and weaknesses in the current system. Vulnerability assessment can be performed over a variety of services and software based on the requirement. OpenVAS is an open source vulnerability-scanning framework specifically designed to dig out vulnerabilities under various scenarios.
To start working with OpenVAS, browse to Applications | Kali Linux | Vulnerability Analysis | OpenVAS.
If you are starting it for the first time, run openvas-setup to update the software and start all of the required plugins and dependencies.
The next step will be to add a new user to OpenVAS. Pass on the following command to the terminal:
You can skip the rule creation process by pressing Ctrl + D. We can use the following command to regularly update the framework with new signatures and dependencies:
Now, we are all set to load the framework and begin our assessment task. Browse to Applications | Kali Linux | Vulnerability Analysis | OpenVAS | openvas-gsd. This will launch the GUI framework and prompt for the login details. Enter the credentials that you set up earlier and provide the local server address.
After logging in, you can begin your scanning process. To get started with your first scan, navigate to Task | New. Fill in a task name and the required scan mode as shown in the following screenshot:
Once the task is created, you will notice that the task is listed at the bottom part of the interface. Click on the Start button to begin scanning.