Posted on Leave a comment

Vulnerability assessment with OpenVAS

NOTE: This howto is a part of a series of Metasploitable Tutorials but can also be read separately.

Good morning friends. In one of our previous howto’s, we saw how to install OpenVAS in Kali Linux. Today we will see how to perform a vulnerability assessment with OpenVAS. The target on which I have performed this vulnerability assessment is Metasploitable. Start Kali Linux ( The system on which we have installed OpenVAS,,, obviously). Open a terminal and type the following commands as underlined below.

openvass1

Then  open a browser and direct the browser to port no 9392 as shown below. You should get the following interface.

openvass2

We will perform a quick scan. In the blank given, enter the IP address of our target as shown below and click on “Start Scan” as shown below.

openvass3

 

The scan will run as shown below. It will take quite a bit of a long time. So I would suggest you go and eat some pani puri and come back.

openvass4

Once you are back, the scan should be finished and will look as shown below. Click on the link shown below.

openvass5

You should get a general summary of the scan.

openvass6

Now let us see the scan report. Go to “Scan Management” tab and click on Reports as shown below. It will show you a list of scans we performed. In our case, there is only one scan.

openvass7

Now click on the scan as shown below.

openvass8

This is our entire scan report with all the vulnerabilities existing in our target classified from high to low.

openvass9

openvass10

openvass11

openvass12

In our next howtos, we will see how to exploit all these ( which means most of them ) vulnerabilities. Until then, Good bye.


Leave a Reply