OpenVAS

OpenVAS is a great open-source vulnerability scanner that comes with Kali

I've used OpenVAS at home both to do scans on legitimate devices (such as my desktop and laptop), IoT devices, and lab devices that I want to test. Below I'll be running through how to start a scan, how to view the results, and how to dig through some of the output it gives you.

First things first, you need to get OpenVAS installed. As with most of the tools I use, OpenVAS comes preinstalled on any recent version of Kali. So to get it started, just go to your applications -> vulnerability scanning -> OpenVAS start. Once you start that, it will pull up a terminal telling you the application has started and it gives you the loopback IP address with the port on which you can access the GUI.

As you can see in the above screenshot, it started it at 127.0.0.1 on the port 9392. Simply browse to that URL to get started with the tool. Once you have the GUI pulled up, it will be at a login page, simply enter your credentials (I believe it asks you to set them up if its the first time starting up) to proceed to the dashboard. Click on the Scans tab -> tasks to open up where you will start your scans from. In the top right you will see a little star icon, click on that then -> new task to pull up the scan dialogue

As you can see in the picture above, the new task screen gives you a lot of options for running a scan against a target, if you haven't set up any targets to scan yet you will have to click on the star to create a new one which will give you another popup. Once your target setup is all done, you can start configuring all of the settings you want for the scan. Towards the top you can schedule the scan to have it scan on a regular interval, towards the bottom you can select to scan for specific CVEs, set how in-depth of a scan you want, and specify how many hosts to scan at the same time if you are doing multiple targets concurrently. As of right now, I usually leave most of those settings alone and for my scan config I usually set it to "full and fast" as you can see above. For more in-depth scans there are options that will be more thorough however they can take much longer to complete. Now click Create!

Now under the tasks you should see the task except it will not have run yet. Unless you configured a schedule for it, you need to click the green and white "play" button on the right to initialize the task. Once that progress bar shows completed (in the upper right hand of the page you can tell it to auto-refresh) you can click on the name of the task and then click on the number next to where it says "reports". Once there it should give you a view like this:

Or if you're scanning something that's actually running multiple services and vulnerable you'll have more hits like my metasploitable box which you can see in the next screenshot (there's a good reason it's named metasploitable)

As you can see, there are a lot more vulnerabilities on the metasploitable VM I have set up. To get a more detailed breakdown, click on the date of the report to view details and it will pull up a page like this

Here you can look around the specific vulnerabilities the scan discovered. Simply click on the name of the vulnerability and it will show all of the details, according CVE name, etc. that's related to the issue.

That is the basics of using OpenVAS and where I will stop for now. There is a lot more I could get into however I might make some sub-pages under this to delve into more specific topics. If you made it this far thank you and I hope you found this useful!