### ~ Cpl Potter, Nicholas ### This is the SOP for setting up OpenVas ## Installing OpenVas via Terminal 1. Install VMware Kali Linux from [Kali's Website](https://www.kali.org/get-kali/#kali-virtual-machines "https://www.kali.org/get-kali/#kali-virtual-machines") 2. Run commands to make sure your Kali instance is up to date before installing OpenVas (You will need an internet connection to run these properly) ```bash sudo apt update ``` ```bash sudo apt upgrade -y ``` - The -y will push a Yes to any user input prompts ```bash sudo apt dist-upgrade -y ``` ```bash sudo apt install openvas ``` ### OpenVas is now installed now we have to setup the web interface ```bash sudo gvm-check-setup ``` (This will verify the installation)  ![alt text](check-setup.png) ```bash sudo gvm-setup ``` - If gvm-setup does not work you will need to upgrade postgresql ```bash sudo pg_lsclusters ``` (If you have 2 versions shown follow the rest) ![alt text](lsclusters.png) ```bash sudo pg_dropcluster 'enter the newest version number' main --stop ``` ```bash sudo pg_upgradecluster 'enter the older versions number' main ``` ```bash sudo pg_dropcluster 'enter the old version number' main ``` ```bash sudo apt purge postgresql-client-15 ``` - now try running sudo gvm-setup ## Starting and stopping OpenVas ```bash sudo gvm-start ``` (Starts the web interface) 2. open browser and navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392") 127.0.0.1:9392 - Will bring you to a greenbone login screen ```bash sudo gvm-stop ``` (Stops the web interface) ## Creating Users 1. In your terminal ```bash sudo runuser -u _gvm -- gvmd --create-user=username --new-password=password ``` - This command will generate a hash value for the password which will be used to login to the web interface ![alt text](NewUser.png) ## Changing Password to Standard 1. Navigate to [Web Interface](https://127.0.0.1:9392/ "https://127.0.0.1:9392") 2. Login with your created username and the hashed password generated from the terminal - DO NOT LOSE THE HASHED PASSWORD 3. Click on the person in the top right corner and click my settings ![alt text](person.png) 4. On the My Settings page click the Pen and Paper in the top left above the Gear ![alt text](PenAndPaper.png) 5. Enter the Hashed Password in the Old text box and your Standard Password in the New and Confirm boxes ![alt text](PasswordBox.png) 6. Click save and log back in using new password # Making Web Interface Accessible from Internal Network 1. Stop the web service ```bash sudo gvm-stop ``` 2. Make sure your workstation IP is the IP you want your web interface to have. ![alt text](openvasip.png) 3. Use your preferred text editor in terminal and navigate to /usr/lib/systemd/system/greenbone-security-assistance.service ![alt text](vim.png) 4. Once in the text editor, go down to the ExecStart line and change the IP from loopback (127.0.0.1) to 0.0.0.0. Leave the port alone. ![alt text](IPchange.png) 5. Exit and save changes to that file then reload the daemon ```bash sudo systemctl daemon-reload ``` 6. Start the web interface and if your workstation is in the Networks IP range you can access the Web Interface IP. ```bash sudo gvm-start ``` # Creating Targets 1. Access the webserver for [Openvas](https://127.0.0.1:9392/ "https://127.0.0.1:9392") ![alt text](Dashboard.png) 2. Hover over the Configuration tab and click on Targets ![alt text](Targets.png) 3. Once on the Targets page select the Paper with the star on it in the top left to create a new target ![alt text](newtarget.png) 4. A screen will pop up. Give it a descriptive name for the target range, add comments if necessary, put the network range in **x.x.x.x/xx** format and select the Port Range to scan from then click save. _Port ranges will be made later_ ![alt text](targetinfo.png) # Creating Port Lists 1. Follow Step 1-3 from creating a target **(Selecting Port Lists instead of Targets on Step 2)** 2. Put a descriptive name and a comment if needed. Then fill in your port range **(This field will give you an example of how to define your port ranges T:xx-xx,xx,U:xx-xx,xx)** Then click save ![alt text](newportlist.png)