GVM Framework Architecture:

Vulnerability/Information Feed (NVT, SCAP CERT, User Data, Community Feed)

Back-End (OSP, OpenVAS, Targets)

Front-End (GSA, Web Interfaces)

Installing OpenVAS:

Option 1: Install from Kali/OpenVAS repositories

Command used: apt-get install software-properties-common && add-apt-repository ppa:mrazavi/openvas

Option 2: Install from Source

Option 3: Run from Docker (Preferred)

1. apt install

2. docker run -d -p 443:443 --name openvas mikesplain/openvas

Initial Configuration:

Scanning report:

Scanning Infrastructure:

Creating a Task

  1. Name: Allows us to set the name the scan will be known as inside of OpenVAS
  2. Scan Targets: The targets to scan, can include Hosts, Ports, and Credentials. To create a new target you will need to follow another pop-up, this will be covered later in this task.
  3. Scanner: The scanner to use by default will use the OpenVAS architecture however you can set this to any scanner of your choosing in the settings menu.
  4. Scan Config: OpenVAS has seven different scan types you can select from and will be used based on how you aggressive or what information you want to collect from your scan.

Reporting and Continuous Monitoring:

Practical Vulnerability Management:




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics