Vulnerability Assessment using OpenVas – First Scan

November 16, 2016 | Views: 12845

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here


Vulnerability assessment is one of the steps of penetration testing. It can be described as the procedure where the penetration tester scans the system for vulnerabilities in order to gain access to the system. A vulnerability can be a weakness point, a failure even a miss-configured file that a pentester or an attacker can exploit to obtain unauthorised access to the system. Vulnerability scanning can be accomplished automatically via vulnerability assessment tools such as OpenVas, Nessus etc.

“ Be able to discover the vulnerabilities of your system before an attacker does ”

Vulnerability Assessment Steps


** TIP

Vulnerability Assessment Vs Penetration Testing 

The difference between VA and PT is that during the penetration testing you aim to gain unauthorised access to the system but during the vulnerability assessment you should bypass this step and proceed to the report. This point should be cleared on the contract between you and management before the test.

Common Vulnerabilities and Exposures (CVE® |

CVE can be described as an “index” of known security vulnerabilities. Using CVE’s identifiers you can easily search for the details of a specific vulnerability in different security databases. When you find a vulnerability during scanning procedure you can fast access a CVE database to read information about the vulnerability and information about countermeasures.

How CVE works

There is a unique identifier number (CVE-2016-8858)

All known vulnerabilities are saved to such database with informations like brief description, solution, relevant references.


OpenVas (Open Vulnerability Assessment System)

OpenVas is an open source vulnerability scanning tool. In this example we will use OpenVas to scan a target machine for vulnerabilities. We will also use two virtual machines in an isolated virtual environment. Our host machine will be a kali linux vm and we are going to scan a virtual machine with metasploitable framework which is by default full of vulnerabilities.

STEP 1 / Starting OpenVas Services

To Start OpenVas Services we can find it in Applications in the section of Vulnerability Analysis


STEP 2 / Loading OpenVas Interface

To load OpenVas Interface you should open iceweasel and type By default OpenVas run on port 9392. For credentials you can use U:admin P:letmein 


STEP 3 / Creating New Target

To perform a new scan we have to create our target first. To do that you can go to Targets through the Configuration button in the menu bar To create your target click on the star button.        



A new window will open. Fill the fields according to needs of the assessment. In this example we will use the IP of the target machine manually.    



STEP 4 / Creating New Task

Immediately after the creation of our target we will proceed to the task section in order to create a new task for our new target. To create a new task we have to move on the task section from the menu bar as the images illustrate. To create new task we should click on the star button.        


The next move is to fill the fields with the necessary details. On the “Scan Targets” we choose the target that we have created before. Furthermore, for the purposes of this example we will choose the default OpenVas Scanner.


STEP 5 / Start Scanning

We almost finished. Now we can start scanning our target (click on the play button) and wait until it finish. 



STEP 6 / Study the Results and Export your Report

When the scan will be completed you are able to see the details of each vulnerability that has been found during the scanning procedure. As you can see in the image below in our report there are a lot of critical vulnerabilities. This is because we scanned a vm with metasploitable framework which is by default a vulnerable machine. At this point your employer needs to read your own report not the exported report of OpenVas. So, the best practise is to write your own report listing your findings including suggestions and advices.     



Keep in mind that Intrusion Detection Systems (IDS) can detect such activities.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. off the chain tight info !!!!!!!!!!!!!
    keep up the awesome work …..

  2. I want to iterate that last sentence again because it’s so important.
    Openvas is noisy. Any security administrator worth thier salt shold be able to detect a normal run of openvas on thier system.
    However, if you have an idea of the internal infrastructure of a company, you can get a good sense of what you should be teating by running openvas of a simulation of the infrastructure.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



We recommend always using caution when following any link

Are you sure you want to continue?