OpenVAS

The Open Vulnerability Assessment Scanner (OpenVAS) is a network vulnerability scanner in Kali Linux. A penetration test should always include a vulnerability assessment of the target system, and OpenVAS does a good job of identifying vulnerabilities on the network side. OpenVAS is a fork of Nessus, one of the leading vulnerability scanners in the market, but its feeds are completely free and licensed under GPL. The latest version of Kali Linux doesn't include OpenVAS, but it can be easily downloaded and installed using APT as follows:

$ apt-get install openvas  

Once installed in Kali Linux, OpenVAS requires an initial configuration before you start using it. Go to Applications | Vulnerability Analysis, and select OpenVAS initial setup. Kali Linux needs to be connected to the internet to complete this step as the tool downloads all of the latest feeds and other files. At the end of the setup, a password is generated, which is to be used during the login of the GUI interface:

You can now open the graphical interface by pointing your browser to https://127.0.0.1:9392. Accept the self-signed certificate error, and then log in with the admin username and the password generated during the initial configuration.

OpenVAS is now ready to run a vulnerability scan against any target. You can change the password after you log in, by navigating to Administrations | Users and selecting the edit user option (marked with a spanner) against the username.

The GUI interface is divided into multiple menus, as described here:

• Dashboard: A customizable dashboard that presents information related to vulnerability management, scanned hosts, recently published vulnerability disclosures and other useful information.
• Scans: From here you can start a new network VA scan. You will also find all of the reports and findings under this menu.
• Assets: Here you will find all of the accumulated hosts from the scans.
• SecInfo: The detailed information of all the vulnerabilities and their CVE IDs are stored here.

• Configuration: Here you can configure various options, such as alerts, scheduling, and reporting formats. Scanning options for host and open port discovery can also be customized using this menu.
• Extras: Settings related to the OpenVAS GUI, such as time and language, can be done from this menu.
• Administration: Adding and deleting users and feed synchronization can be done through the Administration menu.

Now let's take a look at the scan results from OpenVAS. I scanned three hosts and found some high-risk vulnerabilities in two of them. You can further click on individual scans and view detailed information about the vulnerabilities identified: