Greenbone has maintained an open source vulnerability scanner for a long time. Their product is stable, but has some quirks. Greenbone does provide installation documentation for their vulnerability management tool including docker containers or building from source. This is article is more of a reflection than a guide.
Kali Linux
Initially, I attempted to use the openVAS scanner that comes with Kali. Long story short, I spent too much time researching which commands to run to get it working. ~8 hours.
Ubuntu 23
After torching the Kali build I mangled, I next attempted to install via Ubuntu repositories.
sudo apt install gvm
It worked. Well sort of. While the command completed successfully, the configuration of the software was incorrect. After further research, I found a forum post that suggested the Linux repositories are outdated and not maintained. ~6 hours
Greenbone’s Recommendations
Greenbone recommends to either build from source or use their docker installation instructions. I’m not a big fan of docker. Primarily because I haven’t taken the time to learn it.
Greenbone does a great job with their installation instructions and providing complete commands to copy and paste into the shell CLI. Strongly recommend to install via Greenbone’s docker installation instructions. ~2 hours (downloading takes some time)
Stable Enough
GVM is stable enough. BUT odd functionality can be observed. After initial installation, you may need to wait a few minutes to several hours for the vulnerability signatures to be downloaded and configured into the system. This can either be a set it and wait OR run a command to force it to set it and then wait.
Once they’re loaded, you can start scanning. Otherwise, if you initiate a scan prior to load completion, your scan will be queued. ~8 hours (overnight)
Troubleshooting
Certainly review the log files to see what’s happening behind the scenes. The web interface doesn’t display many errors, if any at all.
After a few days of running running the scanner successfully, I ran into an unexpected error. The web interface displayed “scan interupted”. Without any more information, I popped open the log files to see:
osp_scanner_feed_version: failed to connect to /run/ospd/ospd-openvas.sock
Not sure what caused this error, and even Google wasn’t able to tell me. I just redownloaded the docker containers, then restarted the containers. Instructions here. ~4 hours
Conclusion
Open Source software certainly has its quirks. The community supporting the software makes the software better. Forum posts, github documentation, or unofficial guidance can be found easily thanks to Google and ChatGPT. For lightweight vulnerability scanning, GVM will should be able to get you where you need to go.
Disclaimer: I have no affiliation with Greenbone or GVM. Do your own research to verify the tools meet your needs and offer the stability to get the job done. You may need to use multiple tools to validate the results.
