The other day I stood up an OpenVAS server so I could run internal vulnerability testing in my environment. If you haven't heard of OpenVAS, here is a description from their page:
OpenVAS is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution. The framework is part of Greenbone Networks' commercial vulnerability management solution from which developments are contributed to the Open Source community since 2009.Well, I followed this tutorial on how to install OpenVAS in Ubuntu. However, after I was done and I ran some scans I noted that all of my reports were empty! Any of the reports I clicked on said the following:
Empty reports can happen for the following reasons:
The target hosts where regarded dead.What the shit man? I knew the scans were working because my IDS was going batshit! Why no reports?
The filter does not match any result.
A very small or non-verbose scan configuration was applied
Well, it turns out the tutorial I followed missed a few steps. After installing OpenVAS, you need to run the following to update it's databases:
- sudo openvas-nvt-sync
- sudo openvas-scapdata-sync
- sudo openvas-certdata-sync
Then you need to restart the scanner and manager:
- service openvas-scanner restart
- service openvas-manager restart
Now the critical part, and why my reports weren't showing up, you have to rebuild the OpenVAS database so the manager can access the NVT data:
- sudo openvasmd --rebuild --progress
After doing that, I re-scanned my hosts and I now had the detailed reports I was looking for!