OpenVAS & Metasploit Integration


using a vulnerability scanner in it’s graphical interface is not a hard thing and all the pen-testers are able to do it while in this post we’ll practice on a different and easy exercise which is using a vulnerability management tool in the CLI mode from inside a great exploiting framework like Metasploit.

Based on some pen-testers experiences, using any security tool (in this example it is a vulnerability scanning tool) in it’s command mode is preferable specially if the system used in the pentesting purposes is non accessible by it’s graphical interface or even web access to this tool and only ssh/telnet is available (and either they don’t want to use vnc) also using the security tool in cli most probably provides more speed, reliability and flexibility.

What is OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is an open source framework with several services provide a vulnerability scanning and management solutions.

Steps for using OpenVAS inside Metasploit

Metasploit has a module allows you to connect to OpenVAS server, in the following it’s explained in details how to use this module to perform vulnerability scans on a specific targets then downloading the scan results in a various kind of reports.

Opening Metasploit framework

as we knew before from this post we’ll open the Metasploit console using the command msfconsol 

Opening MSFconsol

 Loading OpenVAS plugin

we’ll load the OpenVAS module using the command load openvas , note that this module will provide you the basic features of openVAS not all the features.

Load OpenVAS module

Connect to OpenVAS

once the plugin is loaded successfully as mentioned in the below image you should connect to openVAS server using the command openvas_connect <username> <password> <OpenVAS server IP> <Port>

if the OpenVAS installed on a different system other the metasploit installed on then you should add the server’s IP while usually both are installed on the same system so we’ll add localhost or

Connect to OpenVAS server

you can list all the commands provided by the plugin , they are all starting with openvas_ as the following

List of all commands in this module

Create a new targets

once you have connected successfully to the openVAS server as mentioned before, now you can start creating your target list using the command openvas_target_create <scan name> <target IP> <any comments>

example for creating a target object.
example for creating a target object.

Create a new scan task

at the following steps we’ll create a scan task adding in it the configured targets and choosing the scan mode.

we have 4 available scan modes as mentioned below.

Listing the scan configs

the following step is how to create a scan task, you’ll add the config_id from the list mentioned previously  and the id of the target that you created before

creating new scan task

Starting a scan task

you can start a configured before scan with the command openvas_task_start <task ID>

start the configured task

Listing the scan tasks

to check the scan progress or even list the old scans use the command openvas_task_list

started scan still in progress

and the below is the list of scans when our scan has been done.

scan has been done

Listing the scan reports

once the scan has been finished it’s result is added in a report and can be found in the list of reports, use openvas_report_list command to list all the reports

list all the scan reports

Downloading reports

you have the 7 report formats mentioned below and can be listed with the command openvas_format_list

report formats list

you can download a report with various format types using the command openvas_report_download <report_id> <format_type> <path_of_the_download> <report_name>

download a report with html format
download a report with xml format

OpenVAS gui

following images shows how you open the OpenVAS in the gui mode in kali linux, and you’ll find all the scans made via the openvas module inside the metasploit.



Leave a Reply

Your email address will not be published.