Complete Guide to Installing and Using OpenVAS (GVM) on Kali Linux

🧠 Introduction

OpenVAS (now part of Greenbone Vulnerability Management, or GVM) is a powerful open-source tool used for vulnerability scanning and assessment. Security professionals use it to detect security issues in systems and networks, making it an essential part of any ethical hacker or cybersecurity enthusiast’s toolkit.

In this comprehensive guide, you'll learn how to install, configure, and use OpenVAS/GVM on Kali Linux—step-by-step, with explanations for every command and process.

✅ Prerequisites

• A fresh or updated installation of Kali Linux (recommended)

• Root or sudo access

• Internet connectivity (for downloading feeds and packages)

🔧 Step 1: Update Your Kali Linux System

Start by updating your system packages to avoid compatibility issues.

sudo apt update && sudo apt upgrade -y && sudo apt dist-upgrade -y

Remove any unnecessary packages:

sudo apt autoremove -y

📦 Step 2: Install OpenVAS (GVM)

Install the OpenVAS/GVM framework and its dependencies using:

sudo apt install gvm -y

This package includes the scanner engine, Greenbone Vulnerability Manager, web UI, and all necessary components.

⚙️ Step 3: Initial Setup

Use the following script to initialize GVM:

sudo gvm-setup

🔹 This will:

• Set up the PostgreSQL database

• Generate TLS certificates

• Create the default admin user

• Download SCAP, CERT, and GVMD feeds

📌 Note: Ignore PostgreSQL collation mismatch warnings unless you're running in a production environment.

🚀 Step 4: Start GVM Services

To start the GVM services:

sudo gvm-start

Verify if everything is running properly:

sudo gvm-check-setup

If any issues appear (e.g., missing SCAP or CERT data), we’ll address them in the next steps.

🔐 Step 5: Resetting the Admin Password (Optional)

If you need to reset or change the admin password:

sudo runuser -u _gvm -- gvmd --user=admin --new-password='YourNewPassword123!'

Replace 'YourNewPassword123!' with a strong and memorable password.

🔄 Step 6: Manually Sync Greenbone Feeds

If you face issues like:

• “SCAP database is required”

• “CERT database is required”

• “Failed to find config 'daba56c8-73ec-11df-a475-002264764cea'”

Manually sync the required feeds:

sudo runuser -u _gvm -- greenbone-feed-sync --type scap
sudo runuser -u _gvm -- greenbone-feed-sync --type cert
sudo runuser -u _gvm -- greenbone-feed-sync --type gvmd-data

💡 These downloads may take several minutes depending on your internet speed.

🔧 If there's a feed lock error:

sudo rm /var/lib/gvm/feed-update.lock

Then re-run the sync commands.

♻️ Step 7: Restart GVM After Feed Sync

Once the sync is complete, restart all GVM services:

sudo gvm-stop
sudo gvm-start

Monitor logs to ensure SCAP data is properly loaded:

sudo tail -f /var/log/gvm/gvmd.log

✅ Look for:

update_scap_end: Updating SCAP info succeeded

This confirms a successful sync.

🌐 Step 8: Access the Web Interface

Open a browser and navigate to the GVM web UI:

https://127.0.0.1:9392

🚨 Note: You may get a certificate warning. It’s safe to proceed.

Login credentials:

• Username: admin

• Password: The one you set in Step 5 (or auto-generated by gvm-setup)

🕵️ Step 9: Creating and Running Your First Scan

1. After login, go to Scans > Tasks.

2. Click the magic wand icon 🔮 to launch the Advanced Task Wizard.

3. Fill out the scan details:

   • Task Name: e.g., "Internal Network Scan"

   • Target IP/domain: e.g., 192.168.1.1 or example.com

   • Scan Config: Select Full and Fast (recommended)

4. Click Create and Start Scan.

📊 After completion, scan reports will be available in multiple formats (PDF, CSV, XML).

🛠️ Step 10: Troubleshooting Common Issues

🧾 Conclusion

OpenVAS (GVM) is a robust and flexible vulnerability management solution for cybersecurity professionals. With this guide, you should be able to:

• Install and configure GVM on Kali Linux

• Synchronize feeds and fix common setup issues

• Launch vulnerability scans and analyze reports

Keeping OpenVAS regularly updated and scanning routinely can significantly strengthen your system's security posture.

📚 References

• 🔗 Greenbone Community Portal

• 🔗 Kali Linux Docs

• 📘 OpenVAS Manual