Intro To Greenbone Vulnerability Manger

What is GVM and OpenVAS?

WikiPedia does a really nice introduction to GVM so let jump start our understanding with that:

OpenVAS is the scanner component of Greenbone Vulnerability Manager, a software framework of several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License.

To understand the relationship between OpenVAS and GVM we should refer to the OpenVAS website, which does a good job explaining the relationship between OpenVAS and GVM:

In 2019 the branding separation was completed. OpenVAS now represents the actual vulnerability scanner as it did originally and the “S” in “OpenVAS” now stands for “Scanner” rather than “System”. These changes are accompanied by an updated OpenVAS logo. The framework where OpenVAS is embedded is the Greenbone Vulnerability Management (GVM).OpenVAS released with GVM-10 receives numerous performance optimization to address the challenge of a growing number of vulnerability tests, scanning target networks of increasing size and heterogeneity. OpenVAS released with GVM-11 introduces substantial architectural changes: The former service “openvassd” is turned into a command line tool “openvas”. It is controlled by the service layer ospd-openvas. This concept essentially replaces the old stateful, permanent and proprietary OTP (OpenVAS Transfer Protocol) by the new state-less, request-response XML-based and generic OSP (Open Scanner Protocol).

Greenbone Networks owns OpenVAS and manages the a vulnerability feed, repositories of tools, and Greenbone Security Assistant (GSA), a web-application front-end that can be hosted in the cloud or run on a local system.

Screenshot of GSM Web-application UI

A Few More Quick Details

For a fairly comprehensive high-level description of what GVM does visit the Greenbone Networks product page and read a description of the commercial appliance. For a list of terminology used in GVM products view the glossary

GVM can also be controlled via command line interface (CLI) with gvm-cli which includes a robust set of functionality for automation of not only scheduling and starting assessments, but also creating hosts, targets and generating reports. We will cover those functions later in this article. The CLI can also be used to run customized scripts with gvm-script to take full advantage of the gvm-cli and has a great set of options.

Finally, gvm-tools is a set of python scripts that use python-gvm as an API. gvm-tools is are very usefull to get started with automation and custom script development.

GVM components include:

• OpenVAS – The Open Vulnerability Scanner – The open-source vulnerability scanning engine
• GVM – Greenbone Vulnerability Manager – The glue between the scanner system and the GUI and CLI interfaces, runs as a systemd service
• GSM – Greenbone Security Manager – The commercial product line Greenbone Security Manager available as hardware or virtual appliances
• GSA – Greenbone Security Assistant – The web-application for operating GVM
• GSF – Greenbone Security Feed – Updated daily with new vulnerability data and scan configurations (currently consists of > 100,000 tests)
• GMP Greenbone Management Protocol and OSP (Open Scanner Protocol) are communication protocols supported by GVM
• gvm-cli – command line interface for controlling GVM without the need for the GSA web-interface
• gvm-script – command line interface for running custom python scripts and extend the automation capabilities of GVM
• gvm-pyshell – an interactive shell for
• gvm-tools – a set of useful and demonstrative python scripts for use with gvm-script automating GVM
• python-gvm – a python package with modules for interacting with the gvm-cli, gvm-script via Python object interface

Connection Methods

The gvm-cli, gvm-script, and gvm-oyshell clients can connect in several ways to allow remote control of a GVM appliance:

• Unix Socket (for local installations)
• TLS Connection (for remote installations)
• SSH Connection (for remote installations)

gvm-tools

The README.md file included in the gvm-tools GitHub repository includes the best description of gvm-tools so let’s let Greenbone explain it:

The Greenbone Vulnerability Management Tools `gvm-tools` are a collection of tools that help with remote controlling a Greenbone Security Manager (GSM) hardware appliance and underlying Greenbone Vulnerability Management (GVM) framework. The tools aid in accessing the communication protocols GMP (Greenbone Management Protocol) and OS (Open Scanner Protocol).

The gvm-tools python packages are usually installed with the main package, but can also be installed via python pip which may be useful if you require a specific version to match the installed version of GVM. Use one of the following commands to install via bash shell.  Also, the gvm-tools can be used with a local installation of GVM on a Linux host such as Kali Linux.  You do not need to purchase the GSM hardware appliance to use them for GVM automation.

pip install --user gvm-tools
python3 -m pip install gvm-tools

Or download the source code from GitHub

git clone git://github.com/greenbone/gvm-tools

The GitHub repository README.md file is a good source for quick-start summary and instructions, and full documentation is available.

How To Install GVM on Linux

Here are the basic instructions to install GVM on Linux. It is also available as VM instances ().

# Update your Linux OS
$ sudo apt update && apt upgrade -y

I do not recommend the full distribution upgrade unless you are preparing a production GVM appliance since you may encounter unnecessary problems with package dependencies that often occur in Kali. As far as I can tell, this is because Kali installations are often running a plethora of software applications and that often require many different version combinations. GVM is no exception to that. So, for getting to know GVM and trying it out, just do the update and upgrade.

# Install openvas
sudo apt install -y openvas

# Setup GVM service
$ sudo gvm-setup

# Check the setup
$ sudo gvm-check-setup

# Start the web-console server
$ sudo gvm-start

You will see an output similar to this:

[*] Please wait for the GVM / OpenVAS services to start.
[*]
[*] You might need to refresh your browser once it opens.
[*]
[*] Web UI (Greenbone Security Assistant): https://127.0.0.1:9392

● greenbone-security-assistant.service - Greenbone Security Assistant (gsad)
Loaded: loaded (/lib/systemd/system/greenbone-security-assistant.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2021-12-05 03:58:16 EST; 20ms ago
Docs: man:gsad(8)
https://www.greenbone.net
Process: 298465 ExecStart=/usr/sbin/gsad --listen=127.0.0.1 --port=9392 (code=exited, status=0/SUCCESS)
Main PID: 298467 (gsad)
Tasks: 3 (limit: 13145)
Memory: 2.1M
CPU: 43ms
CGroup: /system.slice/greenbone-security-assistant.service
├─298467 /usr/sbin/gsad --listen=127.0.0.1 --port=9392
└─298468 /usr/sbin/gsad --listen=127.0.0.1 --port=9392

Dec 05 03:58:16 kali systemd[1]: Starting Greenbone Security Assistant (gsad)...
Dec 05 03:58:16 kali gsad[298465]: Oops, secure memory pool already initialized
Dec 05 03:58:16 kali systemd[1]: Started Greenbone Security Assistant (gsad).

● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
Loaded: loaded (/lib/systemd/system/gvmd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2021-12-05 03:58:11 EST; 5s ago
Docs: man:gvmd(8)
Process: 298427 ExecStart=/usr/sbin/gvmd --osp-vt-update=/run/ospd/ospd.sock (code=exited, status=0/SUCCESS)
Main PID: 298432 (gvmd)
Tasks: 1 (limit: 13145)
Memory: 101.6M
CPU: 1.251s
CGroup: /system.slice/gvmd.service
└─298432 gvmd: Waiting for incoming connections

Dec 05 03:58:06 kali systemd[1]: Starting Greenbone Vulnerability Manager daemon (gvmd)...
Dec 05 03:58:06 kali systemd[1]: gvmd.service: Can`t open PID file /run/gvm/gvmd.pid (yet?) after start: Operation not permitted
Dec 05 03:58:11 kali systemd[1]: Started Greenbone Vulnerability Manager daemon (gvmd).

● ospd-openvas.service - OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas)
Loaded: loaded (/lib/systemd/system/ospd-openvas.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2021-12-05 03:58:06 EST; 10s ago
Docs: man:ospd-openvas(8)
man:openvas(8)
Process: 298422 ExecStart=/usr/bin/ospd-openvas --unix-socket /run/ospd/ospd.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas (code=exited, status=0/SUCCESS)
Main PID: 298424 (ospd-openvas)
Tasks: 6 (limit: 13145)
Memory: 31.6M
CPU: 877ms
CGroup: /system.slice/ospd-openvas.service
├─298424 /usr/bin/python3 /usr/bin/ospd-openvas --unix-socket /run/ospd/ospd.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas
├─298426 /usr/bin/python3 /usr/bin/ospd-openvas --unix-socket /run/ospd/ospd.sock --pid-file /run/ospd/ospd-openvas.pid --log-file /var/log/gvm/ospd-openvas.log --lock-file-dir /var/lib/openvas
├─298462 openvas --update-vt-info
└─298466 openvas --update-vt-info

Dec 05 03:58:05 kali systemd[1]: Starting OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas)...
Dec 05 03:58:06 kali systemd[1]: Started OpenVAS Wrapper of the Greenbone Vulnerability Management (ospd-openvas).

[*] Opening Web UI (https://127.0.0.1:9392) in: 5... 4... 3... 2... 1...

Now you can access the Web-application UI from your browser locally https://127.0.0.1:9392.

Updating the vulnerability feed

Updating the vulnerability feed takes a few minutes (~ ten minutes – 1/2 hour) depending on your system resources. You can cron this to happen regularly at convenient times.

# Update the vulnerability feed
$ sudo gvm-feed-update
# Stop all GVM services
$ sudo gvm-stop

Video Tour of GSM Web-Application

In the following video tutorial we will cover the following functionality in the GSM Web-application.

• Administration Menu
• Create A Host
• Create A Target
• Add Credentials
• Create Overrides
• Run A Task
• Configure The Output
• Apply Filters
• Inspect Scan Results
• Generate A Report File (PDF / XML)
• SecInfo Links
• Schedules
• Alerts
• CVSS Calculator

Video Tour of GSM Command Line Tools

Video Tour of Scan Results