Intro To Greenbone Vulnerability Manger

Fingerprint Cyber Security

What is GVM and OpenVAS?

WikiPedia does a really nice introduction to GVM so let jump start our understanding with that:

OpenVAS is the scanner component of Greenbone Vulnerability Manager, a software framework of several services and tools offering vulnerability scanning and vulnerability management. All Greenbone Vulnerability Manager products are free software, and most components are licensed under the GNU General Public License.

To understand the relationship between OpenVAS and GVM we should refer to the OpenVAS website, which does a good job explaining the relationship between OpenVAS and GVM:

In 2019 the branding separation was completed. OpenVAS now represents the actual vulnerability scanner as it did originally and the “S” in “OpenVAS” now stands for “Scanner” rather than “System”. These changes are accompanied by an updated OpenVAS logo. The framework where OpenVAS is embedded is the Greenbone Vulnerability Management (GVM).OpenVAS released with GVM-10 receives numerous performance optimization to address the challenge of a growing number of vulnerability tests, scanning target networks of increasing size and heterogeneity. OpenVAS released with GVM-11 introduces substantial architectural changes: The former service “openvassd” is turned into a command line tool “openvas”. It is controlled by the service layer ospd-openvas. This concept essentially replaces the old stateful, permanent and proprietary OTP (OpenVAS Transfer Protocol) by the new state-less, request-response XML-based and generic OSP (Open Scanner Protocol).

Greenbone Networks owns OpenVAS and manages the a vulnerability feed, repositories of tools, and Greenbone Security Assistant (GSA), a web-application front-end that can be hosted in the cloud or run on a local system.

Screenshot of GSM Web-application UI

Screenshot of GSM Web-application UI

A Few More Quick Details

For a fairly comprehensive high-level description of what GVM does visit the Greenbone Networks product page and read a description of the commercial appliance. For a list of terminology used in GVM products view the glossary

GVM can also be controlled via command line interface (CLI) with gvm-cli which includes a robust set of functionality for automation of not only scheduling and starting assessments, but also creating hosts, targets and generating reports. We will cover those functions later in this article. The CLI can also be used to run customized scripts with gvm-script to take full advantage of the gvm-cli and has a great set of options.

Finally, gvm-tools is a set of python scripts that use python-gvm as an API. gvm-tools is are very usefull to get started with automation and custom script development.

GVM components include:

  • OpenVAS – The Open Vulnerability Scanner – The open-source vulnerability scanning engine
  • GVM – Greenbone Vulnerability Manager – The glue between the scanner system and the GUI and CLI interfaces, runs as a systemd service
  • GSM – Greenbone Security Manager – The commercial product line Greenbone Security Manager available as hardware or virtual appliances
  • GSA – Greenbone Security Assistant – The web-application for operating GVM
  • GSF – Greenbone Security Feed – Updated daily with new vulnerability data and scan configurations (currently consists of > 100,000 tests)
  • GMP Greenbone Management Protocol and OSP (Open Scanner Protocol) are communication protocols supported by GVM
  • gvm-cli – command line interface for controlling GVM without the need for the GSA web-interface
  • gvm-script – command line interface for running custom python scripts and extend the automation capabilities of GVM
  • gvm-pyshell – an interactive shell for
  • gvm-tools – a set of useful and demonstrative python scripts for use with gvm-script automating GVM
  • python-gvm – a python package with modules for interacting with the gvm-cli, gvm-script via Python object interface

Connection Methods

The gvm-cli, gvm-script, and gvm-oyshell clients can connect in several ways to allow remote control of a GVM appliance:

  • Unix Socket (for local installations)
  • TLS Connection (for remote installations)
  • SSH Connection (for remote installations)

gvm-tools

The README.md file included in the gvm-tools GitHub repository includes the best description of gvm-tools so let’s let Greenbone explain it:

The Greenbone Vulnerability Management Tools `gvm-tools` are a collection of tools that help with remote controlling a Greenbone Security Manager (GSM) hardware appliance and underlying Greenbone Vulnerability Management (GVM) framework. The tools aid in accessing the communication protocols GMP (Greenbone Management Protocol) and OS (Open Scanner Protocol).

The gvm-tools python packages are usually installed with the main package, but can also be installed via python pip which may be useful if you require a specific version to match the installed version of GVM. Use one of the following commands to install via bash shell.  Also, the gvm-tools can be used with a local installation of GVM on a Linux host such as Kali Linux.  You do not need to purchase the GSM hardware appliance to use them for GVM automation.

Or download the source code from GitHub

The GitHub repository README.md file is a good source for quick-start summary and instructions, and full documentation is available.

How To Install GVM on Linux

Here are the basic instructions to install GVM on Linux. It is also available as VM instances ().

I do not recommend the full distribution upgrade unless you are preparing a production GVM appliance since you may encounter unnecessary problems with package dependencies that often occur in Kali. As far as I can tell, this is because Kali installations are often running a plethora of software applications and that often require many different version combinations. GVM is no exception to that. So, for getting to know GVM and trying it out, just do the update and upgrade.

You will see an output similar to this:

Now you can access the Web-application UI from your browser locally https://127.0.0.1:9392.

Updating the vulnerability feed

Updating the vulnerability feed takes a few minutes (~ ten minutes – 1/2 hour) depending on your system resources. You can cron this to happen regularly at convenient times.

Video Tour of GSM Web-Application

In the following video tutorial we will cover the following functionality in the GSM Web-application.

  • Administration Menu
  • Create A Host
  • Create A Target
  • Add Credentials
  • Create Overrides
  • Run A Task
  • Configure The Output
  • Apply Filters
  • Inspect Scan Results
  • Generate A Report File (PDF / XML)
  • SecInfo Links
  • Schedules
  • Alerts
  • CVSS Calculator

Video Tour of GSM Command Line Tools

Video Tour of Scan Results

Leave a comment

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.