English | Deutsch
Home » Try out OpenVAS

OpenVAS-7 DEMO Virtual Appliance

Version: 1.0 (up-to-date regarding base system, OpenVAS-7 and Feed as of 2014-05-12)

Download Sites for the OVA Image (3.5 GByte):

MD5SUM: 7d7e4d24229a9a518a356801af1b8845

Compatibility: VirtualBox >=4.3, ESXi >=4

Important Notes:

  • Security (it is highly recommended that you follow these steps immediately after first start):
    • You should change the default password for system account "root" (login as root and apply command "passwd").
    • You should change the default password for system account "openvas" (login as openvas and apply command "passwd").
    • You should change the default password for web account "admin" (login as admin via web interface and go to "Extras/My Settings". Via the Edit button, change the password - remind the checkbox to confirm password change).
    • You should upgrade the base system immediately to install all security updates published meanwhile. The base system is Debian Wheezy, so you need to run as "root" the command "apt-get dist-upgrade" (or other management tools you might prefer).
    • A self-signed SSL certificate is used. You need to allow an exception in your browser at first login.
      Exchange it if you don't want to share the same ceritificate with other OpenVAS DEMO installations.
    • Encryption of passwords: The passwords that you enter for Credentials (ssh/smb) and that are boing used for authenticated scans are stored encrypted. A encryption key is pre-installed because the creation can take considerably long (upto 60 minutes).
      If you do not exchange this key, you share the same encryption key with other OpenVAS DEMO installations!
      This way you delete the key and create a new one (takes upto 60 minutes):
      gpg --homedir=/usr/local/etc/openvas/gnupg --delete-secret-keys 94094F5B
      gpg --homedir=/usr/local/etc/openvas/gnupg --delete-keys 94094F5B
      openvasmd --create-credentials-encryption-key
      /etc/init.d/openvas-manager restart
      You will find further details and hints about the key management in the file "/root/build/openvas-manager-5.0.1/INSTALL".
  • Usage:
    • If you don't know where to log into the web interface, then log in as system user "openvas" and the URL will be printed.
  • GNU GPL: In compliance with GNU GPL, any sources are already pre-installed on the VM (under /root/source)
  • Performance: After import it might make sense to increase resources (CPU, RAM), given your host can provide this
  • Updating OpenVAS: OpenVAS was built unter /root/build. You need to download newest releases as tar.gz files and follow the usual scheme for building OpenVAS from source. The install prefix is "/usr/local".
  • Web timeout: If you want to increase the web timeout to for example 1 hour, then you should add "--timeout=60" to DAEMON_ARGS in /etc/default/greenbone-security-assistant and then restart.

OpenVAS-6 DEMO Virtual Appliance

Version: 3.0 (up-to-date regarding base system, OpenVAS-6 and Feed as of 2014-03-02)

Download Sites for the OVA Image (3.5 GByte):

MD5SUM: 2c62fc35a11a28c65778f54321abc690

Compatibility: VirtualBox >=4.1, ESXi >=4

Important Notes:

  • Security (it is highly recommended that you follow these steps immediately after first start):
    • You should change the default password for system account "root" (login as root and apply command "passwd").
    • You should change the default password for system account "openvas" (login as openvas and apply command "passwd").
    • You should change the default password for web account "admin" (login as admin via web interface and go to "Extras/My Settings". Via the Edit button, change the password - remind the checkbox to confirm password change).
    • You should upgrade the base system immediately to install all security updates published meanwhile. The base system is Debian Squeeze, so you need to run as "root" the command "apt-get dist-upgrade" (or other management tools you might prefer).
    • A self-signed SSL certificate is used. You need to allow an exception in your browser at first login.
      Exchange it if you don't want to share the same ceritificate with other OpenVAS DEMO installations.
    • Encryption of passwords: The passwords that you enter for Credentials (ssh/smb) and that are boing used for authenticated scans are stored encrypted. A encryption key is pre-installed because the creation can take considerably long (upto 60 minutes).
      If you do not exchange this key, you share the same encryption key with other OpenVAS DEMO installations!
      This way you delete the key and create a new one (takes upto 60 minutes):
      gpg --homedir=/usr/local/etc/openvas/gnupg --delete-secret-keys 94094F5B
      gpg --homedir=/usr/local/etc/openvas/gnupg --delete-keys 94094F5B
      openvasmd --create-credentials-encryption-key
      /etc/init.d/openvas-manager restart
      You will find further details and hints about the key management in the file "/root/build/openvas-manager-4.0.5/INSTALL".
  • Usage:
    • If you don't know where to log into the web interface, then log in as system user "openvas" and the URL will be printed.
  • GNU GPL: In compliance with GNU GPL, any sources are already pre-installed on the VM (under /root/source)
  • Performance: After import it might make sense to increase resources (CPU, RAM), given your host can provide this
  • Updating OpenVAS: OpenVAS was built unter /root/build. You need to download newest releases as tar.gz files and follow the usual scheme for building OpenVAS from source. The install prefix is "/usr/local".
  • Web timeout: If you want to increase the web timeout to for example 1 hour, then you should add "--timeout=60" to DAEMON_ARGS in /etc/default/greenbone-security-assistant and then restart.

Important note on these Virtual Appliances

Please note that these virtual appliances are for demonstration/testing purposes and not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.