English | Deutsch
Home » Try out OpenVAS

OpenVAS-8 DEMO Virtual Appliance

Version: 1.0 (up-to-date regarding base system, OpenVAS-8 and Feed as of 2015-05-20)

Download Sites for the OVA Image (3.2 GByte):

MD5SUM: b7604b49a1bf3080786be36965b055e9

Compatibility: VirtualBox >=4.3

Important Notes:

  • Security (it is highly recommended that you follow these steps immediately after first start):
    • You should change the default password for system account "root" (login as root and apply command "passwd").
    • You should change the default password for system account "openvas" (login as openvas and apply command "passwd").
    • You should change the default password for web account "admin" (login as admin via web interface and go to "Extras/My Settings". Via the Edit button, change the password - remind the checkbox to confirm password change).
    • You should delete the file "/home/openvas/.ssh/authorized_keys" as it may contain remains from the VM build procedure.
    • You should upgrade the base system immediately to install all security updates published meanwhile. The base system is Debian Jessie, so you need to run as root the command apt-get update && apt-get upgrade (or other management tools you might prefer).
    • A self-signed SSL certificate is used. You need to allow an exception in your browser at first login.
      Exchange it if you don't want to share the same certificate with other OpenVAS DEMO installations.
    • Encryption of passwords: The first time you create a credential object, a new password encryption key will be generated.
    • TLS Ciphers: The services HTTPS and OMP can be configured regarding offered TLS ciphers. You need to start the corresponding daemons with the right parameters.
  • Usage:
    • If you don't know where to log into the web interface: The IP of the system should be displayed before the login prompt. Should it not be the case, press ENTER to request a new login prompt, in the meantime, the system should have acquired an IP and you should be able to use it.
  • GNU GPL: In compliance with GNU GPL, any sources are already pre-installed on the VM (under /root/sources)
  • Performance: After import it might make sense to increase resources (CPU, RAM), given your host can provide this
  • Updating OpenVAS: OpenVAS was built in /home/openvas/src. You need to download newest releases as tar.gz files and follow the usual scheme for building OpenVAS from source.
  • Web timeout: If you want to increase the web timeout to for example 1 hour, then you should create a systemd drop-in file under /etc/systemd/system/gsa.service.d/timeout.conf with the following content (refer to the systemd documentation for more details):
    ExecStart = /usr/local/bin/gsad --foreground --timeout=60
  • Alternative web interface ITS (IT-Schwachstellenampel, German only): As root enter switchface-its. Back with switchface-classic. Might help to force reload in browser after switch to get all decoration changes. This switch will be reset upon reboot of the system.
  • You can switch the keyboard layout as root by using the recommended method: dpkg --configure keyboard-configuration && service keyboard-setup restart. Alternatively, you can use the following shortcut: switchkbd de to switch to German layout. This shortcut might not work in all cases.

Important note on these Virtual Appliances

Please note that these virtual appliances are for demonstration/testing purposes and not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.