Installing and using OpenVAS 20.08 on Debian 10


I have recently started to read about OpenVAS, with the intent of using it to scan a network of possibly vulnerable hosts. I am using VirtualBox with a Debian 10: since the documentation suggests development is done in this operating system, it seemed like the best choice to run the tool.

In order to explore the tool, I decided to compile from source code only the recent OpenVAS 20. Not the entire GVM; just the OpenVAS module. Yet, from my understanding, the initial OpenVAS was a complete framework. Perhaps now it will not work on its own. So, my very first question is: does it even make sense to do this, i.e., install OpenVAS 20.08 without installing all the GVM?

I realized OpenVAS would not install without the required GVM Libraries, so I installed them from source too. Everything seems to have been installed correctly. When writing openvas, bash says “command not found”; an expected behaviour when installing from source, from what my little experience with Linux has taught me. So I tried running the openvas executable inside src using sudo, but nothing happens: no errors and no output whatsoever. Furthermore, when using greenbone-nvt-sync inside the tools folder, it yields “the rsync binary could not be found”.

Searching has resolved most of my problems, but my efforts have come to a halt. Shedding some light on faulty assumptions or endeavours from my part would be much appreciated. :slightly_smiling_face:

Hello again!

For anyone struggling as I was, this white paper helped me clarify the different entities at work here:

And this guide helped out tremendously in installing OpenVAS Greenbone Source Edition 20.08 on Debian 10: (I was getting errors along the way due to having previously attempted to install, so if you run into trouble try running the guide on a clean-slate Debian).