DragonFly On-Line Manual Pages
OPENVASCLIENT(1) Users Manuals OPENVASCLIENT(1)
OpenVAS-Client - The client part of the OpenVAS Security Scanner
OpenVAS-Client [-v] [-h] [-n] [-T <type>] [-q [-pPS] host port user
password targets results]
OpenVAS-Client -i in.nbe -o out.[html|xml|nbe]
The OpenVAS Security Scanner is a security auditing tool made up of two
parts: a server, and a client. The server, openvasd is in charge of
the attacks, whereas the client OpenVAS-Client provides an interface to
OpenVAS-Client is an X11 client based on GTK+2.
This man page explains how to use the client.
-c <config-file>, --config-file=<config-file>
use another configuration file.
no pixmaps. This is handy if you are running OpenVAS-Client on a
quiet mode or batch mode. Setting this option makes OpenVAS-
Client expect all of the following settings.
obtain list of plugins installed on the server.
obtain list of server and plugin preferences.
issue SQL output for -p and -P (experimental).
is the openvasd host to whom you will connect.
is the port to which you will connect on the remote
is the user name to use to connect to openvasd.
is the password associated with this user name.
is the name of a file containing the target machines.
is the name of the file where the results will be stored
at the end of the test.
-T <type>, --output-type=<type>"
Save the data as <type>, where <type> can be "nbe", "html",
"html_graph", "text", "xml", "tex"
make the batch mode display status messages to the screen.
do not check SSL certificates.
shows version number and quits
lists the available options
The X11 interface
The OpenVAS-Client interface is divided in several panels:
o The "Openvasd host" section:
In this section, you must enter the openvasd host to whom you
will connect, as well as the port. You must also enter your
openvasd user name and your password (not the one of the
system). Once you are done, you must click on the "Log in"
button, which will establish the connection to the openvasd
Once the connection is established, openvasd sends to the client
the list of attacks it will perform, as well as the default
preferences to use.
o The "Target Selection" section:
o In this section, you are required to enter the primary target.
A primary target may be a single host (e.g. x.y.test), an IP
(e.g. 192.168.1.1), a subnet (e.g. 192.168.1.1/24 or x.y.test),
or a list of hosts, separated by commas (e.g. 192.168.1.1,
192.168.2.1/24, x.y.test, a.b.test).
o You can restrict the maximum number of hosts to test using the
"Max Hosts" entry. This is a feature that prevents you from
scanning too many machines; or accidentally scanning other
machines. (For instance, if you only plan to test x.y.info and
a.b.info, you can safely set this entry to "2").
o This panel also allows you to enable the "Perform a DNS zone
transfer" option. This option is dangerous and should be enabled
with caution. For instance, if you want to test www.x.test,
then if this option is set, openvasd will attempt to get the
list of the hosts in the "x.test" domain.
This option may be dangerous. For instance, if you enable it and
you ask to test 192.168.1.1/24, then openvasd will do a reverse
lookup on every IP, and will attempt a DNS zone transfer on
every domain. That is, if 192.168.1.1 is www.x.test, and
192.168.1.10 is mail.x.test, then a DNS zone transfer will be
made on the domains "x.test" and "test.x".
o The "Plugins" section
Once you have successfully logged into the remote openvasd
server, this section is filed with the list of the attacks that
the server will perform. This panel is divided in two parts: the
plugins families, and the plugins themselves. If you click on
the name of a plugin, then a dialog will appear, showing you
which will be the error message sent by the plugin if the attack
You can use OpenVAS-Client to do conversion between formats used for
reports. OpenVAS can take any NBE reports and change them into HTML,
XML or NBE reports.
Please note that the XML report provides usually more information about
the scan itself NBE format do not include in the report.
Basically, XML is a merge between the .nbe reports and the .openvasrc
configuration file. You won't get extra verbosity or diagnosis info in
the XML report, but you'll know which plugins (and which version of
these plugins) have been enabled during the scan.
For more information on the report formats please read the file
nbe_file_format.txt provided along with the documentation.
HOME The path to the user's home directory which will hold the client
configuration cache .openvasrc. The path is refered to as ~/,
If this environment variable is set, this path is used instead
of the path defined by the HOME variable. This path is referred
to as ~/, below.
% More examples should be included here (jfs)
To run a batch scan from a cron job and publish it in a given web space
( /var/www/html/openvas/ ) try the following:
OpenVAS-Client -c /root/openvas/openvas.rc -T html -qx localhost 9390
batch batch1 /root/openvas/target /var/www/html/openvas/results.html
Make sure that paranoia level is not set in your openvas.rc
configuration file, otherwise the scan will not work
is the client configuration file, which contains the options
about which openvasd server to connect to, which plugins to
activate, and so on. The file is created automatically if it
does not exist.
MORE INFORMATION ABOUT THE OPENVAS PROJECT
The canonical places where you will find more information about the
OpenVAS project are:
Author of developments prior to the fork from NessusClient is Renaud
Several other people have been kind enough to send patches and bug
reports. Thanks to them.
The OpenVAS Project August 2007 OPENVASCLIENT(1)