NOTE: When entering the IP address you will need to include the proper subnet mask bits. As an example for a system that requires subnet mask 255.255.252.0 the bits would be 22 so the ip address would be enter as 10.218.44.230/22 You can find a subnet mask calculator on line if the bits are not known. Select Show and hit Enter.
I need to connect to my OpenVAS from the Internet to conduct penetration tests.
I didn't found any way to make it permanently listen on the external interface: openvas-start
causes it to listen on 127.0.0.1.
I already tried to modify the configuration files, but it seems either I'm doing it wrong or something is overriding configurations when it starts.
Any help would be appreciated.
P.S: I'm using Kali 2.0.
migrated from security.stackexchange.comSep 23 '15 at 22:40
This question came from our site for information security professionals.
5 Answers
Since we're on systemd, you actually need to modify 3 .service
files:
Files are: greenbone-security-assistant.service, openvas-manager.service and openvas-scanner.service.
To make it quick you may want to use sed.This line will replace all 127.0.0.1 to 0.0.0.0 which will allow all services be avaliable on all interfaces. You should replace 0.0.0.0 to the address of your choice.
![Openvas Virtual Appliance Staric Ip Openvas Virtual Appliance Staric Ip](https://www.hackingtutorials.org/wp-content/uploads/2018/04/6-appliance-13.jpg)
Verify, that all will be done as you want. If you're happy with the changes, just add -i
to the end of previous command.
Lastly you need to reload daemons, since you've made changes to files and restart services.
Verify, that all services are listening on desired host:
If restarting sevices didn't work, try to restart server itself.
- openvas-stop
- gsad --listen=0.0.0.0
- openvas-start
- From any client machine try https://kali-ip/
- Enjoy accessing openvas web
There is much more simple solution. You can redirect external ip port to localhost using firewall. Assuming that Your's server external IP is 10.0.0.10:
That's all, now connect to https://10.0.0.10
I also tried to edit configuration IPs but there are in many places and seem to break OMP authorization. This solution was tested with latest Kali/OpenVAS (2016.09).
Quoting the openvasd man page:
-a , --listen= Tell the server to only listen to connections on the address which is an IP, not a machine name. For instance, 'openvasd -a 192.168.1.1' will make openvasd only listen to requests going to 192.168.1.1 This option is useful if you are running openvasd on a gateway and if you don't want people on the outside to connect to your openvasd.
You can append this option in the startup script located in /etc/init.d/openvas-scanner
in the DAEMONOPTS
constant.
Edit /etc/default/greenbone-security-assistant
:
Change 127.0.0.1
to your IP
Then, restart the services:
Try to access it from outside https://ip:9392