I finally got it past the gvm-check-setup on the virtual machine. I forgot to edit and change
sudo pluma /etc/postgresql/13/main/postgresql.conf
port = 5432
then run
sudo systemctl restart postgresql
But I think I did something to create the admin user after that which I didn’t document. Something like
sudo runuser -u _gvm – gvmd --create-user=admin
to generate a password. Maybe dropped the gvmd database first. Trying to follow/recreate the steps on my laptop. BTW: Accessing the Greenbone Security Assistant with extensions disabled appears to have fixed some stuff. I’m new and just starting to learn the system.
So apparently, Greenbone has taken over the open source project (OpenVAS) and the latest gvm packages for Debian do not work correctly on Parrot (or Kali). They no longer offer a Community Edition iso as of earlier this year, and files like reports and filters do not work unless you manage to migrate certain directories and files from older editions of gvm (11 => 20.x) or take the time to build everything from source using long complicated directions filled with pitfalls and errors. There is only a trial version iso from Greenbone.
Sorry we’ve been busying 4.11 beta preparing. We knew there are serious problems with GVM but nobodies checked the news from GVM. I am forwarding your information to our team. Hopefully we can do something.
I noticed there were a lot of updates for Parrot Security when I launched it tonight on my Virtual Box install, including a few for OpenVAS and Greenbone.
It’s finally working! You guys rock! Please send my appreciation to the team! Thank you!
But how can you make it work? We are having problems with this version: can’t create scan and so on. In fact, we are going to remove it from preinstalled tools. It will be provided for cloud edition only. The sec edition will focus on manual pentesting more than auditing.
I got it working last night on a Virtual Box guest. It was able to (slowly) scan a Metasploitable2 guest and return a report with all the found vulnerabilities. This was not working before the updates I installed last night.
The Target port list was available, the OpenVAS scanner was available (only the CVE scan was available before), once the scan was started it took ~20 minutes and showed the progress, and finally when completed it showed the full report of vulnerabilities it found on the target.
Later today I’ll be working to try getting it working on 2 laptops and a VMware guest. I’ll report back!
I’ve gotten it working now in a VMware guest. But not on my 2 laptops: they still can’t get the Port List when selecting a target or the OpenVAS Default Scanner when creating a task, saying that some long hexadecimal config could not be found.
Not sure if this makes a difference, but I noticed on my Virtual Box and VMware guests they are using the repository:
I reinstalled all OpenVAS and Greenbone packages using Synaptic on my laptop and restarted. It still wouldn’t show the port list or default scanner. But then I saw in Parrot Menu => System Services => OpenVas - Greenbone that there was a new menu choice of “Start new installation”. I chose that and allowed the resulting terminal to do some things.
Now it’s working on this laptop running Parrot (natively)! The port list and default scanner were there and I’m scanning Metasploitable2 running in a local VMware guest. Ha!
That step (#5 in my original post) didn’t work for my Virtual Box guest for some reason (but did for the other 3 Parrot installs: VMware 14 and 2 laptops). I searched around and found this command does the same thing successfully:
FWIW: I installed Kali 32-bit on a very old Atom processor netbook last week (after a lot of workarounds). Last night I was able to install OpenVAS/Greenbone on it as well with just a little hassle.
Thank you for your solution. Unfortunately i ran the sudo gvm-setup again and i got extremely slow internet connection and i interrupted the setup. Now i’m having different error. I’m running the setup script again and i’m having slow connection again.
This problem is killing me.
Oops, sorry I wasn’t clearer in my first post. Yeah, I ran gvm-check-setup several times, doing the requested (fix) steps until I hit a road block (step #8). Then I had to do a few extra things to get it working correctly once gvm-check-setup said everything was setup.
Well i blame wrong suggested command from gvm script. And thank you for your testing time ^^. I guess finally we have reason to keep this gvm.
Oh btw the w3af is a web auditing framework and it was removed years ago. The project is still under maintained but the release has been stopped since 2015. So i’m wondering if you interested in this, maybe you can help us test this project. It would be good if we have other web auditing framework.
