0xnhl

Back

Greenbone Vulnerability Management (GVM)

Created: 1/12/2026 Updated: 1/12/2026
#cybersec/tools#ciscoeh

GVM is part of the Open Source Vulnerability Management suite of products produced by Greenbone Networks GmbH. The GVM scanner is one of the most widely used open-source vulnerability scanners. Unlike Nmap, GVM uses a graphical user interface to initiate scans and report vulnerability scan results.

Step 1: Verify the GVM Product Installation.#

Before beginning any scan, it is important to verify that GVM is correctly installed and that the files it uses to identify vulnerabilities are up-to-date.

  1. Verify the setup of the GVM service using the sudo gvm-check-setup command. This command verifies that the setup completed correctly and the necessary files are available. The verification will flag any issues that need fixing and will provide the commands to use to fix the issues.
    sudo gvm-check-setup
  2. If there are issues, execute the suggested command to fix the problem and then re-run the gvm-check-setup command. When all issues are addressed, the command outputs the string “It seems like your GVM [version] installation is OK.”.
  3. Just for this activity, stop the GVM service so you can observe the startup output.
    sudo gvm-stop

Step 2: Open the GVM Scanner GUI.#

  1. Start the GVM scanner using the sudo gvm-start command. You can also access the gvm-start script using the Applications menu on the Kali desktop, Kali ->02-Vulnerability Analysis -> gvm start. It is possible that GVM may already be running as a result of the check setup process.
    The output of the command should be similar to what is shown below. At the end of the output, a message that the scanner is loading in Firefox will appear.
    ● gsad.service - Greenbone Security Assistant daemon (gsad)
    ● gvmd.service - Greenbone Vulnerability Manager daemon (gvmd)
    ● ospd-openvas.service - OSPd Wrapper for the OpenVAS Scanner (ospd-openvas)
  2. A browser window will open with a security warning that can be ignored. If the browser does not automatically open, start your browser manually and navigate to https://127.0.0.1:9392. Click the Advanced button and scroll down and accept the risk on the warning screen to proceed.
  3. In the Greenbone Security Assistant login box, enter admin as the username and kali as the password.
Username: admin
Password: kali
plaintext
  1. The GVM Scanner application GUI should open in the browser. Select Scans -> Tasks from the menu bar. At the upper left of the Tasks window appear three icons. Select the Task Wizard icon that looks like a magic wand. Choose Task Wizard from the dropdown menu.

Step 3: Scan the Target Host for Vulnerabilities#

  1. The GVM Scanner application GUI should open in the browser. Select Scans -> Tasks from the menu bar. At the upper left of the Tasks window appear three icons. Select the Task Wizard icon that looks like a magic wand. Choose Advanced Task Wizard from the dropdown menu.
  2. In the Advanced Task Wizard window, enter Metasploitable as the scan name. In the Target Host(s) field, enter the IP address of Metasploitable, 172.17.0.2. Leave the rest of the settings unchanged and click Create to create the task and start the scan.
  3. The Task window indicates the task is running. At the bottom of the window, the task Metasploitable is listed, and the status bar shows the percent complete. Wait until the status shows Done (100% complete). This could take 30 minutes or more.
  4. Click the number 1 under the Reports column in the Metasploitable row, next to the status indicator. The report list opens with an entry for the current day and time and the task named Metasploitable.
  5. Open the report by clicking the date and time link under the Date column. The report window opens. There are eleven tabs that show various results that were found during the scan. Click the Results tab. The vulnerabilities found are listed in order of severity.
  6. When the scan is complete, click the timestamp under the Date column to view the report detail.
  7. The CVEs associated with the vulnerabilities that were found on the host can be viewed by clicking the CVEs tab. Explore the other tabs.
  8. Download the report by clicking the Download Filtered Report button from the menu in the upper left of the report page. It has a downward-pointing arrow icon. In the settings box, choose to download the report in PDF format. After a brief delay, the PDF file should open in your browser.
  9. Click the other headers on the report and view the information provided. 

Step 4: Interpret the scan results.#

GVM provides a detailed description of the vulnerabilities including methods to mitigate each vulnerability.

  1. Click the The rexec service is running vulnerability listed in the Results tab. GVM provides a summary of the finding and additional details. The Insight section explains a little about the vulnerability and the Solution section gives mitigation suggestions.
  2. Click the CVE associated with the rexec vulnerability. A brief description of the CVE opens.
  3. You can obtain additional information about the Network Vulnerability Test (NVT) that discovered this CVE by clicking the NVT at the bottom of the CVE window. An NVT is a script that can be executed to check for specific vulnerabilities, including CVEs.
  4. Click the back arrow in the browser to return to the report screen. The rexec services typically run on TCP ports 512, 513, or 514.
  5. Select the Ports tab to view the open ports on the Metasploitable system.
  6. Explore the other vulnerabilities and focus on how you might use them to exploit the 172.17.0.2 client.

Step 5: Clean Up#

When you are done with GVM services, use the following command to stop GVM. sudo gvm-stop