AI Agent Skill HUB

performing-authenticated-scan-with-openvas

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.

16 stars
byplurigrid
View on GitHubInstallation ↓

Best use case

performing-authenticated-scan-with-openvas is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.

Teams using performing-authenticated-scan-with-openvas should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/performing-authenticated-scan-with-openvas/SKILL.md --create-dirs "https://raw.githubusercontent.com/plurigrid/asi/main/plugins/asi/skills/performing-authenticated-scan-with-openvas/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/performing-authenticated-scan-with-openvas/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How performing-authenticated-scan-with-openvas Compares

Feature / Agentperforming-authenticated-scan-with-openvasStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Configure and execute authenticated vulnerability scans using OpenVAS/Greenbone Vulnerability Management with SSH and SMB credentials for comprehensive host-level assessment.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Performing Authenticated Scan with OpenVAS

## Overview

OpenVAS (Open Vulnerability Assessment Scanner) is the scanner component of the Greenbone Vulnerability Management (GVM) framework. Authenticated scans use valid credentials (SSH for Linux, SMB for Windows, ESXi for VMware) to log into target systems, enabling detection of local vulnerabilities, missing patches, and misconfigurations that unauthenticated scans cannot identify. Authenticated scans typically find 10-50x more vulnerabilities than unauthenticated scans.


## When to Use

- When conducting security assessments that involve performing authenticated scan with openvas
- When following incident response procedures for related security events
- When performing scheduled security testing or auditing activities
- When validating security controls through hands-on testing

## Prerequisites

- GVM 22.x+ installed (gvmd, openvas-scanner, gsad, ospd-openvas)
- PostgreSQL database configured for gvmd
- Redis configured for openvas-scanner
- NVT feed synchronized (greenbone-nvt-sync or greenbone-feed-sync)
- SSH credentials for Linux targets or SMB credentials for Windows targets
- Network access to target hosts on scan ports

## Installation

### Install GVM on Kali Linux / Debian
```bash
# Install GVM package
sudo apt update && sudo apt install -y gvm

# Run initial setup (creates admin account, syncs feeds)
sudo gvm-setup

# Check installation status
sudo gvm-check-setup

# Start all GVM services
sudo gvm-start

# Access Greenbone Security Assistant at https://127.0.0.1:9392
```

### Install via Docker (Recommended for Production)
```bash
# Pull Greenbone Community Edition containers
docker pull greenbone/gvm:stable

# Run with docker-compose
curl -fsSL https://greenbone.github.io/docs/latest/_static/docker-compose-22.4.yml \
  -o docker-compose.yml

# Start the stack
docker compose -f docker-compose.yml -p greenbone-community-edition up -d

# Wait for feed sync (initial sync takes 15-30 minutes)
docker compose -f docker-compose.yml -p greenbone-community-edition \
  logs -f gvmd 2>&1 | grep -i "feed"
```

## Configuring Credentials

### SSH Credentials for Linux Targets
```bash
# Using gvm-cli to create SSH credential with key-based auth
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_credential>
    <name>Linux SSH Key</name>
    <type>usk</type>
    <login>scan_user</login>
    <key>
      <private><![CDATA['"$(cat /home/scan_user/.ssh/id_rsa)"']]></private>
      <phrase>key_passphrase</phrase>
    </key>
  </create_credential>'

# SSH credential with password authentication
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_credential>
    <name>Linux SSH Password</name>
    <type>up</type>
    <login>scan_user</login>
    <password>scan_password_here</password>
  </create_credential>'
```

### SMB Credentials for Windows Targets
```bash
# Create SMB credential for Windows authenticated scanning
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_credential>
    <name>Windows SMB Cred</name>
    <type>up</type>
    <login>DOMAIN\scan_account</login>
    <password>smb_password_here</password>
  </create_credential>'
```

### ESXi Credentials
```bash
# Create ESXi credential for VMware host scanning
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_credential>
    <name>ESXi Root</name>
    <type>up</type>
    <login>root</login>
    <password>esxi_password_here</password>
  </create_credential>'
```

## Creating Scan Targets

```bash
# Create target with SSH credential (Linux hosts)
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_target>
    <name>Linux Production Servers</name>
    <hosts>192.168.1.10,192.168.1.11,192.168.1.12</hosts>
    <port_list id="33d0cd82-57c6-11e1-8ed1-406186ea4fc5"/>
    <ssh_credential id="CREDENTIAL_UUID_HERE">
      <port>22</port>
    </ssh_credential>
    <alive_test>ICMP, TCP-ACK Service and ARP Ping</alive_test>
  </create_target>'

# Create target with SMB credential (Windows hosts)
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_target>
    <name>Windows Domain Controllers</name>
    <hosts>192.168.1.20,192.168.1.21</hosts>
    <port_list id="33d0cd82-57c6-11e1-8ed1-406186ea4fc5"/>
    <smb_credential id="SMB_CREDENTIAL_UUID_HERE"/>
    <alive_test>ICMP, TCP-ACK Service and ARP Ping</alive_test>
  </create_target>'
```

## Scan Configuration

### Built-in Scan Configs
| Config Name | OID | Use Case |
|------------|-----|----------|
| Full and fast | daba56c8-73ec-11df-a475-002264764cea | Standard production scan |
| Full and deep | 708f25c4-7489-11df-8094-002264764cea | Thorough scan, may be disruptive |
| System Discovery | 8715c877-47a0-438d-98a3-27c7a6ab2196 | Host and service enumeration |

### Create Custom Scan Config for Authenticated Scan
```bash
# Clone "Full and fast" config and customize
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_config>
    <copy>daba56c8-73ec-11df-a475-002264764cea</copy>
    <name>Authenticated Full Scan</name>
  </create_config>'
```

## Running the Scan

### Create and Start Scan Task
```bash
# Create scan task
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_task>
    <name>Weekly Authenticated Scan - Linux Prod</name>
    <config id="CONFIG_UUID"/>
    <target id="TARGET_UUID"/>
    <scanner id="08b69003-5fc2-4037-a479-93b440211c73"/>
  </create_task>'

# Start the scan task
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<start_task task_id="TASK_UUID"/>'

# Check scan progress
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<get_tasks task_id="TASK_UUID"/>'
```

### Schedule Recurring Scans
```bash
# Create weekly schedule (every Sunday at 2:00 AM UTC)
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<create_schedule>
    <name>Weekly Sunday 2AM</name>
    <icalendar>
BEGIN:VCALENDAR
VERSION:2.0
BEGIN:VEVENT
DTSTART:20240101T020000Z
RRULE:FREQ=WEEKLY;BYDAY=SU
DURATION:PT12H
END:VEVENT
END:VCALENDAR
    </icalendar>
    <timezone>UTC</timezone>
  </create_schedule>'
```

## Exporting Results

```bash
# Export scan report as XML
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<get_reports report_id="REPORT_UUID" format_id="a994b278-1f62-11e1-96ac-406186ea4fc5"/>'

# Export as CSV
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<get_reports report_id="REPORT_UUID" format_id="c1645568-627a-11e3-a660-406186ea4fc5"/>'

# Use python-gvm for programmatic access
python3 -c "
from gvm.connections import UnixSocketConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeCheckCommandTransform

connection = UnixSocketConnection(path='/run/gvmd/gvmd.sock')
transform = EtreeCheckCommandTransform()
with Gmp(connection=connection, transform=transform) as gmp:
    gmp.authenticate('admin', 'password')
    reports = gmp.get_reports()
    print(f'Total reports: {len(reports)}')
"
```

## Validating Authentication Success

```bash
# Check if credentials were accepted during scan
# In the scan report, look for NVT "Authentication tests" results:
# - OID 1.3.6.1.4.1.25623.1.0.103591 (SSH authentication successful)
# - OID 1.3.6.1.4.1.25623.1.0.90023 (SMB authentication successful)

# Verify via gvm-cli
gvm-cli socket --socketpath /run/gvmd/gvmd.sock --gmp-username admin --gmp-password <password> --xml \
  '<get_results filter="name=SSH rows=10 sort-reverse=severity"/>'
```

## References

- [OpenVAS Official Site](https://www.openvas.org/)
- [Greenbone Community Edition Docs](https://greenbone.github.io/docs/latest/)
- [GVM GitHub Repository](https://github.com/greenbone/openvas-scanner)
- [python-gvm Library](https://github.com/greenbone/python-gvm)
- [GVM Docker Deployment](https://greenbone.github.io/docs/latest/22.4/container/)

Related Skills

tizen-cve-scanner

16
from plurigrid/asi

Scans for known Tizen CVEs in app dependencies and kernel. Checks OpenCVE database and Samsung security updates.

substrate-vulnerability-scanner

16
from plurigrid/asi

Scans Substrate/Polkadot pallets for 7 critical vulnerabilities including arithmetic overflow, panic DoS, incorrect weights, and bad origin checks. Use when auditing Substrate runtimes or FRAME pallets. (project, gitignored)

scanning-network-with-nmap-advanced

16
from plurigrid/asi

Performs advanced network reconnaissance using Nmap's scripting engine, timing controls, evasion techniques, and output parsing to discover hosts, enumerate services, detect vulnerabilities, and fingerprint operating systems across authorized target networks.

scanning-kubernetes-manifests-with-kubesec

16
from plurigrid/asi

Perform security risk analysis on Kubernetes resource manifests using Kubesec to identify misconfigurations, privilege escalation risks, and deviations from security best practices.

scanning-infrastructure-with-nessus

16
from plurigrid/asi

Tenable Nessus is the industry-leading vulnerability scanner used to identify security weaknesses across network infrastructure including servers, workstations, network devices, and operating systems.

scanning-docker-images-with-trivy

16
from plurigrid/asi

Trivy is a comprehensive open-source vulnerability scanner by Aqua Security that detects vulnerabilities in OS packages, language-specific dependencies, misconfigurations, secrets, and license violati

scanning-containers-with-trivy-in-cicd

16
from plurigrid/asi

This skill covers integrating Aqua Security's Trivy scanner into CI/CD pipelines for comprehensive container image vulnerability detection. It addresses scanning Docker images for OS package and application dependency CVEs, detecting misconfigurations in Dockerfiles, scanning filesystem and git repositories, and establishing severity-based quality gates that block deployment of vulnerable images.

scanning-container-images-with-grype

16
from plurigrid/asi

Scan container images for known vulnerabilities using Anchore Grype with SBOM-based matching and configurable severity thresholds.

performing-yara-rule-development-for-detection

16
from plurigrid/asi

Develop precise YARA rules for malware detection by identifying unique byte patterns, strings, and behavioral indicators in executable files while minimizing false positives.

performing-wireless-security-assessment-with-kismet

16
from plurigrid/asi

Conduct wireless network security assessments using Kismet to detect rogue access points, hidden SSIDs, weak encryption, and unauthorized clients through passive RF monitoring.

performing-wireless-network-penetration-test

16
from plurigrid/asi

Execute a wireless network penetration test to assess WiFi security by capturing handshakes, cracking WPA2/WPA3 keys, detecting rogue access points, and testing wireless segmentation using Aircrack-ng and related tools.

performing-windows-artifact-analysis-with-eric-zimmerman-tools

16
from plurigrid/asi

Perform comprehensive Windows forensic artifact analysis using Eric Zimmerman's open-source EZ Tools suite including KAPE, MFTECmd, PECmd, LECmd, JLECmd, and Timeline Explorer for parsing registry hives, prefetch files, event logs, and file system metadata.