OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after Nessus went proprietary in 2005. It continues to grow, with more than 23,000 tests as of November 2011. OpenVAS plugins are written in the same NASL language used by Nessus.
awesome tool for free. Seems to find everything, but the ratings vary from scanner to scanner. Our organization's paid to flags some items as high ie. xst while openvas rate it as low.
The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.
Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.
Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.
Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client)
Start the daemon, and launch openvas-client, update rules and configure a scan
Nothing more to do
Impressive
Now i had to check how to update vulnerabilities database
I tried 4 differents installations (Packages on a fresh Ubuntu, Packages on a fresh SLES, VM ISO, VM ODF)... no one working.
They really need better packaging and documentation...
Will check later, but for now I give up.
Your comment
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).
awesome tool for free. Seems to find everything, but the ratings vary from scanner to scanner. Our organization's paid to flags some items as high ie. xst while openvas rate it as low.
Still found it. Great community tool!
The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.
Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.
Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.
Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client) Start the daemon, and launch openvas-client, update rules and configure a scan Nothing more to do
Impressive
Now i had to check how to update vulnerabilities database
Sad to say so... but no way.
I tried 4 differents installations (Packages on a fresh Ubuntu, Packages on a fresh SLES, VM ISO, VM ODF)... no one working.
They really need better packaging and documentation...
Will check later, but for now I give up.