Home page logo
/

OpenVAS

OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. OpenVAS plugins are still written in the Nessus NASL language. The project seemed dead for a while, but development has restarted. For downloads and more information, visit the OpenVAS homepage.

Popularity #19, new!
Rating ★★★½ (19)
Latest release 6.0
April 17, 2013
(12 months ago)
Homepage/Download
Wikipedia
Outdated/incomplete?
★★★★★ 
 37%
★★★★ 
 32%
★★★ 
 0%
★★ 
 5%
★ 
 26%
Screenshot

Comments

★★★★★ Jack Reacher

Great product. The BEST core product for free you will find out there. Hands down, 5 stars. I would knock it for not having many plugins, but that's not the fault of OpenVAS. That's the fault of the community (self included)

★★★★★ VM

The latest version Openvas 6 works just great. Reporting tools have been greatly simplified and are more informative. The number of tests have steadily increased too.

5 stars.....

no rating AfterBurn

If you use Kali Linux (the new BackTrack) check this out if you need help setting it up. I also created a free start-up script to get it going, updated, and running the WebUI Greenbone https://www.youtube.com/watch?v=0b4SVyP0IqI

★★★★★ jaylesh

OpenVAS really is awesome. It did take a bit to initially get setup, but now it works perfect.

The multiple formats you can export the vuln report to is great for slapping in front of consultants faces who don't care about security.

Only negative thing I can think of is that it is SLOWWW when first connecting to the daemon/server, even over GigE.

I find it hilarious in regards to the people who rate this one star because they couldn't get it working. Maybe the security field is not for you? Don't rate something as crap because you can't figure out how to get it working.

Excellent free opensource vuln scanner.

★★★★ Andrea Bodei

Very good product, free and easy to use. It anyway has less plugins than Nessus.

★★ S

Agree with other comments about set up, I eventually got something working using the OpenVas5 demo appliance. In the case of OpenVas 5 it seems that it is expecting old GNUtls libraries, build with new if you ask it to ignore warnings about deprecated calls, but doesn't work. But there are issues with the demo appliance and GNUtls.

★★★★★ Eugene Filipowicz

This is an excellent program, free as in freedom and free as in beer. relatively simple to set up and customize for the type of scans you require. Great report output. I will continue to use this with my clients...

★★★★ gmelis

IF you have the time to get it to work, it's a nice tool to have around. Exports to every useful format there is, works with plugins and you can still write your own tests.

Still, somebody should tell the about version numbering. The current scheme is maybe very precise, but having to search for what subversions comprise version 5 wasn't that much exciting.

★★★★ gogot

For a Free VM scanning tool, Open VAS does the job. Happy with it.

★★★★★ Guy

OpenVAS is an awsome tool for vuln scan Its free of charge .. May not be the best But its good enough!

★★★★★ Scott

openvas is great

pros:

- no flash required for web interface as with nessus

- results output in a variety of formats (CPE->CSV, HTML, ITG, LaTeX, NBR, PDF, TXT, or XML)

- detections and vulnerabilities competitive or better than nessus from my limited testing

cons:

- initial setup difficult, but being made easier with repositories

sadaboutindustrydirection

what a joke, can't believe anyone considers this usable. less than amused, after years of using and contributing to various vuln scanners; only one was able to be installed successfully and able to scan, retina! *gag*

cute how this (and nessus and saint) is supposed to be bundled with backtrack (preinstalled/good-to-go) yet, is more like a science project or circus.

no rating Jake

Appears to be based on what is now very old Nessus code. Couldn't actually get it to work - daemon started but could not log in with the client. so cannot comment further.

Different components are at different versions so not sure which ones work with which. Its supposed to be at version 5, but individual components were at versions between 0.x and 4.x. Rather confusing. All components should really be included in one package with a single version number.

Needs significant improvement to both documentation and installation routine before it can be seriously considered.

★★★★ Vickydada

classic tool...had some trouble with its own client but with GSD n GSA it works gr8...worthy component of nessus..\m/

Joseph

Nice attempt. Though way too buggy. Too much effort to start up, and most of the time it doesn't work.

no rating Henri

@UncleZhou: both the Greenbone Security Desktop (GSD) and the Greenbone Security Assistant (GSA) are part of the standard OpenVAS distribution and can be found on openvas.org.

See: http://www.openvas.org/install-source.html

HTH

★★★★ UncleZhou

I experienced a similarly ragged path:

* The downloadable OpenVAS-4 appliance worked, but is based on SuSE.

* An install onto an existing CentOS-5 box crapped-out.

* An install onto a clean install of CentOS-5 worked, but wouldn't start (the forums mentioned hacking the configuration to specify 'http' instead of 'https').

* An install onto a clean install of CentOS-6 worked, but it refused to start because it claimed the Greenbone Assistant was out of date -- and there are no links to free downloads of the Assistant on the Greenbone web site.

* An install onto Ubuntu 11.04 crapped-out.

* However, downloading the VMware applicance for BackTrack Linux and executing 'apt-get install openvas' from the BackTrack command line (& following the step-by-step instructions for configuring OpenVAS (on the BackTrack web site!) worked!

Hope this helps.

Banania

Sad to say so... but no way.

I tried 4 differents installations (Packages on a fresh Ubuntu, Packages on a fresh SLES, VM ISO, VM ODF)... no one working.

They really need better packaging and documentation...

Will check later, but for now I give up.

★★★★ Mike Lille

Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client) Start the daemon, and launch openvas-client, update rules and configure a scan Nothing more to do

Impressive

Now i had to check how to update vulnerabilities database

mr.flapjacks

Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.

rockerdaddy

Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.

no rating hackertarget.com

The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.

★★★★★ max

awesome tool for free. Seems to find everything, but the ratings vary from scanner to scanner. Our organization's paid to flags some items as high ie. xst while openvas rate it as low.

Still found it. Great community tool!

Your comment

Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).

 
 
  (will not be shown, will not be spammed)
  (web site, Twitter, Facebook, etc.)
(At least 50 characters. No markup is allowed. URLs will be made into links.)
 What is the answer to the ultimate question of life the universe and everything? (antispam)

Feed for updates.

Home

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]