OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after Nessus went proprietary in 2005. It continues to grow, with more than 23,000 tests as of November 2011. OpenVAS plugins are written in the same NASL language used by Nessus.
For downloads and more information,
visit the OpenVAS homepage.
Appears to be based on what is now very old Nessus code. Couldn't actually get it to work - daemon started but could not log in with the client. so cannot comment further.
Different components are at different versions so not sure which ones work with which. Its supposed to be at version 5, but individual components were at versions between 0.x and 4.x. Rather confusing. All components should really be included in one package with a single version number.
Needs significant improvement to both documentation and installation routine before it can be seriously considered.
@UncleZhou: both the Greenbone Security Desktop (GSD) and the Greenbone Security Assistant (GSA) are part of the standard OpenVAS distribution and can be found on openvas.org.
* The downloadable OpenVAS-4 appliance worked, but is based on SuSE.
* An install onto an existing CentOS-5 box crapped-out.
* An install onto a clean install of CentOS-5 worked, but wouldn't start (the forums mentioned hacking the configuration to specify 'http' instead of 'https').
* An install onto a clean install of CentOS-6 worked, but it refused to start because it claimed the Greenbone Assistant was out of date -- and there are no links to free downloads of the Assistant on the Greenbone web site.
* An install onto Ubuntu 11.04 crapped-out.
* However, downloading the VMware applicance for BackTrack Linux and executing 'apt-get install openvas' from the BackTrack command line (& following the step-by-step instructions for configuring OpenVAS (on the BackTrack web site!) worked!
Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client)
Start the daemon, and launch openvas-client, update rules and configure a scan
Nothing more to do
Impressive
Now i had to check how to update vulnerabilities database
Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.
Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.
The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.
awesome tool for free. Seems to find everything, but the ratings vary from scanner to scanner. Our organization's paid to flags some items as high ie. xst while openvas rate it as low.
Still found it. Great community tool!
Your comment
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).
Appears to be based on what is now very old Nessus code. Couldn't actually get it to work - daemon started but could not log in with the client. so cannot comment further.
Different components are at different versions so not sure which ones work with which. Its supposed to be at version 5, but individual components were at versions between 0.x and 4.x. Rather confusing. All components should really be included in one package with a single version number.
Needs significant improvement to both documentation and installation routine before it can be seriously considered.
classic tool...had some trouble with its own client but with GSD n GSA it works gr8...worthy component of nessus..\m/
Nice attempt. Though way too buggy. Too much effort to start up, and most of the time it doesn't work.
@UncleZhou: both the Greenbone Security Desktop (GSD) and the Greenbone Security Assistant (GSA) are part of the standard OpenVAS distribution and can be found on openvas.org.
See: http://www.openvas.org/install-source.html
HTH
I experienced a similarly ragged path:
* The downloadable OpenVAS-4 appliance worked, but is based on SuSE.
* An install onto an existing CentOS-5 box crapped-out.
* An install onto a clean install of CentOS-5 worked, but wouldn't start (the forums mentioned hacking the configuration to specify 'http' instead of 'https').
* An install onto a clean install of CentOS-6 worked, but it refused to start because it claimed the Greenbone Assistant was out of date -- and there are no links to free downloads of the Assistant on the Greenbone web site.
* An install onto Ubuntu 11.04 crapped-out.
* However, downloading the VMware applicance for BackTrack Linux and executing 'apt-get install openvas' from the BackTrack command line (& following the step-by-step instructions for configuring OpenVAS (on the BackTrack web site!) worked!
Hope this helps.
I got it running on Debian. I installed it from source. I just followed the readmes. OpenVAS is really more powerful than Nessus
Sad to say so... but no way.
I tried 4 differents installations (Packages on a fresh Ubuntu, Packages on a fresh SLES, VM ISO, VM ODF)... no one working.
They really need better packaging and documentation...
Will check later, but for now I give up.
Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client) Start the daemon, and launch openvas-client, update rules and configure a scan Nothing more to do
Impressive
Now i had to check how to update vulnerabilities database
Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.
Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.
The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.
awesome tool for free. Seems to find everything, but the ratings vary from scanner to scanner. Our organization's paid to flags some items as high ie. xst while openvas rate it as low.
Still found it. Great community tool!