OpenVAS
OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. OpenVAS plugins are still written in the Nessus NASL language. The project seemed dead for a while, but development has restarted. For downloads and more information, visit the OpenVAS homepage.
- Popularity
- #19, new!
- Latest release
- 8.0
- April 2, 2015 (9 years, 6 months ago)
- Links
- Rating
- ★★★★ (30)
★★★★★47% ★★★★30% ★★★0% ★★3% ★20%
We use it IT networks, around 20K internal IPs and 1K external. Works well. It is pain to install from source, but now there is nothing better to scan large scare for free. Other tool are paid or trial. Good for small scale. Greenbone source edition is best opensource vulnerability scanner unless you want to pay for solution.
openVAS is now the Greenbone Community-Edition and Greenbone Source Edition.
More Information here: https://www.greenbone.net/en/community-edition/
Forum: https://community.greenbone.net/c/gse
This is a very useful tool and simple network solution. Install it with Greenbone Security Assistant or OpenVAS-Client and it can easily scan the entire network. It's not without problems though: -When I tried scanning my printer, it sent a ton of HTTP-style requests to port 9100/tcp, which ended up using half of the paper in the printer. -If a server happens to start returning HTTP 503 after a DoS NVT is used, the result is several DoS false flag results. -The difference between OpenVAS style scans and CVE style scans is minimal. -It is incredibly hard to install - openvas-setup doesn't always work, and even then will generate a random password that might not be noticed.
Super Tool. Works like a mint. Anyone tried scanning a Apple device (e.g. mac book). I cannot make it work. The scan finishes in few secs and nothing gets reported
Took awhile to set up with everything working. The pdf part was the hardest. It works awesome! Thank you openvas team!!!
Absolutely brilliant tool to scan the entire network. Install it, Update it, Run it and voila you have the VA reports along with recommendations. A bit of caution though .. not all vulnerability fixes recommended by OpenVas work for everyone. So read the recommendation and do research first. Some fixes can actually break the application/server ;)
Cheers
Simple comment. I like it; it works. A few trivial items could be addressed:
1) I don't care for the Greenbone Security Assistant web interface - that's just me though.
2) In GSA, when creating a target there seems to be a limit on the number of IPs; I needed a target that had a total of 4578 addresses (1 /22 and a bunch of /24). It wouldn't allow it. The limit is something between 3556 addresses and 1022 addresses. This, of course, will not affect everybody but is less than desirable to me since I now have to run two scans to cover all IPs.
3) I'd like to be able to create a Task with multiple targets. For example, I have Target 1 which covers 192.168.1.0/24 and Target 2 which covers 192.168.2.0/24. The Task would then allow selecting Target 1 and Target 2 but it's not a multi-select field. Point is, better Target usage in Tasks. Yes, I know I could create a single target that includes both subnets but that's not what I want.
For the person giving a poor rating because they couldn't get it running - that's not the fault of the product. Give yourself a poor rating.
openvas is a great vuln scanner and it is included on kali 2 .
if you cant understand programming languages , then isnt something for you because openvas itself it comes with default but when you can change this and insert this and this plugin it becomes one of the strongest scanning engines ever !
greetins from the world wide web :-)
Here is another resource that worked for me http://itrig.de/index.php?/archives/2178-Ubuntu-OpenVAS-8.0-installieren,-konfigurieren-und-ein-Netzwerk-scannen.html
For BackBox there is a Script https://gist.githubusercontent.com/ZEROF/fb790b35098be3bafcaf/raw
Just wanted to mention again that a Kali Linux Virtualbox install is probably the easiest way to get OpenVAS working.
I also used these 2 resources to help trouble-shoot: http://www.openvas.org/install-packages.html https://hackertarget.com/install-openvas-7-ubuntu/
OpenVAS 7 seems to work only vs localhost. OpenVAS 6 seems to stop to accept weblogins after updates
Been using it since ~2010, great tool, absolutely comparable to Nessus
Great product. The BEST core product for free you will find out there. Hands down, 5 stars. I would knock it for not having many plugins, but that's not the fault of OpenVAS. That's the fault of the community (self included)
The latest version Openvas 6 works just great. Reporting tools have been greatly simplified and are more informative. The number of tests have steadily increased too.
5 stars.....
If you use Kali Linux (the new BackTrack) check this out if you need help setting it up. I also created a free start-up script to get it going, updated, and running the WebUI Greenbone https://www.youtube.com/watch?v=0b4SVyP0IqI
OpenVAS really is awesome. It did take a bit to initially get setup, but now it works perfect.
The multiple formats you can export the vuln report to is great for slapping in front of consultants faces who don't care about security.
Only negative thing I can think of is that it is SLOWWW when first connecting to the daemon/server, even over GigE.
I find it hilarious in regards to the people who rate this one star because they couldn't get it working. Maybe the security field is not for you? Don't rate something as crap because you can't figure out how to get it working.
Excellent free opensource vuln scanner.
Very good product, free and easy to use. It anyway has less plugins than Nessus.
Agree with other comments about set up, I eventually got something working using the OpenVas5 demo appliance. In the case of OpenVas 5 it seems that it is expecting old GNUtls libraries, build with new if you ask it to ignore warnings about deprecated calls, but doesn't work. But there are issues with the demo appliance and GNUtls.
This is an excellent program, free as in freedom and free as in beer. relatively simple to set up and customize for the type of scans you require. Great report output. I will continue to use this with my clients...
IF you have the time to get it to work, it's a nice tool to have around. Exports to every useful format there is, works with plugins and you can still write your own tests.
Still, somebody should tell the about version numbering. The current scheme is maybe very precise, but having to search for what subversions comprise version 5 wasn't that much exciting.
For a Free VM scanning tool, Open VAS does the job. Happy with it.
OpenVAS is an awsome tool for vuln scan Its free of charge .. May not be the best But its good enough!
openvas is great
pros:
- no flash required for web interface as with nessus
- results output in a variety of formats (CPE->CSV, HTML, ITG, LaTeX, NBR, PDF, TXT, or XML)
- detections and vulnerabilities competitive or better than nessus from my limited testing
cons:
- initial setup difficult, but being made easier with repositories
what a joke, can't believe anyone considers this usable. less than amused, after years of using and contributing to various vuln scanners; only one was able to be installed successfully and able to scan, retina! *gag*
cute how this (and nessus and saint) is supposed to be bundled with backtrack (preinstalled/good-to-go) yet, is more like a science project or circus.
Appears to be based on what is now very old Nessus code. Couldn't actually get it to work - daemon started but could not log in with the client. so cannot comment further.
Different components are at different versions so not sure which ones work with which. Its supposed to be at version 5, but individual components were at versions between 0.x and 4.x. Rather confusing. All components should really be included in one package with a single version number.
Needs significant improvement to both documentation and installation routine before it can be seriously considered.
classic tool...had some trouble with its own client but with GSD n GSA it works gr8...worthy component of nessus..\m/
Nice attempt. Though way too buggy. Too much effort to start up, and most of the time it doesn't work.
@UncleZhou: both the Greenbone Security Desktop (GSD) and the Greenbone Security Assistant (GSA) are part of the standard OpenVAS distribution and can be found on openvas.org.
See: http://www.openvas.org/install-source.html
HTH
I experienced a similarly ragged path:
* The downloadable OpenVAS-4 appliance worked, but is based on SuSE.
* An install onto an existing CentOS-5 box crapped-out.
* An install onto a clean install of CentOS-5 worked, but wouldn't start (the forums mentioned hacking the configuration to specify 'http' instead of 'https').
* An install onto a clean install of CentOS-6 worked, but it refused to start because it claimed the Greenbone Assistant was out of date -- and there are no links to free downloads of the Assistant on the Greenbone web site.
* An install onto Ubuntu 11.04 crapped-out.
* However, downloading the VMware applicance for BackTrack Linux and executing 'apt-get install openvas' from the BackTrack command line (& following the step-by-step instructions for configuring OpenVAS (on the BackTrack web site!) worked!
Hope this helps.
Sad to say so... but no way.
I tried 4 differents installations (Packages on a fresh Ubuntu, Packages on a fresh SLES, VM ISO, VM ODF)... no one working.
They really need better packaging and documentation...
Will check later, but for now I give up.
Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client) Start the daemon, and launch openvas-client, update rules and configure a scan Nothing more to do
Impressive
Now i had to check how to update vulnerabilities database
Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.
Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.
The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.
awesome tool for free. Seems to find everything, but the ratings vary from scanner to scanner. Our organization's paid to flags some items as high ie. xst while openvas rate it as low.
Still found it. Great community tool!