OpenVAS is a vulnerability scanner that was forked from the last free version of Nessus after that tool went proprietary in 2005. OpenVAS plugins are still written in the Nessus NASL language. The project seemed dead for a while, but development has restarted.
For downloads and more information,
visit the OpenVAS homepage.
We use it IT networks, around 20K internal IPs and 1K external. Works well. It is pain to install from source, but now there is nothing better to scan large scare for free. Other tool are paid or trial. Good for small scale. Greenbone source edition is best opensource vulnerability scanner unless you want to pay for solution.
This is a very useful tool and simple network solution. Install it with Greenbone Security Assistant or OpenVAS-Client and it can easily scan the entire network. It's not without problems though:
-When I tried scanning my printer, it sent a ton of HTTP-style requests to port 9100/tcp, which ended up using half of the paper in the printer.
-If a server happens to start returning HTTP 503 after a DoS NVT is used, the result is several DoS false flag results.
-The difference between OpenVAS style scans and CVE style scans is minimal.
-It is incredibly hard to install - openvas-setup doesn't always work, and even then will generate a random password that might not be noticed.
Absolutely brilliant tool to scan the entire network.
and voila you have the VA reports along with recommendations.
A bit of caution though .. not all vulnerability fixes recommended by OpenVas work for everyone. So read the recommendation and do research first. Some fixes can actually break the application/server ;)
Simple comment. I like it; it works. A few trivial items could be addressed:
1) I don't care for the Greenbone Security Assistant web interface - that's just me though.
2) In GSA, when creating a target there seems to be a limit on the number of IPs; I needed a target that had a total of 4578 addresses (1 /22 and a bunch of /24). It wouldn't allow it. The limit is something between 3556 addresses and 1022 addresses. This, of course, will not affect everybody but is less than desirable to me since I now have to run two scans to cover all IPs.
3) I'd like to be able to create a Task with multiple targets. For example, I have Target 1 which covers 192.168.1.0/24 and Target 2 which covers 192.168.2.0/24. The Task would then allow selecting Target 1 and Target 2 but it's not a multi-select field. Point is, better Target usage in Tasks. Yes, I know I could create a single target that includes both subnets but that's not what I want.
For the person giving a poor rating because they couldn't get it running - that's not the fault of the product. Give yourself a poor rating.
openvas is a great vuln scanner and it is included on kali 2 .
if you cant understand programming languages , then isnt something for you because openvas itself it comes with default but when you can change this and insert this and this plugin it becomes one of the strongest scanning engines ever !
Great product. The BEST core product for free you will find out there. Hands down, 5 stars. I would knock it for not having many plugins, but that's not the fault of OpenVAS. That's the fault of the community (self included)
If you use Kali Linux (the new BackTrack) check this out if you need help setting it up. I also created a free start-up script to get it going, updated, and running the WebUI Greenbone
OpenVAS really is awesome. It did take a bit to initially get setup, but now it works perfect.
The multiple formats you can export the vuln report to is great for slapping in front of consultants faces who don't care about security.
Only negative thing I can think of is that it is SLOWWW when first connecting to the daemon/server, even over GigE.
I find it hilarious in regards to the people who rate this one star because they couldn't get it working. Maybe the security field is not for you? Don't rate something as crap because you can't figure out how to get it working.
Agree with other comments about set up, I eventually got something working using the OpenVas5 demo appliance. In the case of OpenVas 5 it seems that it is expecting old GNUtls libraries, build with new if you ask it to ignore warnings about deprecated calls, but doesn't work. But there are issues with the demo appliance and GNUtls.
This is an excellent program, free as in freedom and free as in beer. relatively simple to set up and customize for the type of scans you require. Great report output. I will continue to use this with my clients...
what a joke, can't believe anyone considers this usable. less than amused, after years of using and contributing to various vuln scanners; only one was able to be installed successfully and able to scan, retina! *gag*
cute how this (and nessus and saint) is supposed to be bundled with backtrack (preinstalled/good-to-go) yet, is more like a science project or circus.
Appears to be based on what is now very old Nessus code. Couldn't actually get it to work - daemon started but could not log in with the client. so cannot comment further.
Different components are at different versions so not sure which ones work with which. Its supposed to be at version 5, but individual components were at versions between 0.x and 4.x. Rather confusing. All components should really be included in one package with a single version number.
Needs significant improvement to both documentation and installation routine before it can be seriously considered.
* The downloadable OpenVAS-4 appliance worked, but is based on SuSE.
* An install onto an existing CentOS-5 box crapped-out.
* An install onto a clean install of CentOS-5 worked, but wouldn't start (the forums mentioned hacking the configuration to specify 'http' instead of 'https').
* An install onto a clean install of CentOS-6 worked, but it refused to start because it claimed the Greenbone Assistant was out of date -- and there are no links to free downloads of the Assistant on the Greenbone web site.
* An install onto Ubuntu 11.04 crapped-out.
* However, downloading the VMware applicance for BackTrack Linux and executing 'apt-get install openvas' from the BackTrack command line (& following the step-by-step instructions for configuring OpenVAS (on the BackTrack web site!) worked!
Server and client installs like a charm on Debian 6.0.4 (apt-get install openvas-server openvas-client)
Start the daemon, and launch openvas-client, update rules and configure a scan
Nothing more to do
Now i had to check how to update vulnerabilities database
Using on CentOS 5.x and it's a no go from the binary packages provided by the project. Looks like there's a problem between the "management" daemon and sqlite3 - the database was continually becoming corrupted/locked/whatever which rendered the whole shebang useless.
Nice idea, however, after over two hours of work, i couldn't get it to work at all. The daemons loade,d but the front-ends (both web and local) crashed repeatedly. Documentation is non-existent, and the mailing lists tend to be filled with "I can't get this to work" messages, with few if any clueful ideas. Sad, really; I like the idea of this software.
The latest version has a comprehensive web interface allowing control over scans, scheduling and reporting. I usually recommend running this alongside Nessus or NexPose and comparing the results, however if you are on a budget this is a great place to start.