# OpenVAS — Open Source Vulnerability Assessment Scanner > OpenVAS is a full-featured open-source vulnerability scanner maintained by Greenbone. It scans networks and hosts for known security vulnerabilities using a database of over 100,000 network vulnerability tests. ## Install Save in your project root: # OpenVAS — Open Source Vulnerability Assessment Scanner ## Quick Use ```bash # Deploy Greenbone Community Edition via Docker docker compose -f docker-compose.yml up -d # Or install on Debian/Ubuntu using the official packages sudo apt install gvm sudo gvm-setup # Access the web interface (Greenbone Security Assistant) # Default: https://localhost:9392 # Login with the admin credentials generated during setup ``` ## Introduction OpenVAS (Open Vulnerability Assessment Scanner) is the scanning component of the Greenbone Community Edition, a full vulnerability management platform. It performs network vulnerability tests against hosts to identify security weaknesses, misconfigurations, and missing patches across infrastructure. ## What OpenVAS Does - Scans hosts and networks for known vulnerabilities using 100,000+ NVT checks - Identifies missing patches, weak configurations, and exposed services - Generates detailed reports with severity scores based on CVSS - Supports authenticated scans via SSH, SMB, and SNMP credentials - Schedules recurring scans and tracks remediation progress over time ## Architecture Overview The Greenbone stack consists of the OpenVAS scanner (the scan engine), gvmd (the management daemon that orchestrates scans and stores results), and GSA (the web-based Greenbone Security Assistant). The scanner loads Network Vulnerability Tests (NVTs) written in NASL and executes them against target hosts. Results are stored in a PostgreSQL database and presented through the GSA web UI or via the GMP API. ## Self-Hosting & Configuration - Deploy with Docker Compose using the official Greenbone Community containers - Alternatively install from packages on Debian, Ubuntu, or Kali Linux - Run `greenbone-feed-sync` to download the latest vulnerability feeds after setup - Configure scan targets and credentials through the GSA web interface - Set up scheduled scans and alert notifications for new findings ## Key Features - Over 100,000 network vulnerability tests with daily feed updates - Authenticated scanning for deeper OS and application-level checks - CVSS-based severity scoring with detailed remediation guidance - Compliance checking against CIS benchmarks and security policies - REST-like GMP API for integration with ticketing and SIEM systems ## Comparison with Similar Tools - **Nessus** — industry-standard scanner with polished UI but requires a commercial license - **Nuclei** — template-based scanner focused on web and cloud but less depth on network hosts - **Qualys** — cloud-based enterprise vulnerability management but expensive SaaS pricing - **Trivy** — container and IaC scanner but not a network vulnerability scanner - **Nmap** — port scanner and service detection but no vulnerability assessment database ## FAQ **Q: Is OpenVAS free for commercial use?** A: Yes. The Greenbone Community Edition including OpenVAS is licensed under GPL and free for any use. Greenbone also offers a commercial Enterprise edition with additional features and support. **Q: How does OpenVAS compare to Nessus?** A: OpenVAS is free and open-source while Nessus requires a paid license. Nessus has a more polished interface, but OpenVAS provides comparable scan coverage for most use cases. **Q: How often are vulnerability feeds updated?** A: Greenbone publishes community feed updates daily. Run `greenbone-feed-sync` regularly to stay current. **Q: Can OpenVAS scan cloud infrastructure?** A: Yes. OpenVAS can scan any reachable host including cloud VMs. Configure scan targets with the appropriate IP ranges and credentials. ## Sources - https://github.com/greenbone/openvas-scanner - https://greenbone.github.io/docs/latest/ --- Source: https://tokrepo.com/en/workflows/asset-8fa86a7d Author: AI Open Source