OpenVAS — Open Source Vulnerability Assessment Scanner

Introduction

OpenVAS (Open Vulnerability Assessment Scanner) is the scanning component of the Greenbone Community Edition, a full vulnerability management platform. It performs network vulnerability tests against hosts to identify security weaknesses, misconfigurations, and missing patches across infrastructure.

What OpenVAS Does

• Scans hosts and networks for known vulnerabilities using 100,000+ NVT checks
• Identifies missing patches, weak configurations, and exposed services
• Generates detailed reports with severity scores based on CVSS
• Supports authenticated scans via SSH, SMB, and SNMP credentials
• Schedules recurring scans and tracks remediation progress over time

Architecture Overview

The Greenbone stack consists of the OpenVAS scanner (the scan engine), gvmd (the management daemon that orchestrates scans and stores results), and GSA (the web-based Greenbone Security Assistant). The scanner loads Network Vulnerability Tests (NVTs) written in NASL and executes them against target hosts. Results are stored in a PostgreSQL database and presented through the GSA web UI or via the GMP API.

Self-Hosting & Configuration

• Deploy with Docker Compose using the official Greenbone Community containers
• Alternatively install from packages on Debian, Ubuntu, or Kali Linux
• Run greenbone-feed-sync to download the latest vulnerability feeds after setup
• Configure scan targets and credentials through the GSA web interface
• Set up scheduled scans and alert notifications for new findings

Key Features

• Over 100,000 network vulnerability tests with daily feed updates
• Authenticated scanning for deeper OS and application-level checks
• CVSS-based severity scoring with detailed remediation guidance
• Compliance checking against CIS benchmarks and security policies
• REST-like GMP API for integration with ticketing and SIEM systems

Comparison with Similar Tools

• Nessus — industry-standard scanner with polished UI but requires a commercial license
• Nuclei — template-based scanner focused on web and cloud but less depth on network hosts
• Qualys — cloud-based enterprise vulnerability management but expensive SaaS pricing
• Trivy — container and IaC scanner but not a network vulnerability scanner
• Nmap — port scanner and service detection but no vulnerability assessment database

FAQ

Q: Is OpenVAS free for commercial use? A: Yes. The Greenbone Community Edition including OpenVAS is licensed under GPL and free for any use. Greenbone also offers a commercial Enterprise edition with additional features and support.

Q: How does OpenVAS compare to Nessus? A: OpenVAS is free and open-source while Nessus requires a paid license. Nessus has a more polished interface, but OpenVAS provides comparable scan coverage for most use cases.

Q: How often are vulnerability feeds updated? A: Greenbone publishes community feed updates daily. Run greenbone-feed-sync regularly to stay current.

Q: Can OpenVAS scan cloud infrastructure? A: Yes. OpenVAS can scan any reachable host including cloud VMs. Configure scan targets with the appropriate IP ranges and credentials.

Sources

• https://github.com/greenbone/openvas-scanner
• https://greenbone.github.io/docs/latest/