OpenVAS
OpenVAS.md
OpenVAS
Overview
OpenVAS (Open Vulnerability Assessment System) is a full-featured, open-source vulnerability scanner maintained by Greenbone Networks. It is the free/community counterpart to Nessus and is the core engine behind the Greenbone Community Edition (GCE) and Greenbone Enterprise appliances.
Category
#scanning #vulnerability-assessment #open-source
Phase
Scanning
Developer
Greenbone Networks — greenbone.net Community Docs: greenbone.github.io/docs
Architecture
Greenbone Security Manager (GSM)
└── GVM (Greenbone Vulnerability Manager) — orchestration layer
├── OpenVAS Scanner — actual scanning engine
├── OSPD-OpenVAS — scanner daemon/protocol bridge
└── NVT Feed — vulnerability test database (updated daily)
Install (Kali Linux — easiest path)
sudo apt update && sudo apt install gvm -y
sudo gvm-setup # Initial setup (takes a while — downloads NVT feed)
sudo gvm-start # Start services
sudo gvm-check-setup # Verify everything is running
# Access at: https://localhost:9392
Default Credentials After Setup
Username: admin
Password: (generated during setup — note it from gvm-setup output)
Key Scan Configs
| Config | Description |
|---|---|
| Full and Fast | Recommended default; comprehensive but optimized |
| Full and Very Deep | Slower, more thorough |
| Empty | Build custom from scratch |
| Host Discovery | Just discover live hosts |
| System Discovery | OS and service fingerprinting only |
Workflow
1. Login to web UI (Greenbone Security Assistant)
2. Scans → Targets → New Target (set host/range)
3. Scans → Tasks → New Task
→ Select target, scan config, scanner
4. Start task → Monitor progress
5. Scans → Reports → View/export findings
NVT Feed
OpenVAS uses Network Vulnerability Tests (NVTs) — NASL scripts that check for known vulnerabilities.
# Manually sync the NVT feed
sudo greenbone-nvt-sync
The community feed is updated daily and covers tens of thousands of CVEs.
Credentialed Scanning
Add SSH (Linux) or SMB (Windows) credentials under Configuration → Credentials for deeper local checks — similar to Nessus credentialed scans.
OPSEC Notes
Like Nessus, OpenVAS is an active, noisy scanner. Do not run against targets without written authorization. The scanning host should be secured — it stores credentials and scan results.
OpenVAS vs Nessus
| Feature | OpenVAS | Nessus Essentials |
|---|---|---|
| Cost | Free | Free (16 IP cap) |
| IP limit | None | 16 IPs |
| NVT/Plugin count | ~60,000+ | ~180,000+ |
| UI | Greenbone Security Assistant | Polished, modern |
| Compliance templates | Limited | More robust |
| Community support | Strong | Tenable forums |
Related Tools
- Nessus — Commercial alternative; more plugins, better compliance
- Nmap — Fast port scan before running a full OpenVAS task
- Metasploit — Exploit confirmed findings
Tags
#ethical-hacking #scanning #vulnerability-assessment #open-source #greenbone