OpenVAS – Opensource Vulnerability Assessment Scanner


  1. Nice article, I’d never heard of this package before.

    BTW, the openSUSE Build Service has packages available for OpenVAS.

  2. Note this is an open-source fork of Nessus, created after the latter closed its source.

  3. It’s funny, once it’s gone everybody wants it.

    The “official” reason of Nessus going closed source is the community. Apparently very few have contributed to (a) core and (b) NASL scripts… At the end it was obvious, according to the announcement way back, that there is no support from the community – one way in a two way street so to speak. Now that it’s gone, suddenly there is this big interest (I’ve seen few OpenVAS posts in the last few weeks).

    I wonder if the project is going to die, again, soon.

  4. As important as security is, remaining current with every development is hard, and evaluating possible vulnerabilities across a network can be quite a chore. You need a way to both automate tests and make sure you’re running the most appropriate and up-to-date tests. Open Vulnerability Assessment System (OpenVAS) is a network security scanner that includes a central server and a graphical front end. The server allows you to run several different network vulnerability tests (NVT) written in Nessus Attack Scripting Language (NASL), which OpenVAS updates frequently.

  5. Over at our open source vulnerability scanning site, we formerly were running a Nessus scan. We have since switched to OpenVas since the Nessus licensing change.

    Check us out, we are currently offering free vulnerability scans against your servers.

    All the best for 2009!

  6. Hi,

    I’m finding some issue while i run the command openvas-nvt-sync.It throws the error ->
    sent 848073 bytes received 1503041 bytes 120569.95 bytes/sec
    total size is 47546176 speedup is 20.22
    Error: md5sums not correct. Your NVT collection might be broken now.
    Please try this for details: cd “/usr/local/lib/openvas/plugins” ; md5sum -c “/usr/local/lib/openvas/plugins/md5sums” | less

    Please do tell me what might be the reason for this.Also suggest me any alternatives to sync the plugins on the OpenVAS server.


  7. Hi,

    this blog looks pretty good explained about OpenVAS. I installed OpenVAS on Debian (Raid Systems)(SERVER) nd trying to scan by giving the localhost address or any remote systems… The problem is the report which is getting as an output from openvas is only regarding PORT’s, i just wanted to know is it possible to scan based on application installed in the remote systems or is it possible to scan specific files which i needed to scan respectively.

    please provide me the best solution for it, waiting for the earliest response.
    my mail id:

    Thanking you,
    Avinash Bhat

  8. I found the application pretty easy to install when using ubuntu. I think this article helped a lot.

    I do remember using it from time to time. I think the application works pretty well once you configure all of the parameters it asks.

    I think this is something I will contribute to.


  9. I’ve used Nessus (even recently), I’ve used Retina, I’ve used ISS and now and I’ve used OpenVAS recently.
    Frankly, I LOVE ISS, but HATE the licensing cost. Retina is OK, but not the best, to be charitable.
    When I look at Nessus today and I look at OpenVAS today, I’ll go 11 times out of 10 with OpenVAS. Its reporting is cleaner, more configurable and overall better formatted.
    Now, if you’ll excuse me, I need to harangue the CentOs folks over one recent vulnerability and two 2009 vulnerabilities that remain unpatched in their distribution.

Leave a Reply

Your email address will not be published. Required fields are marked *