OpenVAS: Open Vulnerability Assessment System

If you are looking for an alternative to Nessus, OpenVAS is it.  Why? Just because it is a fork of Nessus. Though I am not as happy with this one as I am with Nessus. It’s just that it wont update as smoothly as Nessus does.

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. It was previously called as GNessUs. OpenVAS is a fork of version 2.2 of Nessus.

OpenVAS works as a server/client architecture that comprises several components:

• OpenVAS-Server: The basic scanning functionality
• OpenVAS-Plugins: A set of NVTs
• OpenVAS-LibNASL and OpenVAS-Libraries: Required for server functionality

A major difference between the old Nessus & OpenVAS is that it implements the OpenVAS Transfer Protocol (OTP) which has superseded the Nessus Transfer Protocol (NTP) in OpenVAS for communication between terminals and the GUI client application. It has support for English, German, Spanish, French, Swedish, Hebrew, Croatian languages. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

It’s basic architecture is as follows:

A small list of tools included with OpenVAS is as follows: Nikto, NMAP, ike-scan, Hydra, snmpwalk, amap, ldapsearch from OpenLDAP utilities, Security Local Auditing Daemon (SLAD), John-the-Ripper, Chkrootkit, LSOF, ClamAV, Tripwire, TIGER, Logwatch, TrapWatch, LM-Sensors, snort, ovaldi, pnscan, portbunny, strobe!

You can use all these tools to perform most of your penetration activities!

You can download the clients & server components from the below links:

OpenVAS 2.0:
Server components:
openvas-libraries 2.0.2
openvas-libnasl 2.0.1
openvas-server 2.0.1
openvas-plugins 1.0.5

Client:
openvas-client 2.0.2

Related Blogs

• Related Blogs on Nessus
• Scan vulnerability by using Nessus « Linux Admin Blog
• Getting Nessus running on your home network FREE | Nicholson Security

• Related Blogs on OpenVAS
• OpenVAS 2.0.1

• Related Blogs on Penetration Testing
• How to choose a Pen Tester « Steven Branigan’s Blog
• Top Tools For Penetration Testing (Security Analysis/Hacking …

If you enjoyed this article, you might also like:

• UPDATE: OpenVAS 3.0.0!
  It has been a year since an updated OpenVAS version has been released. We spoke about OpenVAS here. ...
• UPDATE: OpenVAS 4!
  It has been almost 8 months since an updated OpenVAS version was released. We spoke about OpenVAS he...
• UPDATE: BackBox Linux 2.05!
  Our first post regarding BackBox Linux can be found here. A few hours ago, an updated BackBox Linux ...
• UPDATE: MagicTree 1.1!
  Our first post regarding MagicTree can be found here. A few hours ago, an update – MagicTree version...
• UPDATE: Seccubus-2.0.beta2!
  We have discussed about Seccubus in our previous posts here. A few days ago, it was updated to Seccu...
• UPDATE: Seccubus-2.0.beta1!
  We have discussed about Seccubus in our previous posts here. It has now been updated to Seccubus 2.0...
• UPDATE: BackBox Linux 2.01!
  Our first post regarding BackBox Linux can be found here. Now, an updated BackBox Linux version 2.01...
• UPDATE: Seccubus-2.0.alpha5!
  We have discussed about Seccubus in our previous posts here. It has now been updated to Seccubus 2.0...
• UPDATE: MagicTree 1.0!
  Our first post regarding MagicTree can be found here. A few hours ago, an update - MagicTree version...

Tagged as: amap, Chkrootkit, ClamAV, GNessUs, Hydra, ike-scan, John-the-Ripper, ldapsearch from OpenLDAP utilities, LM-Sensors, Logwatch, LSOF, Nessus, network security scanner, Nikto, NMAP, OpenVAS, portbunny, security scanner, snmpwalk, snort, strobe, TrapWatch