As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS – at last a decent and free Vulnerability Scanner!
OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.
OpenVAS products are Free Software under GNU GPL and a fork of Nessus.
About OpenVAS Server
The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.
The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server and openvas-plugins. All need to be installed for a fully functional server.
OpenVAS server is a forked development of Nessus 2.2. The fork happened because the major development (Nessus 3) changed to a proprietary license model and the development of Nessus 2.2.x is practically closed for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.
OpenVAS-Client is a terminal and GUI client application for both OpenVAS and Nessus. It implements the Nessus Transfer Protocol (NTP). The GUI is implemented using GTK+ 2.4 and allows for managing network vulnerability scan sessions.
OpenVAS-Client is a successor of NessusClient 1.X. The fork happened with NessusClient CVS HEAD 20070704. The reason was that the original authors of NessusClient decided to stop active development for this (GTK-based) NessusClient in favor of a newly written QT-based version released as proprietary software.
OpenVAS-Client is released under GNU GPLv2 and may be linked with OpenSSL.
You can download OpenVAS here:
Or read more here.
- Twitter Bug Bounty Official – Started Paying For Bugs
- Heartbleed Implicated In US Hospital Leak
- XML Quadratic Blowup Attack Blows Up WordPress & Drupal
- MagicTree v1.0 Released – Productivity Tool For Penetration Testers
- Skipfish 1.94b Released – Active Web Application Security Reconnaissance Tool
- Installing Nessus on Debian-based OSs like Ubuntu
Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 227,468 views
- AJAX: Is your application secure enough? - 119,107 views
- eEye Launches 0-Day Exploit Tracker - 85,056 views