OpenVAS – Open Vulnerability Assessment System (Nessus is Back!)


As you all probably known since version 3 Nessus turned to a proprietary model and started charging for the latest plugins locking most of us out. Now we finally have a new, properly organised forked development with the name of OpenVAS – at last a decent and free Vulnerability Scanner!

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user front-end. The core component is a server with a set of network vulnerability tests (NVTs) to detect security problems in remote systems and applications.

OpenVAS products are Free Software under GNU GPL and a fork of Nessus.

About OpenVAS Server

The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs many network vulnerability tests against many target hosts and delivers the results. It uses a communication protocol to have client tools (graphical end-user or batched) connect to it, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which need to be updated to cover recently identified security issues.

The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server and openvas-plugins. All need to be installed for a fully functional server.

OpenVAS server is a forked development of Nessus 2.2. The fork happened because the major development (Nessus 3) changed to a proprietary license model and the development of Nessus 2.2.x is practically closed for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.

About OpenVAS-Client

OpenVAS-Client is a terminal and GUI client application for both OpenVAS and Nessus. It implements the Nessus Transfer Protocol (NTP). The GUI is implemented using GTK+ 2.4 and allows for managing network vulnerability scan sessions.

OpenVAS-Client is a successor of NessusClient 1.X. The fork happened with NessusClient CVS HEAD 20070704. The reason was that the original authors of NessusClient decided to stop active development for this (GTK-based) NessusClient in favor of a newly written QT-based version released as proprietary software.

OpenVAS-Client is released under GNU GPLv2 and may be linked with OpenSSL.

You can download OpenVAS here:

OpenVAS Client
OpenVAS Server

Or read more here.

Posted in: Exploits/Vulnerabilities, Hacking Tools, Networking Hacking

, , , , , , ,


Latest Posts:


zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors
Memhunter - Automated Memory Resident Malware Detection Memhunter – Automated Memory Resident Malware Detection
Memhunter is an Automated Memory Resident Malware Detection tool for the hunting of memory resident malware at scale, improving threat hunter analysis process.
Sandcastle - AWS S3 Bucket Enumeration Tool Sandcastle – AWS S3 Bucket Enumeration Tool
Sandcastle is an Amazon AWS S3 Bucket Enumeration Tool, formerly known as bucketCrawler. The script takes a target's name as the stem argument (e.g. shopify).
Astra - API Automated Security Testing For REST Astra – API Automated Security Testing For REST
Astra is a Python-based tool for API Automated Security Testing, REST API penetration testing is complex due to continuous changes in existing APIs.
Judas DNS - Nameserver DNS Poisoning Attack Tool Judas DNS – Nameserver DNS Poisoning Attack Tool
Judas DNS is a Nameserver DNS Poisoning Attack Tool which functions as a DNS proxy server built to be deployed in place of a taken over nameserver to perform targeted exploitation.
dsniff Download - Tools for Network Auditing & Password Sniffing dsniff Download – Tools for Network Auditing & Password Sniffing
Dsniff download is a collection of tools for network auditing & penetration testing. Dsniff, filesnarf, mailsnarf, msgsnarf, URLsnarf, and WebSpy passively monitor a network


5 Responses to OpenVAS – Open Vulnerability Assessment System (Nessus is Back!)

  1. Pantagruel August 18, 2008 at 8:44 pm #

    Came across it this morning.
    It’s good to have ‘nessus’ back in the GPL field, will definately give it a go this weekend

  2. Morgan Storey August 19, 2008 at 1:56 am #

    YAY, I loved Nessus great for doing a quick scan and creates a great report to give to management for a look see moment…
    The only problem I can see here is the reason Nessus went Closed, wasn’t it simply due to costs of hosting and serving the updates and modules, at least thats what I thought there reasoning was. But isn’t it still free for home use?
    Don’t get me wrong I am all for open source and ability to see the source, but I can see reasons against it, people need to eat.

  3. Navin August 19, 2008 at 7:33 am #

    Righto Pantagruel, nessus was one of the first tools I’d gotten into when I first started studying network security!! Definitely on my weekend “to-do” list.

  4. razta August 19, 2008 at 6:03 pm #

    I couldn’t manage to get it to compile so I gave up in the end.

  5. eM3rC August 27, 2008 at 11:34 pm #

    Cool tool

    Thanks Darknet!