OpenVAS
OpenVAS is an open source vulnerability scanner and vulnerability management solution. It can scan networks and systems for known vulnerabilities and misconfigurations and provide detailed reports.
open-source
vulnerability-scanning
network-security
OpenVAS: Open Source Vulnerability Scanner & Management Solution
An open source vulnerability scanner and management solution, OpenVAS scans networks and systems for known vulnerabilities and misconfigurations, providing detailed reports.
What is OpenVAS?
OpenVAS (Open Vulnerability Assessment System) is a free and open source vulnerability scanner and vulnerability management solution. It can perform network vulnerability tests, system configuration audits and vulnerability detection using the Network Vulnerability Tests (NVT) rules.
OpenVAS provides complete tests coverage for IT vulnerabilities with over 50,000 NVTs for vulnerabilities in mainstream operating systems, services and applications. The vulnerability tests evaluate if systems are vulnerable to attacks like buffer overflows, denial of service attacks, faulty configurations etc.
OpenVAS generates detailed reports listing vulnerabilities by severity levels from critical to low risks. These reports can help administrators to mitigate and fix vulnerabilities before they are exploited by malicious hackers. Reports can also be scheduled and emailed periodically.
With a web interface and command line tools, OpenVAS provides flexibility for advanced users as well as novice users. Its client-server architecture allows distributed scans for larger networks. OpenVAS also integrates with other tools like Metasploit Framework.
OpenVAS Features
Features
- Full-featured vulnerability scanner
- Scans for thousands of vulnerabilities
- Open source and free
- Automatic vulnerability testing and management
- Detailed vulnerability reports
- User management and access controls
- Scheduled and on-demand scans
- Agentless scanning
- Integrates with other tools like Nmap
Pricing
- Open Source
Pros
Free and open source
Powerful scanning capabilities
Easy to use
Automatic scanning and reporting
Integrates with other security tools
Active community support
Cons
Can be resource intensive
Requires expertise to interpret scan results
Limited user interface
Steep learning curve
Official Links
The Best OpenVAS Alternatives
Top Security & Privacy and Vulnerability Scanner and other similar apps like OpenVAS
Here are some alternatives to OpenVAS:
Suggest an alternative ❐
Nessus
Nessus is a comprehensive vulnerability scanning software developed by Tenable. It is used to scan networks, operating systems, web applications, databases, and other systems for vulnerabilities that could be exploited by attackers.Some key features of Nessus include:Ability to perform high-speed discovery, mapping, and assessment of vulnerabilities across networks, endpoints, web...
Acunetix
Acunetix is a comprehensive web application security testing tool used to detect vulnerabilities and security issues in web applications and services. It features an automated web vulnerability scanner that can crawl and test websites, APIs, and web services to identify SQL injection, cross-site scripting (XSS), misconfigurations, and other security flaws.Key...
Armitage
Armitage is a graphical cyber attack platform that provides a graphical interface for the Metasploit Framework. It is designed to help automate common tasks in Metasploit and improve workflows for security professionals and hackers.Some key features of Armitage include:Graphical user interface for Metasploit instead of having to use the command...
Nuclei
Nuclei is an open-source web security scanning tool developed by Project Discovery. It is designed to send customizable HTTP requests to web applications and APIs to detect security vulnerabilities and misconfigurations.Some key features of Nuclei include:Powerful templating engine to customize vulnerability scans using YAML filesExtensive library of vulnerability templates covering...
OpenSCAP
OpenSCAP is an open-source auditing tool that enables automated security scanning and compliance testing of systems against security benchmarks and policies. It helps organizations maintain continuous monitoring of their infrastructure for vulnerabilities, misconfigurations, and policy compliance issues.Some key features and capabilities of OpenSCAP include:Performs automated scanning for security vulnerabilities based...
Pentest-Tools.com
Pentest-Tools.com is a free online platform that provides penetration testers and network security professionals with various utilities for auditing and exploiting vulnerabilities in networks and systems. It offers a wide range of tools including:Port scanners like Nmap to detect open ports and services on servers and devicesVulnerability scanners such as...
Nexpose
Nexpose is a comprehensive vulnerability management and penetration testing software developed and maintained by Rapid7. It enables organizations to identify security weaknesses across their networks, systems, web applications, databases, and endpoints.Key features of Nexpose include:Asset discovery - Automatically discovers devices, ports, services, vulnerabilities, and misconfigurations on the network.Risk-based vulnerability management...
Dependency-Check
Dependency-Check is an open source software composition analysis and software vulnerability management tool that analyzes project dependencies to identify any known, publicly disclosed vulnerabilities. It works by scanning the binaries and libraries dependencies of applications to detect security issues, outdated software components, and license problems.Dependency-Check supports a wide range of...
Mageni
Mageni is an open-source low-code application development platform focused on empowering businesses to build their own internal web applications. It features a visual, drag-and-drop interface that enables staff with no prior coding experience to rapidly develop custom apps that automate workflows, manage data, and streamline business processes.Some key capabilities and...
Intruder
Intruder is a comprehensive web application security testing tool used to identify vulnerabilities in web apps. It is designed to automate vulnerability scanning and penetration testing to help developers build more secure software.Key features of Intruder include:Automated vulnerability scanning - Intruder can crawl web applications and automatically scan for security...
Sucuri
Sucuri is a comprehensive website security solution designed to protect websites against a wide range of threats. It offers the following key features:Website firewall and DDoS protection to block attacks and prevent blacklistingContinuous malware scanning to detect infections early and enable fast cleanupRemote malware removal to safely eliminate infections without...
Microsoft Baseline Security Analyzer
The Microsoft Baseline Security Analyzer (MBSA) is a free tool from Microsoft that helps improve computer security by identifying missing security updates and common security misconfigurations. MBSA can scan Windows systems, including clients and servers, and provide a report on the status of system updates, Windows security settings, password policies,...
HTTPCS Security
HTTPCS Security is an open-source web application firewall (WAF) designed to protect websites and web applications from common exploits and vulnerabilities. It works by filtering, monitoring, and blocking potentially malicious HTTP traffic before it reaches the web application.Some key features of HTTPCS Security include:Protection against SQL injection, cross-site scripting (XSS),...
VFeed
vFeed is an open-source vulnerability intelligence database that provides up-to-date information on CVEs and security vulnerabilities. It acts as a comprehensive solution for vulnerability assessment, management and data feeds.Key features and capabilities of vFeed include:Aggregation of multiple vulnerability data sources including NVD, Exploit-DB, Metasploit, CAPEC, CWE, WASC etc.In-depth coverage of...
Cvechecker
cvechecker is an open-source command-line utility that allows users to scan software applications, system packages, containers, and virtual machine images to identify vulnerabilities and exposure to publicly known exploits. It works by checking the software and its dependencies against vulnerability databases like the NVD (National Vulnerability Database) and OVAL (Open...
WoTT
WoTT (Web of Trust) is a browser extension available for Chrome, Firefox, and Opera that analyzes websites and assigns them a trustworthiness score along with safety ratings in various categories. It aims to help users identify potential risks when browsing the web.When you visit a website, WoTT will display an...
Webcheck.me
webcheck.me is a free website and browser extension service that makes it easy to check websites for key issues like privacy, security, performance and accessibility. It allows non-technical users to audit a website by scanning it from their web browser and providing a report with actionable feedback.Once installed, the webcheck.me...