• Subscribe to the low volume list for updates.

OpenVAS Vulnerability Scan

The OpenVAS scanner is a comprehensive vulnerability assessment system that can detect security issues in all manner of servers and network devices. Use this hosted version of the OpenVAS software to easily test your Internet infrastructure.

Results will be delivered to your email address for analysis; allowing you to start re-mediating any risks your systems face from external threats.

Launch OpenVAS Vulnerability Scan
Login for access to OpenVAS Vulnerability Scanning
Detect vulnerabilities in servers, networks and web sites

  • Find security vulnerabilities in services on an Internet facing system
  • Detailed reporting for risk assessment and re-mediation
  • Vulnerability Alerts on detected change in scheduled report
  • Custom scan options; Network/Server, Web, WordPress and Joomla Scans
  • Access to 27 Vulnerability Scanners and OSINT Tools
  • Trusted Open Source Tools

Immediate access is available to new members or login now if you already have an account.

Why would I use the OpenVAS scanner?

The primary reason to use this scan type is to perform comprehensive security testing of an IP address. It will initially perform a port scan of an IP address to find open services. Once listening services are discovered they are then tested for known vulnerabilities and mis-configuration using a large database (more than 53000 NVT checks). The results are then compiled into a report with detailed information regarding each vulnerability and notable issues discovered.

Once you receive the results of the tests, you will need to check each finding for relevance and possibly false positives. Any confirmed vulnerabilities should be re-mediated to ensure your systems are not at risk.

Vulnerability scans performed from externally hosted servers give you the same perspective as an attacker. This has the advantage of understanding exactly what is exposed on external facing services.

A secondary use of this scan type is to test incident response processes and Intrusion Detection / Prevention systems. Being an aggressive and noisy scan type; security network monitoring should detect the scan and provide alerts to your security monitoring solution

How does the OpenVAS scan work?

1.  Enter the target to scan

Depending on what you are testing the target could be a fully qualified host name, an IP address or a range of IP addresses (range scanning is only available on PRO and BUSINESS plans and allows up to 254 addresses to be scanned at a time).

2.  Select scan type

Multiple options are available depending on the type of system to be tested.

 Full Scan for a full test of network, server and web application vulnerabilities.

 Web Server Scan a more focused test for web server and web application vulnerabilities.

 WordPress Scan testing for known WordPress vulnerabilities and web server issues.

 Joomla Scan testing for known Joomla vulnerabilities and web server issues.

3.  Click on the start button

Testing will begin and the target system will be probed in order to discover vulnerabilities that could place the system at risk of compromise. Results will be delivered to your registered email address within 10 - 60 mins depending on the scan type and number of target systems to be tested.

Sample OpenVAS Reports

These OpenVAS test scans were conducted a number of different systems to show a wide range of discovered vulnerabilities.

Test Server
In this report you can see the customer PDF report. Build your own report with the raw HTML results.

Windows 7
In this test the firewall has been disabled. Multiple issues discovered including MS17-010.

This target is a deliberately insecure system. It is used for testing and has many critical vulnerabilities.

Technical details of the scan configuration

A number of high end Virtual Private Servers (VPS) are hosting OpenVAS 8. The NVT's or vulnerability database is updated daily, using the open source signature feed.

OpenVAS is configured to run using batch mode and the OMP command line client. The scan is a "Full and Fast Scan". External NASL wrappers for Nikto, Dirbuster, Arachni and wapiti have been disabled. This gives a good balance of testing thousands of vulnerabilities while keeping the speed and reliability of the scan solid as you would expect in an automated vulnerable scan. We have our standalone Nikto security scanner available for a focused web server scan.

If you are technically minded; an interesting way to develop your understanding of different scanners and tools such as OpenVAS is to run a packet capture whilst the scan is running. Using tcpdump or Wireshark can reveal details of the tests that are being performed, and you can closely monitor what is happening on your system and network.

OpenVAS has a thriving community, with contributions from both individuals and corporations from all over the world"

About the OpenVAS project

OpenVas is an open source vulnerability scanner that can test a system for security holes using a database of over 53’0000 test plugins. The complete OpenVAS suite consists of a number of components that provide a framework for management of a complete vulnerability management solution.

Whether you are using the standalone tool or the service we offer here OpenVAS is a excellent way to test an Internet connected server, firewall and listening services for configuration errors and known vulnerabilities.

Commercial Security Scanning Solutions

Depending on your needs and your budget there are a number of different well known vulnerability scanners available. A number of years ago I did a comparison of OpenVAS against other leading solutions. My conclusion was that no single solution will provide 100% coverage.

For those with the budget running OpenVAS alongside a commercial vulnerability scanner can be an excellent way to validate results and get a more accurate picture. Comparing results from two or more different solutions can reveal false positives and false negatives.

Best practice vulnerability scanning requires that you utilize multiple tools. This is similar to email threat mitigation using multiple solutions (an email filtering gateway and a local end point anti-virus product that use different scan engines). While you may use a commercial vulnerability scanner or service such as Nessus, Nexpose or GFI Languard; having a hosted version of OpenVAS available is excellent way to get a second set of results for a public Internet facing service.

One of the advantages of OpenVAS being open source, is that when you receive a false positive; you are able to review the plugin to determine why the vulnerability was flagged. OpenVAS has a strong community of security practitioners and posting any false positive to the OpenVAS mailing list often results in immediate feedback. This can result in the false positive being fixed within hours to the benefit of the whole community.