If you’re looking for an open source software framework that is used for vulnerability scans and vulnerability management, the Open Vulnerability Assessment System (OpenVAS) is a first rate tool. First developed by Greenbone Networks, OpenVAS is a framework of services and tools supported by an open-source community that promotes vulnerability analysis and management. OpenVAS can be downloaded as binary packages, source packages, or a virtual appliance, or by using the terminal and executing the command “apt-get install openvas.”
Most commercial vulnerability scanners require a large amount of RAM, but OpenVAS will run off minimal RAM and computer resources. However, the more RAM and CPU provided to run the scans, the smoother it will operate.
OpenVAS can be setup and configured by using command line arguments. It utilizes a Web User Interface that can be used if visual graphs and images are preferred over a command line. OpenVAS’ Web UI, called Greenbone Security Assistant, is located on the local host and is useful for creating targets and tasks. Creating a new target is a way to save a desired host URL or IP that will be scanned after the creation of a task. Creating a task is another term for creating a scan job of a specified target.
OpenVAS also has numerous Network Vulnerability Tests (NVTs) that can be configured in the Greenbone Security Assistant configuration panel. The NVTs test a particular host’s servers and applications for vulnerabilities. After the scans are completed, various report file types can be viewed and downloaded for review.