If you’re looking for an open-source software framework that is used for vulnerability scans and vulnerability management, the Open Vulnerability Assessment System (OpenVAS) is a first-rate tool.
Developed by Greenbone Networks, OpenVAS is a framework of services and tools supported by an open-source community that promotes vulnerability analysis and management. OpenVAS can be downloaded as binary packages, source packages, or a virtual appliance, or by using the terminal and executing the command “apt-get install openvas.”
The OpenVAS tool can provide a comprehensive security test of an IP address, and performed from an externally hosted server, will provide a view of what a hacker would encounter with an attack.
Most commercial vulnerability scanners require a large amount of RAM, but OpenVAS will run off minimal RAM and computer resources. However, the more RAM and CPU provided to run the scans, the smoother it will operate.
OpenVAS can be set up and configured by using command line arguments. It utilizes a Web User Interface that can be used if visual graphs and images are preferred over a command line.
OpenVAS’ Web UI, called Greenbone Security Assistant, is located on the localhost and is useful for creating targets and tasks. Creating a new target is a way to save a desired host URL or IP that will be scanned after the creation of a task. (Creating a task is another term for creating a scan job of a specified target).
OpenVAS also has numerous Network Vulnerability Tests (NVTs) that can be configured in the Greenbone Security Assistant configuration panel. The NVTs test a particular host’s servers and applications for vulnerabilities.
Once a scan has been started on an IP address, you’ll see the scan’s progress at the bottom of the page. The page will also provide visualizations and results of the configured scans. Vulnerabilities that are detected will be listed, and you can click on a particular vulnerability to get more details.
After the scans are completed, various report file types can be viewed and downloaded for review.