About OpenVAS
The Open Vulnerability Assessment System (OpenVAS) is a framework of several services and tools offering a comprehensive and powerful vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed of Network Vulnerability Tests (NVTs), over 18.000 in total (as of August 2010).
All OpenVAS products are Free Software and mostly licensed under the GNU General Public License (GNU GPL).
Do you want to get immediatley be informed about new OpenVAS releases? Consider subscribing to the OpenVAS-Announcement mailing list.
Project News
August 3rd, 2010 - OpenVAS CLI 1.0 Released
OpenVAS CLI 1.0: Full command line client for OpenVAS Manager 1.0 now available
The OpenVAS CLI package contains the command line tool "omp" which allows to send any command of the OpenVAS Management Protocol (OMP) in original form and some of the commands as short cuts. This allows to create batch processes for remote control of OpenVAS.
August 2nd, 2010 - Greenbone Security Assistant 1.0 Released
Greenbone Security Assistant (GSA) 1.0: Full web-client for OpenVAS Manager 1.0 now available
GSA 1.0 represents almost 2 years of intensive work. The mission of GSA is to be a web client to the OpenVAS Manager 1.0 via the OpenVAS Management Protocol (OMP).
GSA offers a complete implementation of OMP in order to access all features to organize and manage OpenVAS vulnerability scans. Additionally, GSA optionally acts as a client for the upcoming openvas-administrator using the OpenVAS Administration Protocol (OAP) which allows e.g. management of scan users.
Central features of Greenbone Security Assistant are:
- Full OMP 1.0 client. The XML-based OMP responses are transformed into web pages via XSLT.
- No additional web-server required. The GSA daemon (gsad) uses microhttpd to implement a HTTP service on its own.
- Plain HTML. Neither cookies, JavaScript nor other dynamic elements are used. GSA works stateless and uses HTTP Basic Auth.
July 29th, 2010 - OpenVAS Manager 1.0 Released
Substantial Technology Advance: Vulnerability Management with OpenVAS Manager 1.0
OpenVAS Manager 1.0 represents almost 2 years of intensive work. The mission of OpenVAS Manager is to offer powerful and comfortable vulnerability management on top of the actual vulnerability scanner, OpenVAS Scanner 3.1.
The OpenVAS Manager is a layer between the OpenVAS Scanner and various client applications. The upcoming clients cover web, desktop and command line technology and will replace the classic OpenVAS Client.
Central features of OpenVAS Manager are:
- New XML-based protocol OMP (OpenVAS Management Protocol) which client tools use to control scans, results, etc.
- SQL database where configurations, scan results etc. are stored. Thus, clients do not need to keep local storage anymore.
- Full control of scan processes. This includes multiple concurrent scans as well as stopping, pausing, resuming and not at least the scheduling of scans.
- Management of scan notes, false positives and result escalators (notification on finished scans).
July 14th, 2010 - OpenVAS Scanner 3.1 Released
The OpenVAS developers are happy to announce the release of openvas-scanner 3.1.0. This release adds a number of new features, for example support for soft pausing of scans, for retrieving the version of an installed NVT collection, for automatically installing generated client certificates, for storing uploaded preference files in memory, for dropping privileges for NASL and NES NVTs and for scanning virtual web hosts. It also contains updated feed synchronization scripts and removes legacy support for passwords stored in plaintext (see OpenVAS change request #31).
Older news can be found in the news archive.
Contact
The best way to contact the OpenVAS development team is to subscribe to the discussions mailing list or to contact the team in our Online Chat.
The OpenVAS web site and development platform is currently operated by:
Intevation GmbH
Neuer Graben 17
49074 Osnabrück
Germany
www.intevation.de
Authorized: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Registered as: HR B 18998, Amtsgericht Osnabrück
VAT ID: de 204 854 484
E-Mail: info@intevation.de
Phone: +49 541 33508-30