About

Try out OpenVAS

Information/Howtos

Books

German:

User Support

Mailing Lists

Developer Support

Download

OpenVAS 3.1

Classic Setup

Full Setup

OpenVAS 3.0

OpenVAS 2.0

Server components

Client

Documents

OpenVAS Compendium

More

NVT Lookup by OID

(replace 61039 by any other old-style ID)

About OpenVAS Server

The OpenVAS Server is the core application of the OpenVAS project. It is a scanner that runs vulnerability tests against multiple target hosts and delivers the results. It uses a communication protocol to have client tools (graphical and command line) connect, configure and execute a scan and finally receive the results for reporting. Tests are implemented in the form of plugins which are updated to cover recently identified security issues.

Release 2.0: The server consists of 4 modules: openvas-libraries, openvas-libnasl, openvas-server and openvas-plugins. All need to be installed for a fully functional server.

Release 3.0: The former "OpenVAS Server" is now called the "OpenVAS Scanner" and consists of 2 modules: openvas-libraries and openvas-scanner. The scanner is accompanied by the optional servers "OpenVAS Manager" (module openvas-manager) and "OpenVAS Administrator" (module openvas-administrator).

OpenVAS-Server is a forked development of Nessus 2.2. The fork happened because Nessus 3 changed to a proprietary license model. Nessus 2.2.x development stopped for third party contributors. OpenVAS continues as Free Software under the GNU General Public License with a transparent and open development style.

Installing OpenVAS-Server

Recommended: Once you have installed OpenVAS-Server, you should subscribe to the openvas-announce mailing list. It is a low-traffic list which helps you to follow all OpenVAS news and important changes.

More information on installing and configuring OpenVAS-Server is available from the OpenVAS Compendium. If you have trouble installing OpenVAS-Server, you are welcome to join the openvas mailing list and ask for support there.

Readily available installation packages for OpenVAS Scanner (Version 3.x)

Various platforms via OBS

http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v3/

With the OpenSUSE Build Service, packages are currently build for the following distributions:

. Packages can be downloaded from http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v3/.

Readily available installation packages (Version 2.0.x)

Please note: OpenVAS may not yet be available for all platforms and distributions. Please ask the package maintainers of the distribution of your choice to package OpenVAS or use the source code release.

Debian "Sid" (unstable)

OpenVAS-Server is currently being integrated into Debian. The following modules are already available:

You can install these modules with the following commands:

# apt-get install libopenvas2
# apt-get install libopenvas2-dev
# apt-get install libopenvasnasl2
# apt-get install libopenvasnasl2-dev
# apt-get install openvas-server
# apt-get install openvas-server-dev

Debian 5.0 "Lenny" (stable) with Debian Backports

For Debian 5.0 "Lenny" the inofficial Debian Backports repository hosts current packages of all openvas modules. For a more detailled installation guide look at the instructions on http://backports.org.

  1. Get backports Source included: (This step has to be done just once)

    # echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
    # aptitude update
    # echo "Package: *" >> /etc/apt/preferences
    # echo "Pin: release a=lenny-backports" >> /etc/apt/preferences
    # echo "Pin-Priority: 200" >> /etc/apt/preferences

  2. Install OpenVAS:

    # aptitude -t lenny-backports install openvas-server

ATTENTION: For the remaining modules you need to get the latest source tar-balls and compile them on your own.

Gentoo

The ebuilds are in the Gentoo portage. To get the most recent packages simply run:

#emerge --sync

Because all OpenVAS packages are masked, you need to unmask the packages by keyword using one of the following ways:

  1. Edit /etc/portage/package.keywords and add the packages:

    net-analyzer/openvas ~x86
    net-analyzer/openvas-client ~x86
    net-analyzer/openvas-libnasl ~x86
    net-analyzer/openvas-libraries ~x86
    net-analyzer/openvas-plugins ~x86
    net-analyzer/openvas-server ~x86

    After that you can run:

    # emerge net-analyzer/openvas # this will install the server and the client
    # emerge net-analyzer/openvas-server # will only install the server with dependencies
    # emerge net-analyzer/openvas-client # will only install the client with dependencies

  2. To emerge all masked OpenVAS packages together you can use the following command:

    # ACCEPT_KEYWORDS="~x86" emerge openvas

For the server package there are the following "USE-Flags": gtk tcpd debug prelude

Set them in the /etc/make.conf to enable the support e.g. for prelude:

USE="prelude"

or run it via the command line:

# ACCEPT_KEYWORDS="~x86" USE="prelude -debug" emerge openvas

OpenSUSE 10.2, 10.3, 11.0, 11.1 (also Fedora 8, 9, 10, Mandriva 2007, 2008, 2009 and others)

There is an unofficial repository containing RPMs for RPM based distributions like OpenSUSE, Fedora, RHEL and Mandriva at http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/v2/.

Be aware that the URL you will have to add as the new repository is specific to your distribution. For example, if you are using OpenSUSE 10.2, you will want to add the following URL:
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/openSUSE_10.2/
Likewise, if you are using Mandriva 2008, you should use this URL:
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/Mandriva_2008/
The complete list of URLs is available at:
http://download.opensuse.org/repositories/security:/OpenVAS:/STABLE:/.

See http://en.opensuse.org/Add_Package_Repositories_to_YaST on how to add a repository and http://opensuse-community.org/Installing_Software on how to install Software with YaST.

RHEL 4, 5, CentOS 4, 5 and Fedora 4-10

Packages for Red Hat Enterprise Linux 4 and 5, CentOS 4 and 5 and Fedora from 4 up to 10 are available from an unofficial repository at http://www.atomicorp.com/channels/atomic/.

The archives are available through the yum package manager for Fedora, RHEL and CentOS. These archives require access to both the vendors base and update channels, RHEL 4 users are therefore recommended to access the archives through up2date. More information is available from the archive website.

Slackware

The OpenVAS-Server program and libraries are not official Slackware packages but they can be easily obtained from the SlackBuilds.org project.

You can build the server following the generic SlackBuilds.org howto, the packages have to be built in the following order:

  1. openvas-libraries
  2. openvas-libnasl
  3. openvas-server
  4. openvas-plugins

Or, if you use sbopkg, you can run this single command:
# sbopkg -i "openvas-libraries openvas-libnasl openvas-server openvas-plugins"

Arch

The OpenVAS scanner program is not part of core, extra or community, but you can find it in AUR section which is available from http://aur.archlinux.org/packages.php?ID=33721.

FreeBSD

The OpenVAS-Server program is not an official FreeBSD port, however recent ports are available from http://www.freshports.org.

Latest source code release (Version 2.0.x)

The download link for the latest source code release can be found in the "Download" box in the menu to the right.

Download the 4 ".tar.gz" source code archives and unpack with "tar -xzf openvas-MODULE-N.N.N.tar.gz". Compiling from source is currently geared towards GNU/Linux systems, but may work as well in other environments.

You have to compile and install the packages in the the following sequence:

  1. openvas-libraries
  2. openvas-libnasl
  3. openvas-server
  4. openvas-plugins

Now read the file INSTALL_README inside the directory "openvas-libraries" for the next steps.

Repeat for each module and read the corresponding INSTALL or README files.

Most current state of development (directly from the source code management system) (Version 2.0.x)

You need subversion to retrieve the code.

$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-libraries-2-0
$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-libnasl-2-0
$ svn checkout https://svn.wald.intevation.org/svn/openvas/branches/openvas-server-2-0
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-plugins

Now read the file INSTALL_README inside the directory "openvas-libraries" for the next steps.

Do the same for the openvas-server module and read the corresponding INSTALL or README files.

Note for the SVN build: Although the OpenVAS team is committed to maintaining high code quality, please be aware that you are using a development state that may be incomplete and unstable and should not be used in production environments.

Most current state of development (directly from the source code management system) (Version 3.0.x)

You need subversion to retrieve the code.

$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libraries
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-scanner

Optional:

$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-manager
$ svn checkout https://svn.wald.intevation.org/svn/openvas/trunk/openvas-administrator

Now read the file INSTALL_README inside the directory "openvas-libraries" for the next steps.

Do the same for the openvas-server module and read the corresponding INSTALL or README files.

Note for the SVN build: Although the OpenVAS team is committed to maintaining high code quality, please be aware that you are using a development state that may be incomplete and unstable and should not be used in production environments.