The Open Vulnerability Assessment System (OpenVAS) is an open source framework of a collection of tools and services. These tools and services work together to scan multiple computers, identify known vulnerabilities on these computers, and provide a set of tools for reporting on and managing the mitigation of identified vulnerabilities. Many vulnerability assessors, auditors, penetration testers, and hackers use OpenVAS to search for security vulnerabilities. The OpenVAS framework is free to use and is frequently updated to identify the latest vulnerabilities. You can use OpenVAS to scan many computers, including those running Microsoft and non-Microsoft operating systems. The framework is very good at identifying the underlying operating system for any target and then tailoring the scans for that operating system

OpenVAS originally began its life as a fork of the popular Nessus vulnerability assessment software package. Tenable Security, who owns Nessus, decided to change the Nessus open source license to a closed proprietary license model in 2005. A group of penetration testers took a fork of the Nessus open source product and created GNessUs, which was a contrived name that indicated the new product was Nessus under the GNU General Public License (GPL). The product was eventually renamed to OpenVAS, and is currently developed and provided by Greenbone Networks GmbH. Nessus remains as a viable commercially available vulnerability assessment framework, but many organizations choose to use the somewhat less comprehensive OpenVAS product to avoid commercial license fees.

Unlike most other software products that support vulnerability scanning, OpenVAS isn’t packaged as a downloadable executable file that you can just install on a Windows computer. You can get OpenVAS several different ways:

• Livedemo—This is a live environment that allows users to connect to an OpenVAS scanner via a website and conduct scans on a set of provided target systems.

• Virtual appliance—OpenVAS is available in a prebuilt virtual appliance that is compatible with VirtualBox, VMware ESXi, and Hyper-V virtualization managers. If you already have a virtualization manager installed,

• Source code—Greenbone makes all of the OpenVAS source code available for anyone to download and compile on their own systems. This option allows organizations to customize OpenVAS as needed for their own environments.

• Install packages—Third-party providers offer prebuilt installable packages for various operating systems. The most popular install target operating system is Linux. In fact, you can even install OpenVAS in the Windows Subsystem for Linux.

Regardless how you acquire OpenVAS, the steps to run scans is the same: (this is just a simple list of steps—OpenVAS supports many more options to identify and manage vulnerabilities).

• Launch the Greenbone Security Assistant (GSA). After starting the OpenVAS engine (see the documentation that came with OpenVAS on how to do this—it is often the command openvas-start) launch a web browser and enter the address https://127.0.0.1.

• Log in using the default userid of admin and the password that was generated when you installed OpenVAS.

• Select Scans -> Tasks from the menubar, Click on the “Task Wizard” icon. This icon is a magic wand in a purple square. That will launch the task wizard to help you configure a new scan.

• Enter an IP address you want to scan and select Start Scan.

FIGURES 7-11 and 7-12 show how to set up a single node scan in OpenVAS.

FIGURE 7-13 shows the results from the last OpenVAS scan.