OpenVAS
Generated by GPT-5-miniExpansion Funnel Raw 75 → Dedup 0 → NER 0 → Enqueued 0
| OpenVAS | |
|---|---|
| Name | OpenVAS |
| Developer | Greenbone Networks; community contributors |
| Released | 2005 |
| Programming language | C, Python, Go |
| Operating system | Linux, Unix-like |
| Genre | Vulnerability scanner |
| License | GNU GPLv2, various components |
OpenVAS is a free and open-source vulnerability scanning framework used for network security assessment and management. It provides a set of services and tools to perform authenticated and unauthenticated testing of hosts, web applications, and network devices. Widely adopted by security professionals, penetration testers, and administrators, the project integrates a centralized scanner, a feed of Network Vulnerability Tests, and management interfaces for orchestration and reporting.
Overview
OpenVAS functions as a modular system that automates the discovery and verification of known security issues across information technology assets. The platform performs active scanning and produces structured reports suitable for integration with ticketing systems, Kubernetes, Amazon Web Services, Microsoft Azure, Google Cloud Platform. Its design emphasizes extensibility, allowing vendors and institutions such as Cisco Systems, IBM, Red Hat, Canonical (company) to incorporate outputs into broader risk management workflows. The engine supports scheduling, alerting, and role-based access control aligned with standards from organizations like National Institute of Standards and Technology, European Union Agency for Cybersecurity, Center for Internet Security.
History and Development
The project originated as a fork of an earlier commercial scanner during a period of community-driven decentralization in the mid-2000s, influenced by events involving entities such as SecurityFocus, OSS-Fuzz, Open Source Initiative. Over time, stewardship transitioned to contributors from companies including Greenbone Networks and university research labs associated with Technische Universität Darmstadt and Karlsruhe Institute of Technology. The roadmap has referenced standards and initiatives from MITRE and the Common Vulnerabilities and Exposures program, and adopted practices promoted by ISO/IEC JTC 1/SC 27 and the Payment Card Industry Security Standards Council.
Architecture and Components
The architecture separates core scanning, management, and feed distribution into distinct services. Key components mirror classical designs used in security tooling by vendors like Nessus, Qualys, and Tenable, Inc.. A central manager coordinates tasks and credentials, working with a scanner daemon that executes Network Vulnerability Tests, while a feed service distributes plugin updates; this model relates to infrastructures used by Jenkins, Ansible, and HashiCorp Vault. User interfaces include web front-ends and command-line utilities comparable to OpenSSL tools and integrate with authentication providers such as LDAP, Active Directory, and single sign-on solutions by Okta. Data persistence and search capabilities often utilize backends influenced by PostgreSQL, Elasticsearch, and monitoring suites like Prometheus.
Features and Functionality
The system implements authenticated credentialed scanning, unauthenticated discovery, web application tests, and configuration auditing using test definitions comparable to CIS Benchmarks and checks mapped to CVSS scoring. It supports automated scheduling, differential reporting, and export formats compatible with CSV, XML, and SCAP tooling endorsed by NIST and US-CERT. Plugin scripting for detection logic takes inspiration from scripting engines used in Metasploit Framework and Snort. Integration points facilitate orchestration with configuration management systems such as Puppet, Chef, and SaltStack and continuous integration pipelines involving GitLab, Jenkins, and GitHub Actions.
Security and Vulnerabilities
As a security product, the codebase and test feeds have been subject to scrutiny and responsible disclosure processes aligned with policies from CERT Coordination Center, Open Web Application Security Project, and vendor security teams at Red Hat. Past advisories prompted coordinated updates and mitigation guidance referencing CVE identifiers cataloged by MITRE. Runtime security depends on correct privilege separation, sandboxing techniques inspired by AppArmor and SELinux, and the secure handling of credentials, drawing on best practices promoted by OWASP. Third-party research groups and professional services from firms like Mandiant, CrowdStrike, and Kaspersky Lab have published analyses of scanner behavior and detection consistencies.
Usage and Deployment
Common deployment models include single-host appliances, distributed scanner clusters, and containerized instances orchestrated with Docker and Kubernetes. Organizations deploy the tool for periodic compliance scans mapped to frameworks used by PCI DSS, HIPAA, and GDPR impact assessments overseen by institutions such as European Commission bodies. Operational practices recommend segmentation, bastion hosts, and network access controls modeled on architectures from Fortinet and Palo Alto Networks. Reporting outputs feed into governance platforms like ServiceNow, Splunk, Elastic Stack, and ticketing systems used by enterprises such as Atlassian.
Licensing and Community
The project combines code under the GNU General Public License version 2 with community-maintained test feeds and vendor-contributed modules. A commercial ecosystem exists around supported appliances and services offered by companies including Greenbone Networks and independent consultancies hired by Deloitte, PwC, and Ernst & Young. Governance blends community contributors, academic researchers, and corporate maintainers, with public mailing lists and repositories modeled after collaborative projects hosted by GitHub and GitLab. The community engages in disclosure coordination with organizations like FIRST and archives advisories in databases maintained by NIST.
Category:Network security software