OpenVAS VM and Live CD

Trying out OpenVAS can be as easy as starting a VM image or a Live-CD.

Two versions are available: OpenVAS Server providing just the scan engine framework to be used via a browser or OpenVAS Management Protocol (OMP) clients. And OpenVAS Desktop which adds a desktop to the server including the OMP clients and immediately offers a graphical user interface to OpenVAS after booting.

Please note that both, OpenVAS Server and OpenVAS Desktop, are for demonstration and are not recommended for regular production uses, particularly for more than a few hosts depending on local system resources. The OpenVAS scanner is resource intensive and may take a long time to start on slower systems, especially when run as a VM on laptops.

Login credentials are dynamically generated on firstboot of the appliance and are specified at the console.

Tested with: VirtualBox 3.x, VMWare Workstation 6.5 and XenServer 5.5.0.

Features

• Crossplatform Local Security Check (LSC) support
  • SSH (*NIX)
  • WMI (Windows)
  • SMB (Windows)
• Web client support (Greenbone Security Assistant)
• SSL encrypted communications
• Detached scanning (no need to keep the web client open to complete a scan)
• Update NVT plugins manually via web interface
• Scheduled scans

Fixes/Improvements/Changes

• 1.0: Performance improvments for booting and runtime
• 1.0: Improved PDF handling
• 1.0: Improved XML handling
• 1.0: IT-Grundschutz XML scan config included
• 1.0: Server version footprint reduced
• rc1.2: New artwork
• rc1.2: Fixed a name resolution collision in /etc/hosts
• rc1.2: Fixed German GNOME Translations
• rc1.2: Made credential info more readable
• rc1.2: Normalized all deskop icons to use "localhost" (where applicable)
• rc1.1: Scans getting stuck in "requested" state is fixed
• rc1.1: Ease of use improvements
• rc1: Boot time NVT synchronization discontinued
• rc1: Plugins now pre-populated and updated to 28/4/2010
• rc1: Cerfiticate for web interface now pre-populated
• rc1: Fixes for NVT feed synchronization via the web interface
• rc1: User accounts now have randomly generated passwords
• beta11: OTP support for OpenVAS Manager

Current Limitations/Bugs

• LSC checks via autocreated credentials is broken. Manually created credentials work.

OpenVAS Server

1.0

Download VMware/VirtualBox Image: OpenVAS Server VMWare 1.0
Size: 395423018 (378M) MD5SUM: 21c2012e600f6144575798e7094eca86

Download Live-CD: OpenVAS Server Live-CD 1.0
Size: 330534912 (316M) MD5SUM: aa2ec4081f60c47cb0cd6d302df75378

Download Xen Guest: OpenVAS Server Xen 1.0
Size: 380440431 (363M) MD5SUM: caf007ddc1a0e92681b3578da3f2ed94

OpenVAS Desktop

1.0

Download Live-CD: OpenVAS Desktop Live-CD 1.0
Size: 544462848 (520M) MD5SUM: eb1c70a5483f8c18932d85da5e865bd8

Download VMware/VirtualBox: OpenVAS Desktop VM 1.0
Size: 641472123 (612M) MD5SUM: aa7869ac25b88c53922e14af9d088cb5

Download Xen Guest: OpenVAS Desktop Xen 1.0
Size: 625496056 (597M) MD5SUM: 36b9546d1a1ee6fa107de793f2e28ac4

OpenVAS KIWI Sources

Download the Kiwi sources: OpenVAS Desktop KIWI sources
Size: 23128926 (23M) MD5SUM: 87f86b3abe841c8a14d52866f6391fd8

The instructions for building the LiveCD/Appliance can be found within the top level directory of this archive. The Kiwi package and access to OpenSuSE distro media or a good Internet connection are required.