About

OpenVAS
Constitution
OpenVAS-Server
OpenVAS-Client
OpenVAS NVT Feed

Information/Howto's

Integrated tools
Security info sources
NVT creation process
Trusted NVTs
Local Security Checks
NVT Feed Services
OpenVAS Compendium

Support

Mailinglist Discussion:
Archive | Subscribe
Mailinglist Announcements:
Archive | Subscribe

Online Chat

Professional Services

Developers Corner

Development Platform
Code quality
Change requests
Internal Architecture
Assigning OIDs for NVTS

Mailinglist Development:
Archive | Subscribe
Mailinglist Writing NVTs:
Archive | Subscribe
Mailinglist Packaging/Distributing:
Archive | Subscribe
Mailinglist Source Code Commits:
Archive | Subscribe

Download

Client:
OpenVAS-Client 1.0.4

Server components:
openvas-libraries 1.0.2
openvas-libnasl 1.0.1
openvas-server 1.0.2
openvas-plugins 1.0.3

Documentation:
OpenVAS Compendium 1.0-rc1

OpenVAS 2.0 BETA:
openvas-libraries 2.0-beta1
openvas-libnasl 2.0-beta1
openvas-server 2.0-beta1
openvas-client 2.0-beta1
openvas-plugins: Use 1.0.x

NVT Lookup by OID

(replace 61039 by any other old-style ID)

Security tools that are integrated into OpenVAS

This page is about security/auditing tools that are integrated into OpenVAS. "Integrated" means more or less that they can be managed via the OpenVAS-Client and might combine with other tools or NVTs.

Note: This is a new page and is extremely conservative about the status. Also, the list might not be complete yet. In case you would like to add your experiences here or propose further tools to integrate, please subscribe to the openvas-discuss mailing list and let the OpenVAS community know.

Nikto

Homepage: http://www.cirt.net/

Status (20080812): A NASL wrapper for Nikto is included in the openvas-plugins package.

NMAP

Homepage: http://www.insecure.org/nmap/

Status (20080925): NMAP integration is inherited from Nessus through nmap.nasl plugin and used as portscanner plugin. Note that using nmap.nasl to directly scan high number of hosts is not recommended. If you're having large number of hosts to scan and want to use nmap, run nmap first on the hosts and then import them using nmap.nasl importer function. You can read explanation here.
Future (20080925): NMAP has capabilities of scripting called Nmap Scripting Engine (NSE) which can also check for vulnerabilities. We're working on integrating nse scripts as plugins in OpenVAS.

ike-scan

Homepage: http://www.nta-monitor.com/tools/ike-scan/

Allows OpenVAS to run ike-scan to identify IPSEC VPN endpoints. It will attempt to enumerate supported cipher suites, bruteforce valid groupnames and fingerprint any endpoint identified.

Status (20080915): A NASL wrapper for ike-scan is included in the openvas-plugins package. It has been tested against Racoon and Openswan and used as part of a live penetration test against Checkpoint VPN-1 and Cisco VPN.

Security Local Auditing Daemon (SLAD)

Homepage: http://www.dn-systems.org/slad.shtml

Allows OpenVAS to run these tools on a GNU/Linux target machine where SLAD is installed:

Status (20080505): Works with OpenVAS, see hints how to use SLAD with OpenVAS.

ovaldi (OVAL)

Homepage: OVAL website
OVAL definitions interpreter: ovaldi

In order to extend the vulnerabilty coverage even further, the OpenVAS project is working on support for OVAL, the Open Vulnerability and Assesment Language.

Status (20080909): Proof-of-concept support for OVAL definitions is included in OpenVAS. Support for ovaldi was introduced in revision 1298; this revision is recommended for testing OVAL support. If you want to use OVAL definitions, the following steps are neccessary:

  1. Download ovaldi (preferably from the ovaldi SVN repository; revision 138 is recommended for best results with OpenVAS).
  2. Apply this patch to the ovaldi source.
  3. Compile and install ovaldi.
  4. Copy the desired OVAL definitions into your OpenVAS plugin directory; make sure to change the file extension from .xml to .oval.
  5. Copy the OVAL schema definitions (the .xsd files in the "xml" subdirectory in your OVAL installation) into your OpenVAS plugin directory.
  6. Restart your OpenVAS server; clients connecting to this server will now see a new plugin family called "OVAL definitions" in the plugin selection section.
  7. If you are using OVAL definitions that check for installed versions of certain packages, be sure to enable the plugin "Determine OS and list of installed packages via SSH login" (located in the "Misc." family) and to provide login information for the remote machine.

Be aware that support for OVAL definitions is still in an experimental stage and only a subset of all OVAL features is supported. Please report any bugs to the openvas-devel mailing list.

Results of an ovaldi scan displayed in OpenVAS-Client

pnscan

Homepage: http://www.lysator.liu.se/~pen/pnscan/

Status (20080925): A NASL wrapper for pnscan is included in the openvas-plugins package. pnscan is used as port scanner plugin.

portbunny

Homepage: http://www.recurity.de/portbunny/

Status (20080925): A NASL wrapper for portbunny is included in the openvas-plugins package. Due to portbunny nature (Linux kernel portscanner), it will work only on Linux machines. portbunny is used as port scanner plugin. It is in experimental stage.