OpenVAS
Encyclopedia
OpenVAS
is a framework of several services and tools offering a
vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed
of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011).
All OpenVAS products are Free Software. Most components are licensed under the
GPL
.
The latest version is 4.0.0, released March 2011.
security scanner to allow future free development of the now-proprietary tool.
OpenVAS was originally proposed by pentesters
at Portcullis Computer Security and then announced by Tim Brown on Slashdot
. OpenVAS is a member project of Software in the Public Interest
. Previously, it had been voted out because the project appeared to be dead. The OpenVAS domains were donated by SecuritySpace, hosting was donated by Nth Dimension/Public Internet and DevCon 1 conference fees were paid for by Intevation and DN Systems.
algorithm.
is a framework of several services and tools offering a
vulnerability scanning and vulnerability management solution.
The actual security scanner is accompanied with a daily updated feed
of Network Vulnerability Tests (NVTs), over 20,000 in total (as of January 2011).
All OpenVAS products are Free Software. Most components are licensed under the
GPL
GNU General Public License
The GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
.
The latest version is 4.0.0, released March 2011.
History
OpenVAS was initially named GNessUs as a fork of the NessusNessus (software)
In computer security, Nessus is a proprietary comprehensive vulnerability scanning program. It is free of charge for personal use in a non-enterprise environment. Its goal is to detect potential vulnerabilities on the tested systems. For example:...
security scanner to allow future free development of the now-proprietary tool.
OpenVAS was originally proposed by pentesters
Penetration test
A penetration test, occasionally pentest, is a method of evaluating the security of a computer system or network by simulating an attack from malicious outsiders and malicious insiders...
at Portcullis Computer Security and then announced by Tim Brown on Slashdot
Slashdot
Slashdot is a technology-related news website owned by Geeknet, Inc. The site, which bills itself as "News for Nerds. Stuff that Matters", features user-submitted and ‑evaluated current affairs news stories about science- and technology-related topics. Each story has a comments section...
. OpenVAS is a member project of Software in the Public Interest
Software in the Public Interest
Software in the Public Interest, Inc. is a non-profit organization formed to help other organizations create and distribute free/open-source software and open-source hardware...
. Previously, it had been voted out because the project appeared to be dead. The OpenVAS domains were donated by SecuritySpace, hosting was donated by Nth Dimension/Public Internet and DevCon 1 conference fees were paid for by Intevation and DN Systems.
Limitations
OpenVAS's ssh authentication is still limited to using the blowfishBlowfish (cipher)
Blowfish is a keyed, symmetric block cipher, designed in 1993 by Bruce Schneier and included in a large number of cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date...
algorithm.