TL;DR, What is OpenVAS Scanner?
OpenVAS Scanner is a powerful open-source vulnerability scanner built to automate network security scanning.
If you're a DevSecOps or security team looking for a robust alternative to costly commercial tools, OpenVAS offers a comprehensive solution to proactively manage vulnerabilities. It helps you automate the discovery of security weaknesses across your network devices, operating systems, and applications, moving beyond the limits of manual checks. This systematic approach lets your team pinpoint exploitable flaws and prioritize remediation based on severity, strengthening your overall vulnerability management and security posture.
Originally a standalone project, OpenVAS now serves as a core component of the broader Greenbone Vulnerability Management (GVM) framework.
Getting Started with DevSecOps
After reading this playbook, you’ll be able to embed security checks in IDEs, CI pipelines, and cloud infrastructure without derailing developers.
At-a-Glance
Website: https://www.openvas.org/
License: GPL‑2.0
Primary Language: C and Rust
Stars: 4k
Latest Release: July, 2025
Topics/Tags: scanner, openvas, gvmd, vulnerability-management, vulnerability-scanners, security, hacking, pentesting, vulnerabilities.
Common use cases
1. Routine Vulnerability Assessment: To help your security team identify new vulnerabilities as they emerge and track the effectiveness of ongoing remediation efforts, schedule regular, automated scans of your internal and external network assets to maintain a continuous overview of your security posture.
2. DevSecOps Pipeline Integration: Integrate OpenVAS into your CI/CD pipelines to perform automated security scans on applications and infrastructure in pre-production environments. Automated scans help you ensure that new code or configuration changes don’t introduce critical vulnerabilities before deployment, embedding security directly into your development lifecycle.
3. Regulatory Compliance Monitoring: Use the tool to support compliance efforts against security benchmarks mandated by regulations like PCI DSS, HIPAA, and GDPR. OpenVAS can help you verify that system configurations, patch levels, and services meet required security standards and generate reports for compliance evidence.
4. Incident Response Support: During a security incident, you can use OpenVAS to quickly scan compromised or suspicious systems to identify the specific vulnerabilities that may have been exploited. This helps your incident responders confirm attack vectors, prioritize containment, and rapidly patch weaknesses to prevent further intrusion.
5. Penetration Testing Reconnaissance: Use OpenVAS during the initial reconnaissance phase of a penetration test. The scan results provide a quick and efficient way to identify low-hanging fruit and potential entry points, helping you focus manual testing efforts on the most promising targets.
How does OpenVAS Scanner work?
OpenVAS operates as part of the modular Greenbone Vulnerability Management (GVM) framework. Let's walk through how it works: The process kicks off when you define and start a scan using the Greenbone Security Assistant (GSA) web interface.
From there, the central Greenbone Vulnerability Manager Daemon (gvmd) receives your instructions, schedules the task, and directs the OpenVAS Scanner to get to work. As the scanner runs its tests against your target systems, it reports all its findings back to gvmd. The daemon then processes and stores these results in a database, making them available for you to analyze in the GSA.
Key components of this architecture include:
OpenVAS Scanner: The core engine that performs the actual vulnerability checks by executing a vast library of vulnerability tests (VTs).
Greenbone Vulnerability Manager Daemon (gvmd): The central orchestrator that manages scan configurations, schedules tasks, and stores all vulnerability data.
Greenbone Security Assistant (GSA): The web-based user interface for configuring scans, initiating tasks, and viewing detailed reports.
Vulnerability Feeds: Daily updates of VTs and other security data, ensuring the scanner remains effective against the latest threats.
Core Capabilities:
1. Comprehensive Vulnerability Scanning: OpenVAS delivers deep and extensive scans to help you identify a wide spectrum of vulnerabilities across your IT assets, including network devices, operating systems, applications, and web services. This comprehensive coverage helps you uncover hidden security flaws and potential entry points that less thorough tools might miss, allowing you to reduce your overall attack surface and strengthen your security posture.
2. Dual Scanning Modes (Authenticated & Unauthenticated): OpenVAS supports both unauthenticated and authenticated scans, giving you two powerful ways to assess your environment. Unauthenticated scans show you what an external attacker sees, while authenticated scans log into your target systems to perform deeper, more granular checks. This includes examining system configurations, software versions, missing patches, and local security policies. This dual-mode approach gives you a much more accurate and complete picture of both external threats and internal security hygiene, leading to stronger vulnerability management.
3. Extensible Plugin Architecture (VTs): The scanner's power comes from its modular architecture, which uses a massive, continuously growing feed of vulnerability tests (VTs). These plugins are scripts designed to detect specific vulnerabilities, and with daily updates, you can be confident the scanner stays current with the latest threat intelligence. This means the open-source scanner can identify newly discovered threats almost immediately, enabling you to adapt quickly to the evolving security landscape.
4. Broad Protocol and Service Support: OpenVAS supports an extensive array of high-level and low-level internet and industrial protocols, from common services like HTTP, SMB, and SSH to more specialized ones. This broad coverage means it can effectively scan and assess diverse IT environments, from traditional corporate networks to complex industrial control systems. In other words, it’s a powerful solution if you're managing a heterogeneous infrastructure because it ensures no device or service is left out of your security assessments.
5. Compliance and Policy Auditing: You can also configure OpenVAS to perform policy-based checks (for example, CIS Benchmarks policies) and produce actionable reports. Formal, out-of-the-box templates and reports for frameworks like PCI DSS, ISO 27001, and HIPAA are primarily part of Greenbone’s commercial feed; community edition users can still use findings to support those programs or build custom policies. This functionality is crucial for demonstrating compliance, as it provides actionable insights to address security gaps and generate audit-ready reports that map technical findings to specific regulatory requirements.
Limitations
1. Steep Learning Curve: Be prepared for a complex initial setup. Configuring and fine-tuning OpenVAS and the broader Greenbone Vulnerability Management (GVM) framework can be challenging for new users. You'll need to invest significant time and technical expertise to optimize scan policies, manage results, and troubleshoot—a potential barrier for teams without dedicated security personnel.
2. Potential for False Positives: Like any automated scanner, OpenVAS can generate false positives, flagging vulnerabilities that don’t actually exist or aren’t exploitable in your specific context. As a result, your security analysts will need to manually validate findings to confirm their accuracy before initiating remediation, which can add overhead to your vulnerability management process.
3. Resource-Intensive Scanning: Comprehensive scans can be resource-intensive, consuming significant network bandwidth and CPU/memory on your target systems. Because of potential impacts on the performance and availability of production services, you’ll need to carefully schedule and tune scans to minimize disruption, especially in sensitive or high-traffic environments.
4. Reliance on VT Feed Updates: The scanner’s effectiveness depends entirely on its vulnerability test (VT) feed. While the community feed is updated regularly, it can sometimes lag behind commercial offerings for certain zero-day or complex application-specific vulnerabilities. If your organization requires the absolute fastest detection for emerging threats, you might find this reliance on the public feed to be a limitation.
5. Community-Based Support Model: As an open-source tool, OpenVAS relies on community forums and documentation for support. While the community is active, you won't get the guaranteed response times, dedicated support engineers, or enterprise-level service level agreements (SLAs) that typically come with commercial solutions. This can be a critical factor for large organizations.
Getting Started:
Step 1:
This is the fastest way to get a fully working OpenVAS/GVM stack locally (gvmd, GSA/gsad, PostgreSQL, Redis, scanner + feeds).
Create a download directory and fetch the latest compose file:
export DOWNLOAD_DIR=$HOME/greenbone-community-container && \
mkdir -p "$DOWNLOAD_DIR"
curl -f -O -L https://greenbone.github.io/docs/latest/_static/docker-compose.yml \
--output-dir "$DOWNLOAD_DIR"Step 2:
Pull images and start the stack:
docker compose -f "$DOWNLOAD_DIR/docker-compose.yml" pull
docker compose -f "$DOWNLOAD_DIR/docker-compose.yml" up -dStep 3:
Set the admin password, then log in:
docker compose -f "$DOWNLOAD_DIR/docker-compose.yml" \
exec -u gvmd gvmd gvmd --user=admin --new-password '<password>'Then open http://127.0.0.1:9392 in your browser after feeds finish loading
Note: Running just the openvas-scanner container is not sufficient; the compose file orchestrates all required services (gvmd, GSA/gsad, ospd-openvas/openvasd, PostgreSQL, Redis, and feed containers).
Turn scans into actionable security…
OpenVAS is great for discovering vulnerabilities, but Wiz connects them with misconfigurations, excessive permissions, and cloud context – so you know which risks put your business most at risk.
Alternatives
| Feature | OpenVAS Scanner | Nessus | Nmap | Qualys VMDR |
|---|---|---|---|---|
| Primary Focus | Provides full-featured vulnerability scanning and compliance auditing | Delivers comprehensive vulnerability assessment and compliance | Focuses on network discovery, port scanning, and security auditing (with scriptable checks) | Offers cloud-native vulnerability management, detection, and response |
| Scanning Capabilities | Performs deep scanning across diverse IT assets (network, OS, apps, web services) | Offers high-speed, in-depth scanning for various assets (OS, network, web apps, databases) | Identifies hosts, open ports, services, and OS; maps network topology | Provides continuous vulnerability scanning with virtual scanners, agents, and passive scanning |
| Scanning Modes | Authenticated and unauthenticated | Credentialed and uncredentialed | Primarily unauthenticated; scripting engine can extend to authenticated checks | Continuous monitoring via agents and virtual scanners |
| Architecture / Extensibility | Uses a plugin-based architecture (Network Vulnerability Tests - NVTs) with daily updates | Relies on a vast, continuously updated plugin library | Features the Nmap Scripting Engine (NSE) for custom scripts and advanced checks | Built on a cloud-native platform with integrated modules |
| Protocol Support | Supports an extensive array of high-level and low-level internet and industrial protocols | Offers broad protocol support for various network and application services | Supports various network protocols for port scanning and service detection | Cloud agents and scanners communicate across diverse environments |
| Compliance & Reporting | Includes compliance auditing (PCI DSS, ISO 27001, HIPAA) and actionable reports | Provides pre-configured templates for compliance standards (PCI DSS, CIS); offers customizable reports | Offers limited direct compliance reporting; primarily used for discovery and security auditing | Delivers risk-based prioritization, extensive reporting, and dashboards for compliance |
| Deployment | Software (part of Greenbone Security Manager/Community Edition) | Software, virtual appliance, cloud-based | Software (command-line tool) | Cloud-native platform (SaaS) |
| License | Open Source (GPL‑2.0) | Commercial | Open Source (Nmap Public Source License). | Commercial (SaaS subscription) |