Open Source Vulnerability Scanner

Question

I'm looking for an open source vulnerability scanner that I could install on one of my machines and point to all my others. Ideally, I'd be able to configure a nightly scan where all of my other nodes are scanned and a composite report for each of them is served up.

I've been looking into OpenVAS and it looks like it might do exactly what I need. Has anybody ever used this before? Does anybody have any other recommendations? I'm only skeptical because the User Manual is virtually non-existent and I'd hate to invest a whole of time downloading and installing a software whose project is more or less extinct. Thanks for any feedback/suggestions!

What is your use case here? Are you looking for something to use in your home for scanning your personal systems, or do you plan on using it professionally? — Scott Pack, Jul 02 '12 at 20:29

score 5 · Accepted Answer · answered Jul 02 '12 at 14:14

5

Nessus and Nexpose are not open sourced. They do have free community versions though.

I have tried using OpenVAS, but i simply could not get it to work on my Backtrack installation. It is an active project though, which has regular updates.

answered Jul 02 '12 at 14:14

1

Be careful with the licensing on the HomeFeed. It has both technical limitations (only able to scan a dozen clients per scan, no configuration audits, etc.) and also has use restrictions. – Scott Pack Jul 02 '12 at 20:28

score 2 · Answer 2 · edited Jan 11 '13 at 20:09

2

I am co-founder of Orvant, our Securus service allows you to scan with both open source and propriatary security tools.

Our tool set includes Nmap, OpenVAS, Nikto and W3aF on the open source side of things. We make sure all the tools are configured correctly and kept up to date. We also manage and correlate the results of all the tools.

Using our sensors you can scan your network remotely or internally. We have a free account that should serve the needs of most small shops but our pricing is also very reasonable. www.orvant.com

edited Jan 11 '13 at 20:09

Rory Alsop

61,367
12
115
320

answered Jan 11 '13 at 11:56

Daniel Wozniak

81
5

www.orvant.com does not resolve, are they still in business? – Folkert van Heusden Aug 31 '20 at 13:46

score 0 · Answer 3 · answered Jul 02 '12 at 14:09

0

Tenable nessus would be my recommendation. It's reasonably well documented and there's a large support community. The vulnerability db is a week behind in the free version but that's not a disaster.

answered Jul 02 '12 at 14:09

GdD

17,291
2
41
63

2

Nessus is not open source. 2.2.11 was its last open source release. – chao-mu Jul 02 '12 at 14:31
1

Tenable removed the week lag on the free feed a few years ago. – Scott Pack Jul 02 '12 at 20:26

Open Source Vulnerability Scanner

3 Answers3