OpenVAS (Open Vulnerability Assessment Scanner) is a massive, full-featured vulnerability scanner. If Nikto is a quick, noisy checklist for a single web server, OpenVAS is an enterprise-grade radar system designed to map and identify vulnerabilities across an entire network infrastructure.
It is maintained by Greenbone Networks and is widely considered the best open-source alternative to expensive commercial scanners like Tenable Nessus or Rapid7 Nexpose.
Key Features & How It Works
Instead of running a single script, OpenVAS relies on a constantly updated feed of NVTs (Network Vulnerability Tests). There are over 100,000 NVTs in its database, allowing it to check for everything from default passwords on a router to specific missing Windows security patches.
-
The Web Interface: Unlike Nikto or Aircrack-ng, you rarely run OpenVAS directly from the command line. It is managed through a web GUI called the Greenbone Security Assistant (GSA). You log into it through your browser to set up target IP ranges, schedule scans, and generate massive PDF compliance reports.
-
Unauthenticated vs. Authenticated Scans: As you continue prepping for the PenTest+ exam, OpenVAS is a critical tool to understand because it heavily emphasizes this distinction.
-
[[Unauthenticated Scan]]: OpenVAS probes the target from the outside, looking at open ports and banner grabbing. It can only see what is publicly exposed.
-
Authenticated (Credentialed) Scan: You actually feed OpenVAS the administrator credentials (like SSH keys or Windows admin passwords). The scanner logs into the target machine, checks the registry, verifies installed software versions, and looks at local configurations. This provides a vastly more accurate picture of the system’s true security posture.
-
The “Loudness” Factor
OpenVAS is incredibly loud. A full comprehensive scan against a subnet will fire off millions of packets and test thousands of exploits. It will absolutely crush older hardware, crash fragile IoT devices, and immediately trigger any Intrusion Detection System (IDS) on the network. It is strictly used for authorized vulnerability assessments, never for stealthy red-team operations.