ihacksites

A mini review from the boarding gate.

OpenVAS powers the on-line service at http://hackertarget.com/openvas-scan/. Version 4 has been reliable and a solid performer. To put it into context we have performed literally thousands of OpenVAS scans using the OMP command line interface. These scans have been executed over the Internet against a wide range of targets. In that time memory usage has been an issue on a few occasions, however this is when running multiple scans simultaneously on a moderately powered VPS.

So with the core being stable, any vulnerability scanner review must include the accuracy of the plug-ins.

Unfortunately I have no solid comparison data (does anyone?); I have compared plugin coverage versus Nessus and NexPose informally and on an ad-hoc basis. In some instances I find the OpenVAS plug-ins more accurate in others, the established commercial products are more accurate.

When performing vulnerability scans against a target as part of a formal assessment I lean towards using multiple tools, the same as using multiple anti-virus for email and web (one on the gateway and one on the client).

So even if you are coughing up the cash for a commercial option, having a reliable and well performing solution such as OpenVAS is an excellent alternative.