Why OpenVAS is important?
OpenVAS is the most advanced open source vulnerability scanner and is the base for many Vulnerability Management products.
“Vanilla” OpenVAS is also widely used when there is no budget for a commercial solution or it’s necessary to solve some specific problems, including developing own plugins for vulnerability detection. OpenVAS is integrated with wide range of information security systems, for example it is a default VM solution for AlienVault SIEM.
OpenVAS is well suited for education purposes as it is well documented and uses only open source code. For OpenVAS it’s always clear how the it works.
It is natural that commercial vendors criticize OpenVAS. Primarily, of course Tenable Network Security doing it. They need to justify why a proprietary and paid Nessus is better than the free and open source OpenVAS. Considering the fact that OpenVAS was created on the same Nessus code base, when it was an open project. It’s difficult to add more functionality to Nessus, because it can hurt the sales of Enterprise Tenable products then.
- Ease of installation, configuration and updating
- Speed. “We rewrote the scanner and increased speed by several times.”
- Knowledge base. “We are able to identify larger number of vulnerabilities for larger number of platforms.”
It’s hard to measure scanner’s speed. Do fewer checks, and the scan will end faster. You also can’t use comparisons of Nessus 2 and Nessus 3 engines made by Tenable. OpenVAS scanning engine has been heavily reworked and improved since the time it was forked.
The knowledge base is a more concrete thing. You can compare KBs of two competitive VM products if they use common vulnerability IDs. But we need a tool for this.
Here comes Vulners.com
As Nessus is a commercial scanner, you can only see the general description of Nessus plugins, and for OpenVAS description and complete code of plugins are available:
All linked objects:
Only OpenVAS can detect this CVE-2016-6396 vulnerability.
This CVE-2016-4270 Adobe Reader vulnerability, can be detected by Nessus, and OpenVAS:
Now you can analyze knowledge bases easier and ask uncomfortable questions to your VM vendors.
Another usage scenario – the enrichment of OpenVAS scan results with Vulners data. If you have a list of vulnerabilities (OpenVAS plugin IDs), you can search for related exploits.
For example, exploitdb reference for the plugin OPENVAS:807869: