By Robert Buccigrossi, TCGCTO
OpenVAS is asystem vulnerability scanner that checks visible ports, services it can access for known exploits, and high level web threats (like cross-site script vulnerabilities and improper file access). The TCG Tech Team uses it to periodically scan our gateway machines and websites that we house in our VMWare Workstation lab. OpenVAS is available as part of the Kali Linux distribution,as Ubuntu and CentOS packages, and even as astand-alone docker image.
Recently, Amazon Web Services (AWS) changed its policy to allow users to conduct vulnerability and penetration testing on EC2 machines without prior authorization, so Iused OpenVAS’s “full and fast” scan against TCG’s own website on AWS. It took almost 23 hours to complete! Because our website is configured to give every article its own full URL (for search engine optimization), OpenVAS treated every article as its own directory for CGI-script testing (with over 6000 web vulnerability tests).
When Iremoved the web vulnerability tests, OpenVAS scanned the site in 8minutes, but missed anumber of potential medium-risk items. Iwanted to balance accuracy with duration. As it turns out, Icould create anew “full and fast” scan that stayed at the top directory for its CGI-script vulnerability tests. This new “full and fast 1directory deep” test only took 2hours and had the exact same findings as the longer test. For significant site updates, Iwould still do the longer “full and fast”, but the “full and fast 1directory deep” test is agreat way to quickly verify threat mitigations and check top-level system changes.
How to Create a1‑Directory-Deep Scan:In order to configure the OpenVAS scanner to do 1‑directory-deep CGI-script vulnerability testing, set the regular expression pattern used to exclude CGI directories to /[^/].* . This pattern allows the root directory “/” to be searched, but excludes any other directory. (Specifically, this pattern excludes any path that begins with aslash followed by anon-slash character.) To implement this change:
1) In the Greenbone Security Assistant, use the “Configuration” → “Scan Configs” menu to list the various scan configurations.
2) Find “Full and fast” and click the sheep icon (“Clone”):
3) In the resulting “Full and fast Clone 1” configuration, click the wrench to editit:
4) In the resulting dialog box, feel free to rename the config, but more importantly, find and click the wrench next to “Regex pattern to exclude directories from CGI scanning”:
5) In the resulting popup, set “Regex pattern to exclude directories from CGI scanning” to /[^/].*
6) Click “Save” to save and close the pop-up configuration screens
To scan 2directories deep, change the regex pattern to /[^/][^/]*/[^/].* . (This excludes any path that begins with two slashes separated by at least one non-slash character.)
This is not arigorous as the regular “full and fast” scan, but is great for aquick tune-up scan, and Ihope saves youtime.
FAQs
Perform Vulnerability Scanning using OpenVAS.
This process will take up to 15 minutes to complete. The Firefox browser will open automatically.
Is OpenVAS a good vulnerability scanner? ›
Nessus is best for companies that want more of an off-the-shelf vulnerability scanning solution, while the open source OpenVAS is best for organizations that want more customization and integrations.
Is Nessus better than OpenVAS? ›
OpenVAS may lag in comparison to Nessus when scanning large-scale networks. This discrepancy can be attributed to the open-source nature of OpenVAS. Nessus is celebrated for its exceptional speed and efficiency, making it the favored choice for enterprises dealing with extensive network infrastructures.
Is OpenVAS better than nmap? ›
The results varied between projects: OpenVAS provided some of the best results in terms of accuracy and coverage. Nmap plus Vulners provided a very false positive heavy result set that was difficult to parse or integrate with any other solution (commercial or open source).
How do I scan faster? ›
If scanning becomes slow, try these solutions: Scan your original at a lower resolution, if possible. Make sure your system meets the requirements for your operating system. If you are scanning a high-resolution image, you may need more than the minimum requirements.
Why is my Nmap scan taking so long? ›
Limit the number of ports scanned. By default, Nmap scans the most common 1,000 ports. On a fast network of responsive machines, this may take a fraction of a second per host. But Nmap must slow down dramatically when it encounters rate limiting or firewalls that drop probe packets without responding.
What is better than OpenVAS? ›
Other important factors to consider when researching alternatives to OpenVAS include security. We have compiled a list of solutions that reviewers voted as the best overall alternatives and competitors to OpenVAS, including Tenable Nessus, Burp Suite, Tenable Vulnerability Management, and InsightVM (Nexpose).
Is OpenVAS still free? ›
OpenVAS The Open Vulnerability Assessment System is a free vulnerability manager for Linux that can be accessed on Windows through a VM.
Which tool is best for vulnerability scanning? ›
Top 5 Network Vulnerability Scanning Providers
- AlgoSec. AlgoSec is a network security platform that helps organizations identify vulnerabilities and orchestrate network security policies in response. ...
- Tenable Nessus. ...
- Rapid7 Nexpose. ...
- Qualys. ...
- OpenVAS (Greenbone Networks)
Nessus. Qualys and Nessus are two powerful vulnerability scanning tools with some common features and some unique traits. Qualys is more focused on cloud security monitoring while Nessus is a typical web vulnerability assessment tool.
Scanners such as OpenVAS are designed to be used by internal information (IT) and security operations center (SOC) teams. OpenVAS provides increased transparency for management to better manage IT assets and processes.
What are the disadvantages of Nessus vulnerability scanner? ›
Restrictions in Free Version: Some users have mentioned that the free version of Nessus has limitations, such as not allowing internal/external PCI scan policies and config audits. This has been considered a drawback by several reviewers.
What is the best vulnerability scanner for Kali? ›
Kali comes with Nmap, a network mapping tool capable of vulnerability scanning. What is the best vulnerability scanner for Kali? For your initial recon, we would say Nmap.
What vulnerabilities does OpenVAS scan for? ›
OpenVAS is a system vulnerability scanner that checks visible ports, services it can access for known exploits, and high level web threats (like cross-site script vulnerabilities and improper file access).
What is the difference between OpenVAS and Greenbone? ›
The Greenbone Vulnerability Management (GVM) is a framework originally built as a community project named “OpenVAS” and is primarily developed and forwarded by Greenbone.
How long can an Nmap scan take? ›
Timing Templates ( -T )
| T0 | T2 |
|---|
| max-retries | 10 | 10 |
| Initial (and minimum) scan delay ( --scan-delay ) | 5 minutes | 400 ms |
| Maximum TCP scan delay | 5 minutes | 1 second |
| Maximum UDP scan delay | 5 minutes | 1 second |
13 more rowsA default scan (nmap <hostname> ) of a host on my local network takes a fifth of a second. That is barely enough time to blink, but adds up when you are scanning hundreds or thousands of hosts. Moreover, certain scan options such as UDP scanning and version detection can increase scan times substantially.
How long does a vulnerability scan take? ›
How Long Does It Take To Perform A Vulnerability Scan? A vulnerability scan will take 20 – 60 minutes, depending on the number of IPs, while web scans may take up to 2 – 4 hours to complete. Scans can be automated and maintained by a network administrator or an internal security team.
How long does it take to scan 400 pages? ›
A flatbed scanner can take between 15 and 30 seconds to capture a single page, so a 400-page book could take about an hour-and-a-half to three hours of work. Not to mention that the design of the scanners means that you have to open the book binding wide and press it flat, which can damage the book.
By Robert Buccigrossi, TCGCTO
