About

OpenVAS
Constitution
OpenVAS-Server
OpenVAS-Client
OpenVAS NVT Feed

Information/Howtos

Integrated Tools
Related Tools
Sources For Security Issues
Creation Process For NVTs
Trusted NVTs
NVT Feeds
Performing Local Security Checks
Articles/Studies
OpenVAS Compendium (en)
OpenVAS Compendium (de)

Support

Team & Tasks

Bug Tracker

Mailinglist Discussion:
Archive | Subscribe
Mailinglist Announcements:
Archive | Subscribe

Online Chat

FAQ

Professional Services

Developers Corner

Development Platform
Code quality
Change requests
Internal Architecture
Assigning OIDs for NVTS
DevCon2
DevCon2 - Minutes
Code Documenation

Mailinglist Development:
Archive | Subscribe
Mailinglist Writing NVTs:
Archive | Subscribe
Mailinglist Packaging/Distributing:
Archive | Subscribe
Mailinglist Source Code Commits:
Archive | Subscribe

Download

OpenVAS 3.0:
openvas-libraries 3.0.4
openvas-scanner 3.0.1
openvas-client 3.0.0
Optional:
openvas-manager 1.0.0-beta5
openvas-administrator 0.7.0
gsa 1.0.0-beta5

OpenVAS 2.0:
Server components:
openvas-libraries 2.0.4
openvas-libnasl 2.0.2
openvas-server 2.0.3
openvas-plugins 1.0.7
Client:
openvas-client 2.0.5

Documentation:
OpenVAS Compendium 1.0.1
PDF (en)
PDF (de)

More downloads...

NVT Lookup by OID

(replace 61039 by any other old-style ID)

OpenVAS Frequently Asked Questions

This page is meant to help you. If you have a question that does not appear here, please ask us via e-mail or IRC. If you have a question (and hopefully an answer) that you think should appear here, please let us know.

The Questions

My client is complaining about bad protocol, bad nessus protocol or about the specified protocol and does not connect.
Is there a Windows Client?
How are local tests conducted on nodes?
How can I make sure I won't write duplicate NASL tests?
Why does OpenVAS complain that certain plugins are missing when they seem to be available?
I am not getting all the results I expect.
I am getting inconsistent results for the same host or hosts
Where is the code/API documentation?
What port number should OpenVAS run on?
What dependancies do I need for compiling OpenVAS?

The Answers

My client is complaining about bad protocol, bad nessus protocol, or about the specified protocol and does not connect.

For example: 

Unable to establish a connection to the remote host using the specified protocol version!

Your client (or server) is too old. Make sure the major version numbers of the client and server match. For example, OpenVAS-Client and OpenVAS-server should both be version 2.x.

This message may vary depending on the combination of the client and server that is running. Some OS distributions ship incompatible client and server combinations.

Is there a Windows client?

Yes and no. A Windows client exists for version 1.x, but not yet for 2.x. The 2.x Windows client is in progress.

How are local tests conducted on nodes?

There are various mechanisms.

For Linux systems SSH is used to connect and perform local tests and the SLAD mechanism can be used to perform more extensive testing (e.g. password auditing). SSH functions are defined in the ssh_func.inc file. SLAD functions are defined in the slad_ssh.inc file.

For Windows platforms the SMB protocol is used and implemented by the smb_nt.inc file.

How can I make sure I won't write duplicate NASL tests?

The authoratitve source for registering NASL tests is the openvas-plugins/cve_current.txt file. Tests are indexed by CVE or BID. Check for the CVE/BID of the vulnerability you are writing a test for.

Why does OpenVAS complain that certain plugins are missing when they seem to be available?

Licensing issues.

I am not getting all the results I expect.

Many tests (both local and remote) require access credentials. Make sure they are filled out.

Why am I getting so few vulnerabilities in my reports?

See Above.

I am getting inconsistent results for the same host or hosts

 Update your NVT set. Older NVTs (which come in older tarballs or in some Linux distributions) have resource contention bugs which have been fixed.

Where is the code/API documentation?

http://openvas.org/src-doc.html has all of the code documentation (produced via doxygen).

What port number should OpenVAS run on?

9390/tcp is the officially assigned network port for OpenVAS. 2.x and later versions of the software automatically run on that port, older versions may have other defaults.

What dependancies do I need for compiling OpenVAS?

The complete list is quite long, but the main packages to be aware of are: