English | Deutsch
Home » About

About NVT Feed

Greenbone maintains a public feed of Network Vulnerability Tests (NVTs) for the OpenVAS project, the Greenbone Community Feed. It contains more than 50,000 NVTs, growing on a permanent basis. This feed is configured as the default for the OpenVAS Scanner and relates to the Greenbone Security Feed which is part of the commercial Greenbone Security Manager appliance products.

The Greenbone Community Feed (GCF) and the Greenbone Security Feed (GSF) share the same base set of NVTs. Both are daily updated. This includes immediate availability of "Hot NVTs" which address security problems running fast through the Internet and through the press. Also, improvements contributed by the community will become available without delay.

However, the GCF receives no new NVTs for features for enterprise environments since September 4th 2017. This distinction is regarded an adequate balance between community needs and commercial needs.

For online-synchronisation use the command greenbone-nvt-sync to update your local NVTs with the newest ones from the feed service. This command will download the Greenbone Community Feed unless it is executed in a Greenbone OS environment with a valid subscription key in which case it will download the Greenbone Security Feed.

Note for OpenVAS-8: Here, we had one command for each Feed. The Community Feed is downloaded with the command "openvas-nvt-sync".

For offline-updates it is also possible to download the whole Community Feed content as a single archive file (> 25 MByte). However, it is recommended to use the default rsync-based synchronisation routine because it downloads only changes and therefore is tremendously faster after the very first full download.

The OpenVAS structure

The files of the Greenbone Community Feed are signed by the "OpenVAS: Transfer Integrity" certificate. The presence of this signature does not indicate any judgement or quality control of the script itself. It is only intended to assist you in verifying the integrity of the NVT files after transfer. Thus, a valid signature only means that the script has not been modified on the way between the distribution point and your installation. See the notes at the bottom of the overview on Trusted NVTs for more information on this certificate.

Greenbone SecInfo Portal (Greenbone Security Feed)

Or browse all NVTs (including NVTs which are not present in the Community Feed)