Video tutorial coming soon.
Deploy the Greenbone Community Edition vulnerability scanner on Ubuntu. Run authenticated and unauthenticated scans against your servers and get actionable CVE reports.
Grab the automated bash script from GitHub to follow along with the video.
wget https://raw.githubusercontent.com/mhmdali94/Docker/main/security/openvas/openvas-ubuntu.sh
chmod +x openvas-ubuntu.sh
sudo bash openvas-ubuntu.shwget https://raw.githubusercontent.com/mhmdali94/Docker/main/security/openvas/openvas-ubuntu.shchmod +x openvas-ubuntu.shScript deploys Greenbone Community Edition (GCE) via Docker Compose — GVM, OpenVAS scanner, GSA web interface, and PostgreSQL. Initial feed sync takes 10–30 minutes.
sudo bash openvas-ubuntu.shThe NVT/SCAP/CERT feed sync must complete before scans return meaningful results. Monitor with `docker logs openvas_gvmd` until you see sync completion messages.
docker logs openvas 2>&1 | grep -i syncOpen your browser and navigate to port 9392. Default credentials: admin / admin — change this password immediately after first login.
http://<your-server-ip>:9392| Port | Purpose |
|---|---|
| 9392 | Web UI |
| 9390 | GVM protocol |
OpenVAS (Open Vulnerability Assessment System) is the open-source scanner engine behind Greenbone's commercial products. The community edition (Greenbone Community Edition) provides access to the Community Feed — 50,000+ Network Vulnerability Tests (NVTs) covering CVEs, misconfigurations, and weak credentials across Windows, Linux, network devices, and web services. It supports both unauthenticated (external attacker view) and authenticated scans (deeper internal assessment with SSH/SMB credentials).
Most organizations only discover vulnerabilities after an incident. OpenVAS lets you find them first — running the same tests a real attacker would, before they do. Unlike endpoint agents, OpenVAS scans from the network perspective, discovering open services, outdated software versions, and default credentials on every host in your IP range. Scheduled weekly scans give you a continuous baseline and alert you when new vulnerabilities appear.
OpenVAS listens on port 9392 (GSA web UI) and 9390 (GVM management protocol). Restrict both ports to your management network with firewall rules — never expose them to the internet. The scanner itself sends outbound probes to your target hosts on all ports, so ensure the scanning host has network access to the hosts you want to assess. The GVM protocol port (9390) is used internally by the stack and should not be opened externally.
Nessus (Tenable) is the commercial gold standard with a larger plugin library and better reporting UI — the free Essentials tier allows scanning up to 16 IPs. Nuclei (ProjectDiscovery) is a fast, template-based scanner better suited for web application testing than host scanning. Trivy covers containers and IaC but not network hosts. For a lighter option, Nikto scans web servers specifically. OpenVAS is the best free choice for comprehensive network host vulnerability scanning.
OpenVAS is not a web application scanner — use OWASP ZAP or Burp Suite for testing web app logic, SQLi, XSS, and authentication flaws. It is also not designed for container image scanning (use Trivy) or runtime application monitoring (use Wazuh). Skip OpenVAS for quick one-off checks on a single host — `nmap --script vuln` or Nuclei gives faster results. OpenVAS shines for scheduled, comprehensive assessments of your full infrastructure.
PrismaTechWork provides end-to-end infrastructure services — from initial deployment and security hardening to ongoing monitoring, automated backups, and dedicated support. Whether you need a single-server setup or a multi-site network, our team ensures your infrastructure is built right, secured properly, and maintained reliably.
OpenVAS is the open-source scanner engine. Greenbone Community Edition (GCE) is the full stack — it bundles OpenVAS with the GVM framework, the Greenbone Security Assistant (GSA) web UI, and the Community Feed of NVTs. Greenbone also sells commercial products (Greenbone Enterprise) with a larger feed and enterprise features. When people say 'OpenVAS' they usually mean the full GCE stack deployed via Docker.
Scan time depends on the number of hosts, open ports, and which NVTs are enabled. A single host with 'Full and Fast' config typically takes 5–30 minutes. A /24 network (256 hosts) can take 4–12 hours. Authenticated scans take longer but find significantly more vulnerabilities. You can speed things up by using the 'Fast' scan config or limiting the port range in your scan configuration.
Authenticated scans provide SSH (Linux) or SMB (Windows) credentials to OpenVAS so it can log into target hosts and check installed package versions, registry keys, and file contents — finding many more CVEs than a remote probe can. Create a dedicated scanning account with read-only access on your servers, add the credentials in Configuration → Credentials, and attach them to your Target. Authenticated scans typically find 3–10x more findings than unauthenticated scans.
Yes — export your scan report from OpenVAS in XML format (GMP XML or OpenVAS XML), then import it into DefectDojo by selecting 'OpenVAS Parser' as the scanner type. DefectDojo will parse the findings, apply deduplication, and create trackable vulnerabilities. This workflow — OpenVAS scans, DefectDojo tracks — is a common free alternative to commercial vulnerability management platforms.
In the GSA web UI, go to Scans → Tasks → Edit your task. Under 'Schedule', click 'Create Schedule' and set the frequency (weekly, daily), start time, and timezone. OpenVAS will automatically launch the scan at the scheduled time and email you the report if you configure an alert. Go to Configuration → Alerts to set up email notifications when scans complete or when new CRITICAL findings appear.
Probably not — check these common causes: (1) The target IP is unreachable from the OpenVAS host — test with `ping` and `nmap`. (2) The NVT feed has not fully synced — wait for sync completion before scanning. (3) You scanned an IP that has no open ports — verify the host is running and has listening services. (4) The scan task finished with an error — check the task log in the GSA UI for error messages.
No — scanning systems without explicit written permission is illegal in most countries under computer fraud and cybercrime laws (CFAA in the US, Computer Misuse Act in the UK, etc.). This applies even if the target is publicly accessible. Always get written authorization before scanning any host you do not own. OpenVAS is intended for scanning your own infrastructure or systems you are contracted to test.
The Community Feed updates automatically when containers restart. Force an immediate sync by restarting the `openvas_gvmd` container: `docker restart openvas_gvmd`. For production setups, schedule a weekly container restart via cron or set up a systemd timer. The feed sync downloads NVT scripts from Greenbone's servers and typically takes 10–30 minutes. A stale feed (>2 weeks old) misses recent CVEs.