← Back to Blog
OpenVAS Vulnerability Scanning Guide 2026
OpenVAS (Open Vulnerability Assessment System), maintained by Greenbone, is one of the most widely used open-source vulnerability scanners. It helps organizations identify security weaknesses, missing patches, misconfigurations, and known vulnerabilities across servers, endpoints, network devices, and applications.
What is OpenVAS?
- Open-source vulnerability scanner
- Thousands of vulnerability checks
- CVE detection and severity scoring
- Compliance and security assessments
- Regular feed updates from Greenbone
Recommended Deployment Architecture
OpenVAS Scanner
↓
Internal Network Assets
↓
Servers, Firewalls, Switches
↓
Reports & Remediation Tracking
System Requirements
- Ubuntu 22.04 / 24.04
- 4 CPU Cores Minimum
- 8 GB RAM Minimum
- 100 GB SSD Storage
- Static IP Address
Installation (Ubuntu)
sudo apt update
sudo apt upgrade -y
sudo apt install docker.io docker-compose -y
You can deploy Greenbone Community Edition using Docker containers for easier management and upgrades.
Initial Configuration
- Create administrator account
- Update vulnerability feeds
- Verify scanner status
- Configure scan schedules
- Configure SMTP notifications
Creating Scan Targets
- Single Host
- Server VLAN
- DMZ Segment
- Workstation Subnet
- Cloud Infrastructure
Types of Vulnerability Scans
1. Discovery Scan
- Host detection
- Port identification
- Service enumeration
2. Full and Fast Scan
- Most common assessment
- Balanced performance
- Comprehensive vulnerability checks
3. Full and Very Deep Scan
- Maximum coverage
- Longer execution time
- Detailed analysis
Authenticated Scanning
Authenticated scans provide significantly better results than unauthenticated scans.
- Windows Domain Credentials
- Linux SSH Credentials
- Service Accounts
- Read-only Audit Accounts
Understanding Risk Levels
| Severity |
CVSS Score |
| Critical |
9.0 - 10.0 |
| High |
7.0 - 8.9 |
| Medium |
4.0 - 6.9 |
| Low |
0.1 - 3.9 |
Remediation Workflow
- Review scan report
- Prioritize Critical findings
- Apply security patches
- Fix configuration issues
- Perform rescans
- Document remediation evidence
Best Practices
- Perform monthly vulnerability scans.
- Run authenticated scans whenever possible.
- Scan DMZ and Internet-facing systems weekly.
- Track remediation progress.
- Retain scan reports for audits.
- Integrate findings into change management.
- Validate fixes using follow-up scans.
Compliance Use Cases
- SOC 2
- ISO 27001
- PCI DSS
- NIST CSF
- Cyber Insurance Assessments
Integration Opportunities
- Wazuh SIEM
- Ticketing Systems
- Email Alerts
- Security Dashboards
- Asset Management Platforms
Common Mistakes
- Running only unauthenticated scans.
- Ignoring Medium severity findings.
- Not rescanning after remediation.
- Scanning production systems during peak hours.
- Failing to update vulnerability feeds.
Conclusion
OpenVAS is a powerful and cost-effective vulnerability assessment platform. Regular scanning, proper remediation workflows, and continuous monitoring can significantly reduce an organization's attack surface and improve overall security posture.
Author: Nageshwar Rao
Network Security Engineer | Cyber Security Consultant