OpenVAS 3.0 released

OpenVAS stands for Open Vulnerability Assessment System and is a network security scanner with associated tools like a graphical user fontend. The core is a server component with a set of plugins to test various vulnerabilities in remote systems and applications

The release introduces new features and a new architecture which forms the basis for turning the vulnerability scanner into a vulnerability management solution.

The GPL-licensed Open Vulnerability Assessment System (OpenVAS) has become the Open Source Network Vulnerability Scanner. It is complemented with the largest open collection of vulnerability tests, the daily updated OpenVAS NVT Feed with over 15,500 Network Vulnerability Tests (NVTs).

PNG - 25.6 kb

Exactly 1 year after version 2.0.0 was released, the new 3.0 generation introduces:

  • A new internal architecture of the modules
  • NVT Meta Information that is free of arbitrary size limits
  • IPv6 support
  • WMI clients support
  • Supports upcoming optional extensions:
    • OpenVAS Manager for storing and organizing scans on a central server in a SQL database
    • OpenVAS Administrator for User-, Feed- and Settings-Management
    • Greenbone Security Assistent for a web-based Vulnerability Management


The new OpenVAS Scanner remains compatible with the OpenVAS NVT Feed as well as with the Greenbone Security Feed. Also, it is possible to use the new OpenVAS Scanner with the OpenVAS-Client 2.0. OpenVAS Client 3.0 can connect to both OpenVAS Scanner 3.0 and OpenVAS Server 2.0 concurrently, and even to OpenVAS Manager via the new OpenVAS Management Protocol (OMP).

New Module Architecture:

OpenVAS 3.0 introduces a new architecture where openvas-libraries now includes openvas-libnasl as well as redundant code from openvas-client. The module openvas-server has been renamed to openvas-scanner and includes any platform-dependent elements of openvas-plugins. As a result of this, the total number of source code lines decreased, though new features were added. Also, for running just the core scanner only 2 modules are required (instead of 4 as is the case for OpenVAS 2.0).


Version 3.0 will be maintained by the OpenVAS team for at least 2 years and the maintenance of Version 2.0 will continue for at least one year. Version 1.0 is being retired in January 2010.


All download links for OpenVAS 3.0.0 and additional information can be found on the OpenVAS website. OpenVAS 3.0.0 has been released initially as a source code package; binary packages for various distributions are expected to follow.

The OpenVAS team would like to thank everybody who has contributed to this release. We have worked hard to bring you a reliable network security scanner.

The OpenVAS developers would like to wish all users a recreative holiday season and a happy new year.

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Vulnerability Management
Vulnerability Scanner