Ever since the source code for Nessus was pulled from the net, I’ve been looking for a good alternative, I believe I’ve finally stumbled upon a good successor: OpenVAS

OpenVAS consists of three parts:


  • A server that holds a database of tests and performs these on command
  • A client that requests scans and runs reports
  • The NVT feed that reports new vulnerabilities
This really looks like a promising project, I’ll be checking this out in more detail next month. Now if there were just some Debian packages available in Etch… According to the Zero Day blog these are in the works, but I haven’t been able to find a timeframe for those yet.