🔎 Vulnerability scanners
OpenVAS / Greenbone Community
Free, full-featured network vulnerability scanner with 100k+ NVTs.
Why use it
OpenVAS, packaged as Greenbone Community Edition, is the closest free equivalent to commercial scanners like Nessus. It ships with over 100,000 network vulnerability tests and a web UI for scheduling, scanning, and reporting.
What you get
- Network vulnerability scanning across hosts and ranges
- Authenticated scans for Linux, Windows, ESXi
- CVE and CVSS scoring with prioritised reports
- Scheduled scans with notification triggers
- PDF and XML report exports for audit evidence
System requirements
| Cpu | 2 cores |
|---|---|
| Ram | 4 GB minimum, 8 GB recommended |
| Disk | 20 GB |
| Os | Linux (Kali, Ubuntu, Debian) |
| Docker | Yes |
Installation
The Greenbone Community Containers are the cleanest path: curl -O https://greenbone.github.io/docs/latest/_static/docker-compose.yml && docker compose up -d. Wait ~30 minutes on first start while the NVT feed downloads. Default credentials are admin / admin — change them immediately.
Suggested configuration
Run a "Full and fast" scan against your home network range first. Provide credentials (SSH key for Linux, SMB for Windows) for authenticated scans — they're an order of magnitude more accurate. Schedule weekly scans with email or webhook on findings rated High or Critical only.
Integration ideas
- Export findings as XML and feed Wazuh for unified dashboarding
- Pipe high-severity findings to TheHive for triage
- Combine with Nuclei for fast confirmation of suspect CVEs
Alternatives
- Nessus Essentials — More polished but capped at 16 IPs.
- Nuclei — Faster, template-based, less coverage of legacy CVEs.
Cyentrix verdict
The right pick when you need a real network vuln scanner with broad coverage and don't want a per-IP cap. The UI feels dated, but the engine is solid.