OpenVAS vs Nessus

OpenVAS vs Nessus: Which Scanner Is For You?

ByAndrew Lugsden

When comparing OpenVAS vs Nessus, multiple features can be considered as well as the benefits they can provide to your organization, but one of the main points that can impact your decision is the price. OpenVAS remains an open-source and free-to-use tool, whereas Nessus is a paid-for and licensed product.

Table of Contents
    This article includes information regarding Tenable products.  Forge Secure is now a Tenable partner and reseller which should be taken into account with any reviews or recommendations.

    Vulnerability Scanning Tools

    Vulnerability scanning tools have a fairly straightforward purpose, in that they scan your systems for vulnerabilities and are used as part of a vulnerability assessment system.

    Your systems can be affected by vulnerabilities for a number of different reasons, such as:

    • Missing updates and patches
    • Misconfiguration
    • Insecure default configuration standards
    • Weakly chosen accounts and passwords

    While it is important to avoid complete dependence on a single security solution and implement a layered approach to your company’s security implementation, vulnerability assessment tools do form an important layer within a defense-in-depth approach and aim to highlight your company’s security risks.

    Nessus Vs OpenVAS

    Nessus vs OpenVAS

    There are many vulnerability scanners which are available today, with a more complete list of infrastructure scanning tools provided here, which can be used to conduct vulnerability assessments and network scanning against your internal and external networks.

    Some of the available tools are free to use and many have paid-for licenses. Many vulnerability scanners have a specific focus on individual products or types of security flaws, whereas others may focus on a specific system such as Windows, Mac, Unix, and Linux systems.

    Nessus and OpenVAS are two of the top vulnerability scanners, which are more commonly referenced, and often compared against each other.

    Both of these vulnerability scanners aim to have fairly broad coverage, testing for a range of systems, vulnerabilities, and aiming to provide detailed vulnerability assessment reports.

    By reviewing each of their features we can determine which tool may be the right choice for your organization and work within your environment.

    OpenVAS vs Nessus: A Shared History

    Both OpenVAS and Nessus started from the same open-source vulnerability scanner. The Nessus Project was started as a free vulnerability scanning tool which was developed using a GNU General Public License, aimed at creating open source tools with accessible source code which was free to use.

    However, after several version releases of Nessus, the license was changed to a proprietary license and the project developed into the Nessus vulnerability scanner, run by Tenable, which is in use today.

    The latest version of the open-source Nessus project was carried on and developed into what is now the OpenVAS vulnerability scanner, run by Greenbone, which remains an open-source project, although Greenbone also offers Enterprise solutions as well.

    The Installation Process

    Installing A Vulnerability Scanner

    Both Nessus and OpenVAS can be installed on multiple operating systems, however, while Nessus has provided a simple and automated installation process, OpenVAS requires a little more manual configuration.

    OpenVAS Installation

    If you are comfortable with the command line and various Linux systems, the installation instructions, provided by GreenBone, can be followed to configure the necessary prerequisites and install OpenVAS on your Linux system.

    However, if you aren’t comfortable with the installation process there is an option available that can make the setup process a little simpler. With the Kali operating system, OpenVAS can be installed with a few simple commands, such as “apt install openvas”.

    OpenVAS is more limited with the operating systems it is available for and does require more technical knowledge to set up and configure the scanner.

    Nessus Installation

    Tenable provides a download page that lists each of their available installation files. With Nessus, the installation process is mostly automated after running the installation file and is designed to be simple to use for any user.

    Supported Operating Systems

    Nessus and OpenVAS Supported Systems

    OpenVAS Supported Systems

    OpenVAS has been developed based on Linux operating systems and requires the use of such a system to set up and configure the vulnerability scanner.

    Where you are using a Windows or Mac and wish to use OpenVAS, setting up a Virtual Machine running a Linux operating system, and then installing OpenVAS on the virtual system can be a viable option.

    Nessus Supported Systems

    Nessus has greater platform support for multiple operating systems, including Windows, Mac, and Linux, and makes use of an automated installation file to simplify the process.

    The Available Scanning Types

    Both OpenVAS and Nessus are prebuilt with a simple-to-use basic network scan, but also allow different customized and advanced scan types to be configured.

    Nessus provides more customization options for its scans allowing for fine-grained control of how each scan runs as well as how the information is reported.

    • OpenVAS has 7 default scan templates
    • Nessus has 23 default scan templates and a further 8 available under different licenses.

    If you are looking to configure your first vulnerability scan using Nessus the following guide can be used, and an additional guide for OpenVAS can be found here.

    The Extent of Vulnerability Coverage

    OpenVAS and Nessus Vulnerability Coverage

    For both vulnerability scanning tools, each aims to stay up to date with the latest vulnerabilities that are identified and have an impressive number of plugins that have been developed to detect vulnerabilities.

    Although there are plugins that identify vulnerabilities that do not have a CVE ID allocated, the number of CVE’s that are covered by both tools are as follows:

    • The Tenable website states that it covers 257,840 CVEs
    • OpenVAS with the latest updates up to 15th July 2024 lists 256,979 CVEs

    Both the Nessus and OpenVAS scanner are regularly updated for known vulnerabilities and to ensure that the latest scans you conduct are identifying any security gaps that may exist within your network security.

    The Nessus plugins do cover more known CVE’s and so for more complete coverage of common vulnerabilities, this may be a deciding factor in the scanning solution your organization chooses.

    Authenticated Scanning Options

    OpenVAS has options for authenticated scans using SSH, SMB, and ESXi credentials

    Nessus also has options for the same authentication types but also has additional options for supplying over 30 different types of credentials for different devices, software, and services.

    Nessus has dedicated scan policies available for compliance audits and cloud infrastructure, depending on the license purchased. This can be useful when pursuing compliance certificates such as Cyber Essentials and ISO 27001.

    If the device types you use in your organization are more varied and require authenticated scanning to be conducted, Nessus does provide more options for authentication standards.

    If you are looking at configuring an authenticated vulnerability scan in Nessus, the following guide can be referred to.

    Available User Accounts And Permissions

    Each version of Nessus has legitimate weaknesses and limitations with how user accounts are managed to log in to the user interface and access the scan and vulnerability information.

    Each version of Nessus, Essentials, Professional, and Expert, are designed around a single user account.

    Multiple users are provided with other versions of scanning solutions from Tenable, such as the cloud-based Tenable Vulnerability Management, but with versions of Nessus only a single account can be created for the interface.

    OpenVAS does provide an advantage over Nessus for account options, which can be useful in enabling organizations to more effectively manage who has visibility and control over the scans that are run within their security team.

    OpenVAS provides options for multiple different user accounts with varying permission levels, with some user roles intended to view scan results and others created to configure and create different scans.

    The Designed User Interface

    Vulnerability Scanner User Interface

    There can be a large amount of personal preference involved with the appearance and navigating the user interface for different systems.

    However, Nessus does present a more polished and professional modern user interface and provides a simpler and more easily accessible user interface.

    As Nessus is designed as a professionally licensed and paid-for tool, this should be expected that its user interface has been polished over the years.

    While OpenVAS may not have the polish of Nessus, the core information and features are still available, with vulnerability data, reporting and summary dashboards all still provided and made accessible.

    Vulnerability Reporting Information

    The extent of information for individual vulnerabilities with each scanning tool can vary, however, both OpenVAS and Nessus provide detailed reports, with vulnerability data including:

    • An overview and description of each vulnerability
    • Technical information on how the vulnerability was identified
    • Remediation advice and guidance
    • CVE and vulnerability data where applicable
    • Severity Scores and CVSS Ratings where available to prioritise vulnerabilities
    • Links to external sources for further details and information

    Vulnerability Reports And False Positives

    Vulnerability Scanning False Positives

    With any vulnerability scanner, there is the potential for false positives to be listed within the reported vulnerabilities, and Nessus and OpenVAS are no exception to this.

    Both scanning tools have coverage of thousands of potential vulnerabilities, and the conditions that can cause a false positive can be variable, therefore stating which is more effective at accurate reporting is not possible.

    It is important to understand that no scanning tools are 100% accurate for every given scenario, which is why a vulnerability scanner should not be considered as a single solution to all security requirements, but one piece in a large vulnerability management program.

    Vulnerability scanning should be seen as one layer in a multilayered approach, backed up by following security best practices, maintaining a strict update schedule, and consulting with dedicated security professionals.

    Downloading Scan Reports

    While both tools aim to provide comprehensive reports regarding the identified vulnerability information, they each provide reports in different formats that can be compared and contrasted.

    With OpenVAS, vulnerability scan results can be downloaded within a report using CSV, PDF, TXT, and XML. As scans are configured an email recipient can also be configured to receive a report directly.

    With Nessus, scan data can also be downloaded as a report in a CSV or XML format but can also be downloaded as an HTML report. Vulnerability scans can also be configured to send information to email recipients.

    Available Customer Support

    As Nessus is a licensed and paid-for solution, assuming you have purchased the Professional or Expert license, there are dedicated customer support and technical support services that can provide help and answer any technical questions that you may have.

    Additionally, there is also a community support forum that can be used for providing answers to many commonly asked questions.

    While OpenVAS does not have a dedicated customer support service for a free and open-source tool, there is also a Greenbone community feed and support forum that can provide useful advice and support for many commonly asked questions.

    The Pricing Of Each Tool

    The greatest advantage OpenVAS has over Nessus is the price. OpenVAS is still open-source and free to use, allowing you to conduct vulnerability scans against all of your devices at no cost.

    While Nessus does have a free-to-use version with Nessus Essentials, this is limited to scans of 16 IP Addresses and some of the features are not available with this free version.

    With the Nessus licensed versions, there is Nessus Professional and Nessus Expert, with a one-year license for Professional currently listed at £4,113.49 ($5,328.08) and a one-year price for Expert currently listed at £6,175.40 ($7,998.81).

    OpenVas vs Nessus: Pros and Cons

    Pros and Cons of Nessus and OpenVAS

    OpenVAS Cons

    • The installation process requires some technical knowledge
    • Supported operating systems are limited
    • The user interface could be improved
    • Vulnerability scanning options are more limited

    OpenVAS Pros

    • The vulnerability scanner is free to use.
    • The vulnerability coverage is similar to other professional tools
    • It provides support for multiple user accounts

    Nessus Cons

    • The licensed versions can be expensive for smaller companies
    • Only a single user account is supported for Essentials, Professional, and Expert

    Nessus Pros

    • The installation process is simple and automated
    • The installation is supported across a range of operating systems
    • The user interface is easier to navigate
    • Scanning Templates and Configuration Options are extensive
    • A free version is made available for a limited number of devices
    • Vulnerability coverage is greater and compliance audit options are more varied

    Choosing The Right Vulnerability Scanner

    One of the biggest determining factors when choosing a vulnerability scanner, particularly for smaller businesses will likely be the cost. If budgets within your business are tight, then a free-to-use tool such as OpenVAS will likely make the most sense for you.

    However, if you have the resources available a paid-for option such as Nessus, makes more sense as it can be easier to set up, manage, and use on a day-to-day basis, and provides greater coverage of devices, vulnerabilities and compliance audits to stay in line with industry best practices.

    Conclusion

    Choosing The Right Vulnerability Scanner

    Both Nessus and OpenVAS are designed primarily as infrastructure scanning tools. While additional features have been developed over the years, particularly with Nessus, when comparing OpenVas vs Nessus it is best to consider their primary function.

    If a different type of vulnerability scanning tool is needed, such as for Web Applications, API’s, or other services, a different and dedicated scanning tool focused on these systems should be considered.

    Each organization should set up and conduct regular vulnerability scanning. As the number of reported vulnerabilities and security breaches continues to rise, not conducting any security testing of your systems creates unnecessary risk for any size of business.

    When determining which vulnerability scanner is best, Nessus has a clear advantage in many areas, albeit with the exception of multiple user accounts being available under OpenVAS. This should be expected from a professionally developed security tool that has been in development for almost two decades.

    For any company with a reasonable security budget, choosing Nessus over OpenVAS should be considered for many reasons including its coverage and support options.

    However, for any relatively small business with restrictions on its budget, OpenVAS provides a great alternative that allows vulnerability scanning to be conducted regularly at no additional expense.

    Where you have any further questions regarding different cybersecurity solutions, our consultants are available to address any concerns you may have.

    Contact Us Today

    Similar Posts