OpenVAS Online Scan
Online network vulnerability scanner for >50,000 security vulnerabilities
200,000+
NVTs in the vulnerability feed
20+
years as the leading open-source scanner
Daily
feed updates as new vulnerabilities are disclosed
Easily run OpenVAS vulnerability scans
HostedScan makes it easy to run OpenVAS and other industry-standard vulnerability scanners through an online dashboard. More than just the scanners, our platform also includes all the reporting and management features required to set up a compliant vulnerability management program for SOC 2, ISO 27001, and more.
200,000+ NVTs
Network Vulnerability Tests (NVTs) perform tests to detect vulnerabilities, configuration state, and weaknesses
43k Critical NVT tests
Critical NVTs are growing in coverage to detect critical gaps in your cybersecurity
External Scanning
Scan Servers, Web Applications and more, by inputting your targets to scan
Available for Internal Scanning
Use our one command installer to deploy OpenVAS on your network to perform internal network scans
Updated daily
Feed synced daily to provide up-to-date coverage
Ready to run an OpenVAS scan in seconds?
Get the full power of OpenVAS without installing a thing. That's HostedScan.
A powerful network vulnerability scanner
OpenVAS is one of the most widely used vulnerability scanners in the world. It is an open-source project and also goes by the names GVM and Greenbone Community Edition (Greenbone are the lead project maintainers).
OpenVAS tests servers and any other network connected devices for tens of thousands of vulnerabilities and CVEs. This can be done over the internet for publicly exposed systems or over private networks. The scanner first conducts a port scan to discover what ports and services are open. It then performs additional fingerprinting and testing to check for CVEs, insecure configurations, and vulnerable outdated software versions.
How to get the best scan results with OpenVAS
Update the vulnerability feed:
OpenVAS uses the Greenbone Community Feed as its source of vulnerability data. Ensure the feed is updated in your installation before starting a scan, so that all of the latest vulnerabilities are tested. Or use a managed service, such as HostedScan, which is updated daily.
Choose the right Quality of Detection (QoD):
QoD is a measure of the reliability of vulnerability tests. The default OpenVAS QoD is 70%. However, that may not be right for all systems. Learn more about setting the right QoD.
Use "Consider Alive":
To optimize speed, OpenVAS will first send a ping request to each target and skip targets which do not respond. While this can save considerable time for very large address spaces, when scanning smaller sets of targets it is better to be thorough, as not all targets may respond to ping. Using HostedScan, targets are always considered alive and scanned fully.
OpenVAS runs over 200,000 vulnerability tests. Here are the most common CVEs for widely-used web technologies.
From thousands of CVEs in the feed, these are the ones that show up most in real-world scans.
Benefits of using HostedScan
Strengthen your
cybersecurity
resilience
Strengthen your cybersecurity resilience
Strengthen your
cybersecurity
resilience
Mitigate security vulnerabilities
Discover CVEs, OWASP Top 10 vulnerabilities, and exploitable weaknesses across your entire infrastructure. Get prioritized remediation guidance with CVSS scoring and actionable risk classifications—fix what matters first.
Manage your risk exposure
With regulations such as GDPR and CCPA, failure to maintain reasonable security procedures is grounds for lawsuits and fines.
Meet compliance requirements
Vulnerability scanning is essential for your compliance with SOC 2, ISO 27001, cyber insurance, and more.
Detect misconfigurations
90% of cyber attacks exploit simple misconfigurations, not zero-days. Detect exposed ports, weak credentials, outdated software, and common security gaps before attackers do—automatically, every day.
Map your attack surface
Your infrastructure changes constantly. Automatically discover and monitor all websites, servers, networks, and APIs—maintaining complete visibility of your attack surface without manual tracking.
Our Customers
5,000+ MSPs and IT teams who move faster
Quick Answers
Frequently asked questions
Our knowledge base contains answers to technical questions, and you can always contact us for more details on our plans, pricing, or any questions.
With any paying account, you can create an unlimited number of targets in your account, however you can only scan the number of targets you are paying for each month.
This allows you to retain and manage all your historical risk, scan, and target data in one place, without on-going cost.
Speed and power,
without the complexity
The world's leading vulnerability scanners, all in one platform.





