HostedScan

OpenVAS Online Scan

Online network vulnerability scanner for >50,000 security vulnerabilities

200,000+

NVTs in the vulnerability feed

20+

years as the leading open-source scanner

Daily

feed updates as new vulnerabilities are disclosed

Scanner highlights

Easily run OpenVAS vulnerability scans

HostedScan makes it easy to run OpenVAS and other industry-standard vulnerability scanners through an online dashboard. More than just the scanners, our platform also includes all the reporting and management features required to set up a compliant vulnerability management program for SOC 2, ISO 27001, and more.

200,000+ NVTs

Network Vulnerability Tests (NVTs) perform tests to detect vulnerabilities, configuration state, and weaknesses

43k Critical NVT tests

Critical NVTs are growing in coverage to detect critical gaps in your cybersecurity

External Scanning

Scan Servers, Web Applications and more, by inputting your targets to scan

Available for Internal Scanning

Use our one command installer to deploy OpenVAS on your network to perform internal network scans

Updated daily

Feed synced daily to provide up-to-date coverage

Ready to run an OpenVAS scan in seconds?

Get the full power of OpenVAS without installing a thing. That's HostedScan.

OpenVAS

A powerful network vulnerability scanner

OpenVAS is one of the most widely used vulnerability scanners in the world. It is an open-source project and also goes by the names GVM and Greenbone Community Edition (Greenbone are the lead project maintainers).

OpenVAS tests servers and any other network connected devices for tens of thousands of vulnerabilities and CVEs. This can be done over the internet for publicly exposed systems or over private networks. The scanner first conducts a port scan to discover what ports and services are open. It then performs additional fingerprinting and testing to check for CVEs, insecure configurations, and vulnerable outdated software versions.

How to get the best scan results with OpenVAS

Update the vulnerability feed:

OpenVAS uses the Greenbone Community Feed as its source of vulnerability data. Ensure the feed is updated in your installation before starting a scan, so that all of the latest vulnerabilities are tested. Or use a managed service, such as HostedScan, which is updated daily.

Choose the right Quality of Detection (QoD):

QoD is a measure of the reliability of vulnerability tests. The default OpenVAS QoD is 70%. However, that may not be right for all systems. Learn more about setting the right QoD.

Use "Consider Alive":

To optimize speed, OpenVAS will first send a ping request to each target and skip targets which do not respond. While this can save considerable time for very large address spaces, when scanning smaller sets of targets it is better to be thorough, as not all targets may respond to ping. Using HostedScan, targets are always considered alive and scanned fully.

OpenVAS runs over 200,000 vulnerability tests. Here are the most common CVEs for widely-used web technologies.

From thousands of CVEs in the feed, these are the ones that show up most in real-world scans.

1
Apache HTTP Server < 2.4.60 Multiple Vulnerabilities - Windows
CVE-2024-36387, CVE-2024-38472, CVE-2024-38473, CVE-2024-38474, CVE-2024-38475, CVE-2024-38476, CVE-2024-38477, CVE-2024-39573
2
Apache HTTP Server < 2.4.59 Multiple Vulnerabilities - Windows
CVE-2023-38709, CVE-2024-24795, CVE-2024-27316
3
Apache HTTP Server 2.4.0 - 2.4.61 SSRF Vulnerability - Windows
CVE-2024-40898
4
Apache HTTP Server < 2.4.58 'mod_macro' Out-of-bounds Read Vulnerability - Windows
CVE-2023-31122
5
Apache HTTP Server < 2.4.55 Multiple Vulnerabilities - Windows
CVE-2006-20001, CVE-2022-36760, CVE-2022-37436
6
Apache HTTP Server /server-status Accessible (HTTP)
CVE-2020-25073
7
Apache HTTP Server 2.4.17 - 2.4.57 DoS Vulnerability - Windows
CVE-2023-45802
8
Apache HTTP Server 2.4.0 - 2.4.55 HTTP Request Smuggling Vulnerability - Windows
CVE-2023-25690
9
Apache HTTP Server < 2.4.54 Multiple Vulnerabilities - Windows
CVE-2022-26377, CVE-2022-28330, CVE-2022-28614, CVE-2022-28615, CVE-2022-29404, CVE-2022-30556, CVE-2022-31813
10
Apache HTTP Server <= 2.4.52 Multiple Vulnerabilities - Windows
CVE-2022-22719, CVE-2022-22720, CVE-2022-22721, CVE-2022-23943
And thousands more CVEs

Benefits of using HostedScan

Strengthen your
cybersecurity
resilience

Mitigate security vulnerabilities

Discover CVEs, OWASP Top 10 vulnerabilities, and exploitable weaknesses across your entire infrastructure. Get prioritized remediation guidance with CVSS scoring and actionable risk classifications—fix what matters first.

Learn more

Manage your risk exposure

With regulations such as GDPR and CCPA, failure to maintain reasonable security procedures is grounds for lawsuits and fines.

Get started

Meet compliance requirements

Vulnerability scanning is essential for your compliance with SOC 2, ISO 27001, cyber insurance, and more.

Learn more

Detect misconfigurations

90% of cyber attacks exploit simple misconfigurations, not zero-days. Detect exposed ports, weak credentials, outdated software, and common security gaps before attackers do—automatically, every day.

Get started

Map your attack surface

Your infrastructure changes constantly. Automatically discover and monitor all websites, servers, networks, and APIs—maintaining complete visibility of your attack surface without manual tracking.

Get started

Our Customers

5,000+ MSPs and IT teams who move faster

BbAmericas
Porsche
ExpediaGroup
WeMakeApps
SibylSoft
Luminary
CoinMe
Appetize
WonderProxy
Median
TaxiCaller
Yamaha
UniversityOfOxford

Quick Answers

Frequently asked questions

Our knowledge base contains answers to technical questions, and you can always contact us for more details on our plans, pricing, or any questions.

With any paying account, you can create an unlimited number of targets in your account, however you can only scan the number of targets you are paying for each month.

This allows you to retain and manage all your historical risk, scan, and target data in one place, without on-going cost.

Speed and power,
without the complexity

The world's leading vulnerability scanners, all in one platform.

Loading call to action