Package vs Source Edition vs Virtual Machine

Good afternoon,

I’ve recently started using Openvas on a Kali Linux machine and I must say I’m really impressed with it so far. One thing that proves to be difficult is configuring your own scans. There’s so many options; is there any documentation other than the user guide to gain more insight into the options?

Also, since I’m running it as a package in Kali (apt get install openvas), should I be concerned with it being out of date? It seems like Openvas currently only exists as a virtual device or a source that you have to build. Is it a poor decision to just use the package? What features might I be missing out on?



It fully depends on your linux skills and the level of comfort. If you plan to start with the latest integration environment (Greenbone OS) you can use the GSE, that will provide you a SME environment out of the box with a inside what you will get if you buy a Greenbone Appliance with fully Support and the Greenbone Security Feed. The GSE is fully sufficient for SME/Home User with all NVTs you will need @home.

From the history we learned that most packages are outdated and NOT optimal configured, like Kali runs all daemons as ROOT in introduces some serious security issues compared to the GSE.

If you are a Linux expert you can go with the Source Edition. You need and handle all issues and features on your self but can configure and build is more features like you get on the GSE or most packets. But beware you will be alone with your GSE. Support is very limited.


If you never heard of/worked with git, gcc, cmake, make, nodejs, npm, python, dev packages, unix sockets you should avoid using the sources.