Provided by: openvas-client_2.0.5-1ubuntu1_amd64 bug


       OpenVAS-Client - The client part of the OpenVAS Security Scanner


       OpenVAS-Client  [-v]  [-h]  [-n]  [-T  <type>] [-q [-pPS] host  port user password targets

       OpenVAS-Client -i in.nbe -o out.[html|xml|nbe]


       The OpenVAS Security Scanner is a security auditing tool made up of two parts:  a  server,
       and  a  client.   The  server,  openvasd  is  in charge of the attacks, whereas the client
       OpenVAS-Client provides an interface to the user.

       OpenVAS-Client is an X11 client based on GTK+2.

       This man page explains how to use the client.


       -c <config-file>, --config-file=<config-file>
              use another configuration file.

       -n, --no-pixmaps
              no pixmaps. This is handy if you are running OpenVAS-Client on a remote computer.

       -q, --batch-mode
              quiet mode or batch mode.  Setting this option makes OpenVAS-Client expect  all  of
              the following settings.
                      obtain list of plugins installed on the server.
                     obtain list of server and plugin preferences.
                     issue SQL output for -p and -P (experimental).
              · host
                     is the openvasd host to whom you will connect.
              · port
                     is the port to which you will connect on the remote openvasd host.
              · user
                     is the user name to use to connect to openvasd.
              · password
                     is the password associated with this user name.
              · targets
                     is the name of a file containing the target machines.
              · results
                     is  the  name of the file where the results will be stored at the end of the

       -T <type>, --output-type=<type>"
              Save the data as <type>, where <type> can be “nbe”, “html”,  “html_graph”,  “text”,
              “xml”, “tex”

       -V, --verbose
              make the batch mode display status messages to the screen.

       -x, --dont-check-ssl-cert
              do not check SSL certificates.

       -v, --version
              shows version number and quits

       -h, --help
              lists the available options

The X11 interface

       The OpenVAS-Client interface is divided in several panels:

       · The “Openvasd host” section:
              In this section, you must enter the openvasd host to whom you will connect, as well
              as the port. You must also enter your openvasd user name and your password (not the
              one of the system). Once you are done, you must click on the “Log in” button, which
              will establish the connection to the openvasd host.
              Once the connection is established, openvasd  sends  to  the  client  the  list  of
              attacks it will perform, as well as the default preferences to use.

       · The “Target Selection” section:
              ·  In  this section, you are required to enter the primary target. A primary target
              may be a single host (e.g. x.y.test), an IP  (e.g.,  a  subnet  (e.g.
      or  x.y.test),  or  a  list  of  hosts,  separated  by commas (e.g.
    ,, x.y.test, a.b.test).

              · You can restrict the maximum number of hosts to test using the “Max Hosts” entry.
              This  is  a  feature  that  prevents  you  from  scanning  too  many  machines;  or
              accidentally scanning other machines.  (For instance, if  you  only  plan  to  test
     and, you can safely set this entry to “2”).

              ·  This  panel  also allows you to enable the “Perform a DNS zone transfer” option.
              This option is dangerous and should be enabled with caution.  For instance, if  you
              want  to  test www.x.test, then if this option is set, openvasd will attempt to get
              the list of the hosts in the “x.test” domain.

              This option may be dangerous. For instance, if you enable it and you  ask  to  test
    ,  then  openvasd  will  do  a  reverse  lookup on every IP, and will
              attempt a DNS zone transfer on every domain. That is, if is www.x.test,
              and  is  mail.x.test,  then  a  DNS zone transfer will be made on the
              domains “x.test” and “test.x”.

       · The “Plugins” section
              Once you have successfully logged into the remote openvasd server, this section  is
              filed  with  the  list  of  the attacks that the server will perform. This panel is
              divided in two parts: the plugins families, and  the  plugins  themselves.  If  you
              click on the name of a plugin, then a dialog will appear, showing you which will be
              the error message sent by the plugin if the attack is successful.

Report conversion

       You can use OpenVAS-Client to do conversion between formats used for reports. OpenVAS  can
       take any NBE reports and change them into HTML, XML or NBE reports.

       Please  note  that  the XML report provides usually more information about the scan itself
       NBE format do not include in the report.

       Basically, XML is a merge between the .nbe reports and the .openvasrc configuration  file.
       You  won't  get extra verbosity or diagnosis info in the XML report, but you'll know which
       plugins (and which version of these plugins) have been enabled during the scan.

       For more information on the  report  formats  please  read  the  file  nbe_file_format.txt
       provided along with the documentation.


       HOME   The  path  to  the  user's  home directory which will hold the client configuration
              cache .openvasrc.  The path is refered to as ~/, below.

              If this environment variable is set, this path is used instead of the path  defined
              by the HOME variable.  This path is referred to as ~/, below.

              % More examples should be included here (jfs)


       To  run  a  batch  scan  from  a  cron  job  and  publish  it  in  a  given  web  space  (
       /var/www/html/openvas/ ) try the following:

       OpenVAS-Client -c  /root/openvas/openvas.rc  -T  html  -qx  localhost  9390  batch  batch1
       /root/openvas/target /var/www/html/openvas/results.html

       Make  sure that paranoia level is not set in your openvas.rc configuration file, otherwise
       the scan will not work


              is the client configuration file, which contains the options about  which  openvasd
              server  to  connect  to, which plugins to activate, and so on.  The file is created
              automatically if it does not exist.




       The canonical places where you will find more information about the OpenVAS project are:



       Author  of  developments  prior  to  the  fork  from  NessusClient  is   Renaud   Deraison

       Several  other  people  have  been kind enough to send patches and bug reports.  Thanks to