I wanted to do a quick scan of a system before I signed a security assessment consent form, so I wanted a free vulnerability scanner I could use. I couldn’t find a truly free online scanner that I could “just use”, so I set up OpenVAS on an amazon instance. It works well. I chose OpenVAS because is the leading free open source scanner out there.
I spun up a t2.micro at amazon to host it. It choked. I upgraded to a t2.large, which worked much better. OpenVAS uses a lot of resources, so go with a large. You can always shut down the scanner when you are not using it. Even the t2.large just about used up all its CPU credit balance after just 3 scans.
A quick setup guide is hosted here: https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
But first, do:
sudo apt-get install texlive-latex-extra build-essential
After installation and configuration, reconnect to your amazon instance like this:
ssh [email protected] -L 8000:127.0.0.1:443 -i ec2-keypair.pem
Then point your browser at https://localhost:8000
login with user admin, password admin.
Amazon does not like you running openVAS on their network. They threatened to shut down my account. So, if you are wanting to run openVAS, I recommend running it on Digital Ocean.
Here is a howto they put together for you.