Background

In last time I used OpenVAS as my vulnerability scanning tool, and made a concise test report. This time I am writing a brief comparison of OpenVAS and Acunetix in three aspects: Ease of use, Scanner Customizability, Task Report.

Comparison

Ease of use

Both of them are using web based user interface. The web-based interface makes them run smoother, and also unlocks the potential of offering role-based access to multiple users within the organization. It is a very popular trends in recent scanner tools.

OpenVAS Login

From the aesthetic perspective, the design style Acunetix is more modern and minimalism, also it provided some instruction when first login, that makes it more new user friendly.

Acunetix Login

The OpenVAS is linux system only, while Acunetix is windows system only. But installment process is very easy. For OpenVAS, if you are use Debian Linux (include Kali, Ubuntu, etc), just use built-in APT package tool can complete the installment. For Acunetix, open the install EXE file downloaded from its official website and follow the instruction steps.

Overall, Acunetix has better organized interface elements and more easy to use compare to OpenVAS. However, OpenVAS provided CLI (Command-line Interface) that makes it more productive for power user.

Scanner Customizability

In the new scan interface, the OpenVAS is absolutely more customizable. It provided abundant of options to let you control your scan task. In most case, if you feel scan progress increase speed too slow, try to increase the maximum concurrently executed and maximum concurrently scanned value always helps.

OpenVAS Task Config

The Acunetix provided less options, only the Scan Type, Report Template, and schedule time. Although this is good for newbies who does not understand every options meaning, it makes us take little control of our scan tasks.

Acunetix New Task

From this aspect, OpenVAS has lots of options for every scan mission that makes it more professional and more customizable.

Task Report

After scan task done, the most thing we care about is the task report. OpenVAS displays very detailed report, include many parameters during the scan. We can know almost everything about a scan task. It is good for deep research, but it also like a double-edged sword, because full of screen information makes it hard to recognize the important part.

OpenVAS Report

The Acunetix follow its minimalism, reveal only a little information about a scan but crucial. It is easy to find the core info about a task, and know the vulnerable level straightforwardly.

However, Acunetix can let you export you report by HTML or PDF format. The PDF format report has relative professional details, you can directly use it for your customers and audiences.

Acunetix Report

Conclusion

In my opinion, OpenVAS is suitable for security industry experts, it provides powerful customize options and generate comprehensive report. Besides, it is open source and free!

The Acunetix is appropriate for amateurs. For example, web developer can utilize Acunetix to build robust and secure websites. But it is commercial software and has a relative expensive price. During its 14 days trial period, a lot of details in the report is unavailable.