I wanted to do a quick scan of a system before I signed a security assessment consent form, so I wanted a free vulnerability scanner I could use. I couldn’t find a truly free online scanner that I could “just use”, so I set up OpenVAS on an amazon instance. It works well. I chose OpenVAS because is the leading free open source scanner out there.
I spun up a t2.micro at amazon to host it. It choked. I upgraded to a t2.large, which worked much better. OpenVAS uses a lot of resources, so go with a large. You can always shut down the scanner when you are not using it. Even the t2.large just about used up all its CPU credit balance after just 3 scans.
A quick setup guide is hosted here: https://launchpad.net/~mrazavi/+archive/ubuntu/openvas
But first, do:
sudo apt-get install texlive-latex-extra build-essential
After installation and configuration, reconnect to your amazon instance like this:
ssh [email protected] -L 8000:127.0.0.1:443 -i ec2-keypair.pem
Then point your browser at https://localhost:8000
login with user admin, password admin.
UPDATE: 8/24/2015
Amazon does not like you running openVAS on their network. They threatened to shut down my account. So, if you are wanting to run openVAS, I recommend running it on Digital Ocean.
Here is a howto they put together for you.
https://www.digitalocean.com/community/tutorials/how-to-use-openvas-to-audit-the-security-of-remote-systems-on-ubuntu-12-04