In the past, I’ve used nessus for vulnerability scanning my lab, but as my service count has grown, the 16 IP limit is becoming a little unwieldy.
Is anyone able to recommend an alternative that fits at least most of the requirements I have?
-
Free (preferably in both senses of the word)
-
Doesn’t use Docker, even if containerized, I’d prefer to avoid having my scanner share a host with another service… and I’m not incredibly well versed with Docker
-
Scans multiple systems (I tried Trivy, but as far as I can tell it only scans the system you install it on)
-
Has a webui for management of scans
Alternatively, if anyone is willing to lend some advice for the configuration of Wazuh… I deployed the service months ago with the expectation that it could be used for vulnerability scanning (the Dev was in a few reddit threads suggesting that it had the capability), but i haven’t been able to configure it properly.
I appreciate any advice people are willing to offer!
Edit: fixed formatting
I originally crossed this one out because of the docker requirement, but because of your comment i looked again. It looks like it can be built from source instead! I’m deploying it after work tomorrow
Yes you can! I’ve attempted on debian before but it’s something like 12 components you have to build and configure and I ran into some issues. It’s been a while though and I don’t remember exactly what gave me trouble. I know I had issues at one point due to the host not having enough ram. If you don’t have at least 8 gigs it’s not going to be happy. At least in my experience.
Let me know how it goes though and what distro you use.
They have pretty good documentation.
Just about to get the web interface running!
The build from source is actually incredibly straightforward! There’s a few noob issues if you don’t fully read the command blocks included in the instructions (They have some links you need to navigate to to install dependencies) but beyond that, for how large everything is, I’m very surprised how easy they make it! If it was difficult last time you tried, I’d give it another shot!
I think my issue was I was building it on a debian 11 bullseye. I managed to get all the individual pieces built and running, there was just one piece missing and I can’t remember which now. I’ll certainly give it a go. Someone just sent me a kvm build of debian sid just for that reason in fact! I believe they are working on the gvm debian package.
I did it with Debian 12 bookworm. I’m working on getting the web interface accessible externally, as it’s bound to local host only by default.
Theres 2 steps where you need to watch for noob traps if you plan on using Debian, one in particular being where the link to Rustup is contained within the command block, you need to navigate there in your web browser to grab the rustup install script before you run the commands. If you hit a wall, feel free to message me and I may be able to help!
I’m on bookworm now myself. Check this out https://forum.greenbone.net/t/external-access-to-gsa-web-interface-ip/1671/4 and thanks I’ll let you know if I run into trouble!