this post was submitted on 25 Jul 2024
7 points (100.0% liked)

homelab

6651 readers
68 users here now

founded 4 years ago
MODERATORS
7
submitted 4 months ago* (last edited 4 months ago) by MetaCubed to c/[email protected]
 

In the past, I've used nessus for vulnerability scanning my lab, but as my service count has grown, the 16 IP limit is becoming a little unwieldy.

Is anyone able to recommend an alternative that fits at least most of the requirements I have?

  • Free (preferably in both senses of the word)

  • Doesn't use Docker, even if containerized, I'd prefer to avoid having my scanner share a host with another service... and I'm not incredibly well versed with Docker

  • Scans multiple systems (I tried Trivy, but as far as I can tell it only scans the system you install it on)

  • Has a webui for management of scans

Alternatively, if anyone is willing to lend some advice for the configuration of Wazuh... I deployed the service months ago with the expectation that it could be used for vulnerability scanning (the Dev was in a few reddit threads suggesting that it had the capability), but i haven't been able to configure it properly.

I appreciate any advice people are willing to offer!

Edit: fixed formatting

you are viewing a single comment's thread
view the rest of the comments
[–] MetaCubed 1 points 4 months ago (1 children)

I originally crossed this one out because of the docker requirement, but because of your comment i looked again. It looks like it can be built from source instead! I'm deploying it after work tomorrow

[–] h0bbl3s 2 points 4 months ago* (last edited 4 months ago) (1 children)

Yes you can! I've attempted on debian before but it's something like 12 components you have to build and configure and I ran into some issues. It's been a while though and I don't remember exactly what gave me trouble. I know I had issues at one point due to the host not having enough ram. If you don't have at least 8 gigs it's not going to be happy. At least in my experience.

Let me know how it goes though and what distro you use.

They have pretty good documentation.

[–] MetaCubed 2 points 4 months ago (1 children)

Just about to get the web interface running!

The build from source is actually incredibly straightforward! There's a few noob issues if you don't fully read the command blocks included in the instructions (They have some links you need to navigate to to install dependencies) but beyond that, for how large everything is, I'm very surprised how easy they make it! If it was difficult last time you tried, I'd give it another shot!

[–] h0bbl3s 2 points 4 months ago* (last edited 4 months ago) (1 children)

I think my issue was I was building it on a debian 11 bullseye. I managed to get all the individual pieces built and running, there was just one piece missing and I can't remember which now. I'll certainly give it a go. Someone just sent me a kvm build of debian sid just for that reason in fact! I believe they are working on the gvm debian package.

[–] MetaCubed 2 points 4 months ago (1 children)

I did it with Debian 12 bookworm. I'm working on getting the web interface accessible externally, as it's bound to local host only by default.

Theres 2 steps where you need to watch for noob traps if you plan on using Debian, one in particular being where the link to Rustup is contained within the command block, you need to navigate there in your web browser to grab the rustup install script before you run the commands. If you hit a wall, feel free to message me and I may be able to help!

[–] h0bbl3s 1 points 4 months ago* (last edited 4 months ago)

I'm on bookworm now myself. Check this out https://forum.greenbone.net/t/external-access-to-gsa-web-interface-ip/1671/4 and thanks I'll let you know if I run into trouble!