Regular vulnerability scanning is a critical component of any security program. It identifies weaknesses in your infrastructure before attackers can exploit them. OpenVAS (Greenbone Vulnerability Management) and Nessus are the two leading vulnerability scanners, offering comprehensive detection of CVEs, misconfigurations, and compliance violations.
OpenVAS / Greenbone Setup
# Install on Ubuntu/Debian
sudo apt install gvm
sudo gvm-setup
# Check installation
sudo gvm-check-setup
# Start services
sudo systemctl start gsad gvmd ospd-openvas
# Access web interface
# https://localhost:9392
# Default credentials shown during setupCommand-Line Scanning with GMP
# Create a target
gvm-cli --gmp-username admin --gmp-password PASS tls \
--xml "Web Servers \
10.0.1.10,10.0.1.11 \
\
Weekly Web Scan \
\
\
"
# Get results
gvm-cli --gmp-username admin --gmp-password PASS tls \
--xml "6.0\"/>" Nessus Installation
# Download from tenable.com and install
sudo dpkg -i Nessus-10.x.x-debian10_amd64.deb
sudo systemctl start nessusd
sudo systemctl enable nessusd
# Access at https://localhost:8834
# Complete activation wizard
# Nessus CLI scanning
nessuscli scan --targets 10.0.1.0/24 --policy "Basic Network Scan"Scan Types and When to Use Them
| Scan Type | Purpose | Frequency |
|---|---|---|
| Discovery Scan | Find active hosts and services | Weekly |
| Full Vulnerability Scan | Complete CVE assessment | Monthly |
| Credentialed Scan | Deep OS-level checks | Monthly |
| Web Application Scan | OWASP Top 10 testing | After each deployment |
| Compliance Scan | CIS/DISA STIG benchmarks | Quarterly |
Automated Scanning Script
#!/bin/bash
# automated-vuln-scan.sh
# Run via cron: 0 2 * * 0 /opt/scripts/automated-vuln-scan.sh
TARGETS="10.0.1.0/24"
REPORT_DIR="/var/reports/vuln-scans"
DATE=$(date +%Y-%m-%d)
mkdir -p $REPORT_DIR
echo "Starting vulnerability scan: $DATE"
# Run OpenVAS scan via GMP
python3 << PYEOF
from gvm.connections import TLSConnection
from gvm.protocols.gmp import Gmp
from gvm.transforms import EtreeTransform
connection = TLSConnection(hostname="127.0.0.1")
transform = EtreeTransform()
with Gmp(connection, transform=transform) as gmp:
gmp.authenticate("admin", "password")
# Get existing target or create new one
targets = gmp.get_targets()
# Start scan with full and deep policy
task = gmp.create_task(
name=f"Automated Scan {DATE}",
config_id="daba56c8-73ec-11df-a475-002264764cea",
target_id="TARGET_ID",
scanner_id="08b69003-5fc2-4037-a479-93b440211c73"
)
gmp.start_task(task.get("id"))
print(f"Scan started: {task.get(\"id\")}")
PYEOF
echo "Scan initiated. Reports will be available in GVM dashboard."Remediation Workflow
# Priority-based remediation script
#!/bin/bash
# remediate-vulns.sh
# 1. Critical: Patch immediately
sudo apt update
sudo apt list --upgradable 2>/dev/null | grep -i "security"
sudo apt upgrade -y
# 2. High: Fix within 7 days
# Check for common misconfigurations
echo "Checking SSH configuration..."
grep -E "^PermitRootLogin|^PasswordAuthentication" /etc/ssh/sshd_config
echo "Checking for world-writable files..."
find /var/www -perm -o+w -type f 2>/dev/null
echo "Checking for open ports..."
ss -tuln | grep -v "127.0.0.1"
# 3. Generate remediation report
echo "=== REMEDIATION REPORT $(date) ===" > /var/reports/remediation-$DATE.txt
echo "Pending security updates:" >> /var/reports/remediation-$DATE.txt
apt list --upgradable 2>/dev/null >> /var/reports/remediation-$DATE.txtRecommended Reading
Expand your penetration testing skills:
Download our Vulnerability Scanning Cheat Sheet for a printable quick-reference guide.
