OpenVAS is the most advanced open source vulnerability scanner and is the base for many Vulnerability Management products.
Key vendors that produce OpenVAS-based products are Greenbone and Acunetix. There are some local vendors, such as Scaner VS by Russian company NPO Echelon.
“Vanilla” OpenVAS is also widely used when there is no budget for a commercial solution or it’s necessary to solve some specific problems, including developing own plugins for vulnerability detection. OpenVAS is integrated with wide range of information security systems, for example it is a default VM solution for AlienVault SIEM.
OpenVAS is well suited for education purposes as it is well documented and uses only open source code. For OpenVAS it’s always clear how the it works.
When I wrote about vulnerability scanning in Nessus, I described there in detail how Nessus scan profile looks like. And when I wrote about VM scanning in Qualys, I did not mentioned scan profiles at all. But it’s also an interesting topic. In Qualys scan profile you can’t specify which vulnerability check will run during the scan, as in Nessus (Upd. Actually yes you can, but in some different manner; I added how to do it in “Scan” section). However, you can also see some options that can affect the way you do the vulnerability scanning with Qualys.
The main option for me – the lists of scanning ports. By default Qualys does not check all the ports and that could negatively affect host detection during unauthenticated scanning.
Creating new scan profile: Vulnerability Management -> Option Profiles -> New
Setting title and owner of the profile. We can use this profile as a default for launching maps and scans or share it with other Qualys users in our organization ( “Make this a globally available option profile”).
Today I would like to write about Qualys agent-based VM scanning. Agent-based scanning is a relatively new trend among VM vendors. At the beginning of Vulnerability Assessment, there was a prevailing view that the agentless scanning is more convenient for the users: you do not need to install anything on the host, just get credentials and you are ready to scan.
However, time passed and it now appears that installing agents on all hosts, where it is technically possible, may be easier, than managing credentials for authenticated scanning. Don’t forget the fact that almost all agentless scanning solutions require scanning account with root/admin privileges, and it’s not an easy task to minimize permissions of this accounts while keeping all functional capabilities of the scanner.
In recent years almost all major VM vendors who previously were promoting agentless scanning have also proposed agent-based solutions.
The main purposes of these solutions are:
scan devices that periodically connect to the enterprise network and it’s hard to catch them with traditional active scan (for example, laptop);
scan business critical hosts for which it is impossible to get scanning credentials.
VM vendors have taken different approaches for agent-based scanning. For example, Tenable agents are technically very similar to Nessus installations without web interface (read more at “Nessus Manager and Agents“), limited to can scan only the localhost. This seems reasonable, because historically Nessus scanner is available for many platforms, including Windows, Linux, MacOS. Qualys chose other way. They made minimalistic agents for data gathering, processing it on the remote servers. This is also fits well in Qualys cloud concept.
As I wrote earlier in “Qualys Vulnerability Management GUI and API“, Qualys working hard to make their web interface easier for beginners. When you go to CA (Cloud Agents) tab, the first thing you see is a user-friendly interface for quick start.
In a previous post about Qualys VM I mentioned Qualys Scanner Appliances, which you can use to scan hosts inside your network. Let’s see how to configure and use them.
To add new Appliance go to https://qualysguard.qualys.eu/fo/tools/scannerAppliances.php and press “New”. You can choose a Scanner Appliance (Hardware) or Virtual Scanner Appliance. For testing I would like to have an appliance in form of VirtualBox virtual machine, so I choose “Virtual Scanner Appliance”.
Setup wizard appeared:
I clicked on Download Image Only.
Qualys Virtual Scanner Appliance supports variety of virtualization platforms:
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at email@example.com or contact me any other way.