Scaner-VS: Vulnerability Management solution for Russian Military

Scaner-VS is a Vulnerability Assessment system developed by Moscow-based NPO Echelon. It’s pretty popular in Russian government organizations, especially in Russian Army, because it comply all government requirements, has all necessary certificates and is relatively cheap.

Scaner-VS webgui

As for requirements and certificates, NPO Echelon itself is an important certification authority, so they know how to do the things right. It’s not a secret product or something. You can request trial version freely at But note, that it is only available in Russian. I am also sorry, but screenshots in this post will be also in Russian. I will try to do my best to describe them properly.

When you fill the form on Echelon website, you will soon get a link to 3.3 gb .iso file by email. Run it in VirtualBox virtual machine (choose Debian 64 or Debian 32).

Here is a boot menu. Choose first default option.

Scaner-VS boot

Some seconds later you will see Linux desktop environment with Scaner-VS web-GUI opened in Firefox.

Scaner-VS webgui

So, as you can see, Scaner-VS is a Linux distribution with preinstalled security audit tools and some web-gui or framework that combines them. Some of the tools are well-known open source projects, others were developed by Echelon. If you press on 0 at the upper left, you will open project window of the main Vulnerability Scanner. Icons in table-like menu at the rights launch different Echelon tools:

  • Astra Linux audit (Russian certified Debian-based distribution)
  • Windows security updates audit
  • Wireless nets audit
  • Local passwords audit
  • System audit
  • Network analyzer
  • Residual information search
  • Guaranteed information destruction
  • Checksum tool

Kali and OpenVAS

If you click on OS Start button, you will be probably note how the menu is similar to Kali Linux.

Scaner-VS Kali-like menu

Well, the distribution was completely rebranded, but it is obviously based on Kali Linux 2.0 Sana:

Scaner-VS version

You can also see a pretty old version of OpenVAS here:

Scaner-VS OpenVAS version

Including OpenVAS GUI – Greenbone Security Manager:

Scaner-VS OpenVAS6

It’s the components of OpenVAS 6, the current version OpenVAS is 9.

OpenVAS is under the hood of the main Vulnerability Scanner in Scaner-VS. It’s pretty obvious if you look on plugin group names in policy settings, like “Local Security Checks” and “IT-Grundschutz”, very typical for OpenVAS:

Scaner-VS policy settings

Scaner-VS Projects

Old versions of Scaner-VS used modified web-GUI by Greenbone. Now they have own GUI, that is actually pretty good.

The main idea of this Scaner-VS interface: users will work with the “Projects” – some spaces where you, you can make different kinds of scanning and and correlate the results. Very natural way to do Audits, by the way.

Let’s try to scan something, for example a CentOS host. I created a new project:

Scaner-VS new project

Dashboard of a new project:

Scaner-VS statistics

The elements of a dashboard:

  • Target searching
  • Vulnerability scanning
  • Vulnerability exploitation
  • Tasks
  • Report

I press green scan button in upper-right Vulnerability Scanning element.

This is this Scan Configuration interface looks like:

Scaner-VS new scan

Obviously inspired by Nessus 😉

New Nessus scan configuration

But, actually, I like it even more. For example, it doesn’t require you to fill the scan name if you don’t want to. It may generate the name from a target list and policy name. I chose Full Scan policy, set the IP in “Basic” tab, credentials in “Advanced” tab and launched the scan:

Scaner-VS credentials

Scan is processing:

Scaner-VS scan process

And  some minutes later the scan is finished and we can see the report:

Scaner-VS report

The report looks quite pretty. As you can see, there is no description for CESA vulnerabilities, cause it was probably too expensive to translate them all into Russian:

Scaner-VS CESA vulnerabilities

But more common plugins are translated in Russian completely:

Scaner-VS translated vulnerabilities

This is how the scan dashboard looks after the scan is finished:

Scaner-VS dashboards

Well, there are some small problems, first element – “Target searching” sees some host in assets, but doesn’t show it as CentOS Linux host. However the OS was obviously detected, if we have CESA vulnerability in “Vulnerability scanning” results. Probably, it’s because Scaner-VS takes data only from nmap-based scanning.

When I scanned with “Target searching”, I’ve got this:

Scaner-VS Linux detected

Linux. Not CentOS, but still better than nothing =)

In conclusion

I am very glad for Scaner-VS and Echelon. The progress is visible, the product is much better than it was several years ago. Some people criticize vendors, who earn money selling products based on open source. I was never agree with them. GPL does not forbid selling software. And the product is not the software itself, but also marketing, support, training, infrastructure, and, of course, certifications. For end-user from government organization that means that he will use familiar security tools from Kali absolutely legitimately. Isn’t it great?

I am not even telling about the fact that significant part of software for Scanner-VS was developed in Echelon. And this part looks pretty good. The fact that they use OpenVAS under the hood is also great. It is much easier to modify than some proprietary solutions, adding some own nasl plugins. I only hope that they will move to fresh version of OpenVAS and OPM (GMP) protocol for managing it.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.