Vulnerability assessments?

[thefunkygibbon]

Has any thought been put into adding some kind of integration with a vulnerability scanner such as Greenbone Security Assistant or OpenVAS.

A great use-case would be upon a new device being detected, much like having nmap check for its open ports, it could be sent a request to GSA/OpenVAS to run a quick non authenticated scan of the device to make sure it isn't introducing risk to your network with vulnerable services etc . (as well as instructing it to run a full scan every day/week or whatnot)

thoughts?

[jokob-sk]

Hey, great idea, can you help me implement it (NMAP is already available to scan for open ports)? I regrettably don't have the bandwidth in the next few months probably. You can check the plugins development guide and video guide to get you started:

https://github.com/jokob-sk/NetAlertX/blob/main/docs/DEV_ENV_SETUP.md
https://github.com/jokob-sk/NetAlertX/blob/main/docs/PLUGINS_DEV.md

Wec ould start to have a scheduled scan as MVP and then look at expanding the use cases.

[thefunkygibbon]

i'll take a look at it, but i'll be honest, its a bit all out of my comfort zone. i'm a security engineer by trade, networking etc too but i've done very little dev work.

Can i maybe see if i can reverse engineer the nmap plugin and change the stuff in there for whatever the vuln scanner uses and the api calls it needs? or is that more work than starting fresh?

[jokob-sk]

I'd keep the two plugins separate, so people can opt in the scans separately and configure the frequency according to their needs. I'm happy to help getting you started. Not sure if you watched the video, but starting out from the boilerplate is pretty straightforward, I think. You can of course copy over the code from an existing plugin and adjust the code - that's pretty much what I do half of the time. Have a look and I'm happy to help :)

[FlyingToto]

If I may suggest: you might want to add a warning on the plugins instructions config page that it you start to portscan you might need to whitelist your netalertx device with your firewall/antivirus software or you might lose connection... For instance, bitdefender will block all traffic from an IP running a portscan like nmap. (can be super annoying when you firewall is the one doing the scan as you get kicked out from the internet and can't even google what's happening from any of your PC! )

[thefunkygibbon]

Sure if i get around to doing this (i don't have much time on my hands atm) i can do that, but i would hazard a guess that people who are running a vuln scanner on their own network will probably understand how intrusive they can sometimes be.