Sunday, July 11, 2010

Automating openVAS 3

There are many reasons a systems admin would want to automate vulnerability scanning, but I won't go into them here. This is just how I have found it easiest. Use nmap to get all the ips on our network like so:

nmap -sP | grep ^Host | sed 's/Host //g' | cut -d " " -f1 > ips

Then, you can use your openvas server in batch mode

openvas-client -q 9390 user pass ips "report-`date`.html" -T html

viola, set a cron job and you are good to go. Maybe you would then cat the report through sendmail to yourself or move it to another server.