Can OnenVAS scan within docker overlay host files?

jmyajumu · May 13, 2022, 2:00pm

When Nessus scans a host using credentials it has the ability to search through all files on the host and search within some files. Of interest is how it can scan within Docker overlay files. E.g. the files like:

/var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/merged
/var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/merged
/var/lib/docker/overlay2/4de822975f5d5440a4f3df2f32a4c7b78f3b3e0fa41415e91f11400c5195f6a3/work

And when Nessus finds and scans those files it’s able to identify the components within the associated docker images. I scanned a host that had running images with OpenVAS and it had root credentials, but sadly it seemed openVAS was not able to do this.

Greenbone Security Assistant: Version 21.4.3

cfi · May 18, 2022, 2:46pm

There is currently no functionality / support included in GVM to scan docker images / overlays.

jmyajumu · May 25, 2022, 8:38am

To be specific, it’s not an actual feature for Docker itself, rather that Nessus simply scans any archive files on a target host and scans within them. The Docker overlay files are just archive files as well. Can GVM scan within archive files on a target when it has working credentials?

cfi · June 21, 2022, 10:03am

No, there is currently no support to scan archive files during authenticated scans.