I am working on some pentest-related networking tools which usually sit in between the scanner and the targets. I am thinking about making a testbed, consisting of 3 containers rapid7/metasploit-vulnerability-emulator (target), greenbone/openvas-scanner (scanner), and greenbone/ospd-openvas (controller). Plus some scripts to initiate the scans and compare the results with some baseline. Next step would be to put my tools in between targets and the scanner and make sure the scanner continues to work properly.
I wonder if such a testbed already exists? If not, would you find it useful and consider to merge into your project? In the latter - in what form?
especially the scanner-lab is in an very early state and the expected results are not defined yet as our initial goal was to have a test basis up and running which a relatively small set of results.
The test binary is also heavily specialized for policy based testing (currently only Discovery and Full and fast); any kind of contribution is very welcomed as this is a new endeavor for me as well.
I added the currently found test_ids. I hope this helps. test_ids (8.0 KB)
@abb
This could probably be done too with gvm-cli. I know there are some folks that have created automated scans using it, and I’ve had it on my “To Do” list to create some as tests to follow a build, but time is has been enemy lately . . . . .
Do you plan to make your project public ? I’d be very interested in your results and happy to contribute if I could as well.