[Openvas-devel] Integrating OpenVAS extentions

Robert Künnemann robert.kuennemann at uni-saarland.de
Thu Sep 14 11:42:40 CEST 2017

Dear mailing list,

we are a small group of security researchers at CISPA/Saarland
University that is interested in using planning methods to aid
penetration testers.  In our efforts to provide a through enough report
of a network to simulate an attacker, we have extended OpenVAS with the
following features:

 - plugin-interface, which integrates the following features as plugins
 - network scanning: slaves try to reach each other on the network to
   devise the network topology
 - credential scanning: a flexible OVAL interface allows specifying
   known locations where credentials are places, in order to device
   which hosts have access to which services. E.g., if the firefox
   profile on host A indicates access to the admin interface of
   a router R, this relation between A and R can be security relevant.

We think these features could be useful outside our domain. Is there
interest in integrating these features upstream? How would one go about
integrating them.

With kind regards, Robert Künnemann
Robert Künnemann, Ph.D.
Information Security & Cryptography Group, Saarland University
E 9.1, Room 3.03, 66123 Saarbrücken 
Phone:  +49 681 302 70962 

More information about the Openvas-devel mailing list