[Openvas-devel] Integrating OpenVAS extentions

Robert Künnemann robert.kuennemann at cispa.saarland
Thu Sep 14 14:15:33 CEST 2017


Dear mailing list,

we are a small group of security researchers at CISPA/Saarland
University that is interested in using planning methods to aid
penetration testers.  In our efforts to provide a through enough report
of a network to simulate an attacker, we have extended OpenVAS with the
following features:

 - plugin-interface, which integrates the following features as plugins
 - network scanning: slaves try to reach each other on the network to
   devise the network topology
 - credential scanning: a flexible OVAL interface allows specifying
   known locations where credentials are places, in order to device
   which hosts have access to which services. E.g., if the firefox
   profile on host A indicates access to the admin interface of
   a router R, this relation between A and R can be security relevant.

We think these features could be useful outside our domain. Is there
interest in integrating these features upstream? How would one go about
integrating them.

With kind regards, Robert Künnemann
-- 
Robert Künnemann, Ph.D.
Information Security & Cryptography Group, Saarland University
E 9.1, Room 3.03, 66123 Saarbrücken 
Phone:  +49 681 302 70962 
_______________________________________________
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-devel



More information about the Openvas-devel mailing list