immauss
commented
1 week ago Yes.
It does work.
That's results from my testing environment. It runs against various containers running different linux distros.
I'll try to do a little more testing over the next few days (I'm currently on vacation), but as far as I know, everything works fine.
There are quite a few people, including myself, using it in production environments.
Tips:
- You will get best results when you have an authenticated scan.
- Try to ssh from inside the container to the target host and verify the credentials
I'll let you know if I find any problems.
-Scott
I used latest version to deploy that docker on a local machine. I also use default docker configuration and doesn't change anything except set admin password. Then I setup a task of port 22 and target to my EC2 instance which has critical openssh CVEs. But after scanned, OpenVas reported zero results of CVEs. The EC2 port 22 is open to all IPs and IPv6. Can I count on immauss/openvas?