Hey guys. I have a few selfhosted systems that are available to the public. Its getting difficult to notice if any wrong port is still open or some web server is out of date. I am looking for a (foss) tool that can reguarly monitor my systems (via their public ip/domain) and notify me if any port that I not specifically allowed (in a config) is open. Additionally it would be cool if it checked all open ports if they provide out of date software (like webservers) or known security issues.
I found nikto, but it feels like its doing only half of what I want. greenbone feels way to bloated for my use case.
Do you know any kind of software that would do something like that?
Would shodan work for at least some of what you’re looking for?
Yes, but it’s not foss.
I used Nessus for a while and I heard that OpenVAS could be a good FOSS alternative to it.
+1 for Nessus - pretty comprehensive scans
Greenbone is the foss equivalent to nessus, and it does what you are looking for.
if you have anything publicly exposed and you’re not using a siem solution you’re gonna have a bad time.
Its getting difficult to notice if any wrong port is still open or some web server is out of date
This isn’t generally done with security scanners unless you’re running hundreds of nodes. Use iptables rules with inclusive rules only to block ports. Keep your software inventoried for the rest, or some sort of basic configuration management.
If you don’t have these basics, what good is a scanner going to do for you?
E: Re-reading this, I didn’t mean for it to sound snide. Genuinely wanting to help … OpenVAS is probably what you’re after.
Yeah, I agree. Not knowing what ports might be open on a single egress shouldn’t happen.