[papower]

Are you in a position to share that session online or perhaps a blog post on your experience and approach ?

I've looked at it (openvas), got something working, but was never happy with it and ended up returning to a simpler/proven nmap base that I could manage better and add complexity if/when needed.

[bostik]

I was planning to do a blog post in about a month's time. The DC4420 meetings and/or talks are not recorded (luckily!), but I intend to polish the talk up for a future re-run.

On the other hand.. I do have something that might be enough to get you going. The setup we built is open: https://github.com/smarkets/vuln-scanner - go have a look.

The glue code has comments on some of the stranger bugs I had to work around. So does the readme. If something isn't clear, feel free to ask.

[papower]

Thanks, looks promising.

One of my challanges was understanding the the zoo of tests OpenVAS would run and trying to reliably select which ones to apply. Did you, or anyone here, ever spot a way of outputting all the tests (nmap scripts etc.) that a particular run would trigger (but without actually running them)

[bostik]

Sadly no. We tried to figure out a way to reliably and permanently disable a whole suit of test scripts, but that got surprisingly fiddly.

I think there might be a way to choose categories to include/exclude but haven't had the time to actually investigate.