Cyber security tools for scanning home lab environments

In todays day and age cyber security is an utmost critical process. No one is 100% safe from an attack.

But there are ways to limit your attack surface.

I have come across 2 open source tools that I use in my home lab.

Greenbone formerly OpenVAS. I specifically use a docker version maintained by immauss on github.
My start command is.

docker run --detach --publish 8090:9392 -e PASSWORD="temporary-password-here" --volume openvas:/data --name openvas immauss/openvas

This little tool will allow you to perform credentialed and uncredentialled scans of an unlimited amount of IP’s and was originally a fork of the now go to enterprise scanner known as Nessus.
As an initial look at your environment it is invaluable at showing what exists with known holes. It is an incredible tool but it is SLOW. Give it time run it on a schedule at least once a month at MINIMUM.
Do note that the above docker run sets an initial admin password. Be sure to change this within the tool as soon as it is available.

The second tool I utilize relies on an agent to be installed on each of your machines / VM’s.
Wazuh is more of an IDS than an all around scanner such as Greenbone. However it seems to grab CVE’s around installed programs and gives you a very quick scan of your current threats. I have only just setup Wazuh but have become quite impressed with it’s ability to rapidly show me at a glance what is impacting my home lab security across all of my VM’s while allowing me to drill down deep and get details on what I need to know. It can even run reports! Wazuh installs via a few commands on Ubuntu and has been incredibly stable. It uses Kibana / elasticsearch as the backend for searching so if you are familiar with Kibana you’ll be happy to know that the ability to drill down and dive deep into the data you are getting is available within an added tab to Kibana.