vulnerability-scanning
1
总安装量
1
周安装量
#43652
全站排名
安装命令
npx skills add https://github.com/bagelhole/devops-security-agent-skills --skill vulnerability-scanning
Agent 安装分布
opencode
1
codex
1
claude-code
1
Skill 文档
Vulnerability Scanning
Identify and prioritize security vulnerabilities across infrastructure and applications.
When to Use This Skill
Use this skill when:
- Performing security assessments
- Implementing vulnerability management programs
- Meeting compliance requirements
- Triaging and prioritizing remediation
- Scanning infrastructure for known CVEs
Prerequisites
- Access to scanning tools
- Network access to targets
- Appropriate authorization
Vulnerability Scanning Tools
| Tool | Type | Best For |
|---|---|---|
| Nessus | Commercial | Enterprise scanning |
| OpenVAS | Open Source | Free alternative |
| Qualys | Cloud SaaS | Large scale |
| Nexpose/InsightVM | Commercial | Asset management |
| Nuclei | Open Source | Template-based |
OpenVAS Setup
Docker Deployment
# Run OpenVAS container
docker run -d --name openvas \
-p 443:443 \
-v openvas-data:/data \
greenbone/openvas-scanner
# Access web UI at https://localhost
# Default credentials: admin/admin
Scanning Commands
# Create target
omp -u admin -w admin --xml='<create_target>
<name>Web Servers</name>
<hosts>192.168.1.0/24</hosts>
</create_target>'
# Create task
omp -u admin -w admin --xml='<create_task>
<name>Weekly Scan</name>
<target id="target-uuid"/>
<config id="daba56c8-73ec-11df-a475-002264764cea"/>
</create_task>'
# Start task
omp -u admin -w admin --xml='<start_task task_id="task-uuid"/>'
# Get results
omp -u admin -w admin --xml='<get_results task_id="task-uuid"/>'
Nessus
API Usage
import requests
class NessusScanner:
def __init__(self, url, access_key, secret_key):
self.url = url
self.headers = {
'X-ApiKeys': f'accessKey={access_key}; secretKey={secret_key}',
'Content-Type': 'application/json'
}
def create_scan(self, name, targets, template='basic'):
"""Create a new scan."""
templates = self.get('/editor/scan/templates')
template_uuid = next(
t['uuid'] for t in templates['templates']
if t['name'] == template
)
payload = {
'uuid': template_uuid,
'settings': {
'name': name,
'text_targets': targets,
'enabled': True
}
}
return self.post('/scans', payload)
def launch_scan(self, scan_id):
"""Start a scan."""
return self.post(f'/scans/{scan_id}/launch')
def get_results(self, scan_id):
"""Get scan results."""
return self.get(f'/scans/{scan_id}')
def export_report(self, scan_id, format='pdf'):
"""Export scan report."""
payload = {'format': format}
response = self.post(f'/scans/{scan_id}/export', payload)
file_id = response['file']
# Wait for export
while True:
status = self.get(f'/scans/{scan_id}/export/{file_id}/status')
if status['status'] == 'ready':
break
time.sleep(5)
return self.get(f'/scans/{scan_id}/export/{file_id}/download')
def get(self, path):
response = requests.get(f'{self.url}{path}', headers=self.headers, verify=False)
return response.json()
def post(self, path, data=None):
response = requests.post(f'{self.url}{path}', json=data, headers=self.headers, verify=False)
return response.json()
# Usage
scanner = NessusScanner('https://nessus:8834', 'access-key', 'secret-key')
scan = scanner.create_scan('Weekly Infrastructure Scan', '10.0.0.0/24')
scanner.launch_scan(scan['scan']['id'])
Nuclei
Installation
# Install nuclei
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# Or download binary
wget https://github.com/projectdiscovery/nuclei/releases/latest/download/nuclei_linux_amd64.zip
unzip nuclei_linux_amd64.zip
Basic Scanning
# Update templates
nuclei -update-templates
# Scan single target
nuclei -u https://example.com
# Scan multiple targets
nuclei -l targets.txt
# Scan with specific templates
nuclei -u https://example.com -t cves/
nuclei -u https://example.com -t vulnerabilities/
# Scan with severity filter
nuclei -u https://example.com -s critical,high
# Output formats
nuclei -u https://example.com -o results.txt
nuclei -u https://example.com -json -o results.json
Custom Templates
# custom-check.yaml
id: custom-admin-panel
info:
name: Admin Panel Detection
author: security-team
severity: info
tags: recon,panel
requests:
- method: GET
path:
- "{{BaseURL}}/admin"
- "{{BaseURL}}/administrator"
- "{{BaseURL}}/wp-admin"
matchers-condition: or
matchers:
- type: word
words:
- "admin"
- "login"
condition: and
- type: status
status:
- 200
- 301
- 302
CVSS Scoring
Severity Levels
| Score | Rating | Response Time |
|---|---|---|
| 9.0-10.0 | Critical | 24 hours |
| 7.0-8.9 | High | 7 days |
| 4.0-6.9 | Medium | 30 days |
| 0.1-3.9 | Low | 90 days |
Prioritization Factors
prioritization_criteria:
critical_factors:
- Internet-facing systems
- Systems with sensitive data
- Active exploitation in the wild
- Authentication bypass
high_factors:
- Remote code execution
- Privilege escalation
- Data exfiltration risk
context_adjustments:
- Compensating controls in place (-1)
- No direct exposure (-1)
- Critical business system (+1)
- Compliance requirement (+1)
Vulnerability Management Process
Workflow
vulnerability_workflow:
discovery:
- Run scheduled scans
- Import third-party findings
- Correlate with asset inventory
analysis:
- Validate findings
- Remove false positives
- Assess business impact
- Prioritize by risk score
remediation:
- Assign to owners
- Track SLA compliance
- Verify fixes
- Document exceptions
reporting:
- Executive summaries
- Technical details
- Trend analysis
- Compliance metrics
Tracking Template
## Vulnerability Ticket
**ID:** VULN-2024-001
**CVE:** CVE-2024-12345
**CVSS:** 9.8 (Critical)
**Affected System:** web-server-01
### Description
Remote code execution vulnerability in Apache Struts.
### Impact
Attacker can execute arbitrary code on the server.
### Remediation
1. Update Apache Struts to version 2.5.33
2. Apply WAF rule as temporary mitigation
### Timeline
- Discovered: 2024-01-15
- SLA Due: 2024-01-16
- Remediated: 2024-01-15
### Evidence
- Scan report: [link]
- Screenshot: [link]
CI/CD Integration
GitHub Actions
name: Vulnerability Scan
on:
schedule:
- cron: '0 2 * * *'
push:
branches: [main]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run Nuclei
uses: projectdiscovery/nuclei-action@main
with:
target: https://example.com
templates: cves/
output: nuclei-results.txt
- name: Check for critical findings
run: |
if grep -q "critical" nuclei-results.txt; then
echo "Critical vulnerabilities found!"
exit 1
fi
- name: Upload results
uses: actions/upload-artifact@v4
with:
name: vulnerability-report
path: nuclei-results.txt
Compliance Scanning
CIS Benchmark Scan
# Using OpenSCAP
oscap xccdf eval \
--profile xccdf_org.ssgproject.content_profile_cis \
--results results.xml \
--report report.html \
/usr/share/xml/scap/ssg/content/ssg-ubuntu2204-ds.xml
PCI DSS Scanning
pci_scan_requirements:
quarterly:
- External vulnerability scan (ASV)
- Internal vulnerability scan
after_changes:
- Significant infrastructure changes
- New system deployments
passing_criteria:
- No vulnerabilities rated 4.0+ (CVSS)
- False positives documented
- Scan completed within 90 days
Common Issues
Issue: False Positives
Problem: Scanner reports non-existent vulnerabilities Solution: Validate manually, tune scanner, maintain exception list
Issue: Incomplete Coverage
Problem: Not all assets scanned Solution: Update asset inventory, verify credentials, check network access
Issue: Scan Impact
Problem: Scans affecting production systems Solution: Schedule during maintenance windows, use authenticated scans
Best Practices
- Maintain accurate asset inventory
- Schedule regular scan cadence
- Validate findings before remediation
- Track metrics (MTTR, aging)
- Integrate with ticketing systems
- Document exceptions properly
- Use risk-based prioritization
- Automate where possible
Related Skills
- sast-scanning – Code analysis
- container-scanning – Container security
- cis-benchmarks – Compliance benchmarks