Introducing openvasd and a Performance Enhanced Notus Engine

We’ve got some news about Greenbone Community Edition. Is it exciting news? Well, if you are interested in IT security and open-source cybersecurity tooling, you may be excited to hear that Greenbone has implemented one of the most significant changes to its distributed service architecture in a long time. Let’s dig into the details!

Introducing OpenVASD (openvasd)

Greenbone’s software engineering team is hard at work optimizing its distributed process architecture. Our goals in 2024 include both performance and feature enhancements. Without saying too much, there will be several announcements later in 2024! For now, let’s introduce the newest component in Greenbone Vulnerability Management Solution, openvasd! The benefits of openvasd include better coverage and improved usability when interacting directly with openvas-scanner for high-performance vulnerability scanning.

Openvasd removes the need for a message broker service to interact with the new Rust-based Notus Scanner, and eventually will replace the ospd-openvas API service and OSP (Open-Scanner Protocol) – the legacy XML based protocol with a new RESTful HTTP API.

Notus Wasn’t Rusty, But The New Notus Is!

The original Notus Scanner was implemented in Python, but a new Rust-based version is here! The Notus Scanner, first announced in late 2021, and initially released on July 18, 2022, was implemented to optimize scan performance for local security checks (LSC). Notus Scanner removes the need for multiple processes when assessing a target’s internal host attack surface. Instead of scanning for each potentially vulnerable software component individually, data is collected from the target host with a single remote command and the results are assessed offline, drastically reducing the time required to conduct authenticated scans and compliance assessments.

Instead of acting as a standalone component in Greenbone’s distributed service architecture, the new Rusty version of Notus Scanner is built into openvas-scanner.
Thus, Notus is no longer dependent on Mosquitto MQTT message broker to exchange and queue tasks.

Sunsetting The OSP API

The Open-Scanner Protocol (OSP) has been at the heart of the Greenbone distributed service architecture from the start. OSP is an XML-based API protocol that serves to bind the Greenbone Vulnerability Manager Daemon (gvmd) to the OpenVAS Scanner via the ospd-openvas service. As mentioned above, openvasd will eventually replace ospd-openvas, but that’s not the only change taking place. The XML-based OSP API will also be replaced with an HTTP RESTful API. The new HTTP API is documented online in an OpenAPI Specification (OAS) swagger. The hope is that the new HTTP RESTful API will be easier for users to use than the previous XML-based OSP protocol.

The plan is to integrate this scanner into Greenbone Community Edition first in order to get direct feedback from users in a timely manner. For Greenbone Enterprise Appliances the delivery is planned with the next major version.

Summary

Greenbone Community Edition has introduced significant upgrades with the launch of openvasd, a new multi-purposed core service for Greenbone Vulnerability Manager (GVM) that improves scan performance and usability. Openvasd integrates a new Rust-based Notus Scanner into openvas-scanner and will eventually replace the ospd-openvas API service, transitioning from an XML-based protocol to a RESTful HTTP API. The new HTTP API aims to be more user-friendly, with detailed documentation available via the industry standard API swagger. As these changes roll out, they will be tested in the Community Edition so please feel free to check out the source code, evaluate the performance, and join the conversation in the Greenbone community forum.