Where can i find the vulnerlability database of OpenVAS?

I know that OpenVAS is open source, but i cannot find where is the database of CVEs and their corresponding KB to fix them (obviously it will be different KBs based on windows version).

So where can i find this? I am mainly concerned with Windows vulnerlabilites that have CVE and a corresponding KB.

Tried looking at different repositories of greenbone, but couldn’t find it in any of them?

EDIT: I am trying to write a simple Windows vulerlability checker for windows for a university project.

Basically i just want to write an agent that gathers windows build and installed patches, and based on the CVE/KB dataset, i wiill report to user which CVEs that windows has, and i will also report the corresponding KB that user needs in order to fix it.

So for this problem, where should i start? I started at greenbone because it already has this functionality, but considering it contains many many huge repositories, i didn’t know which repositories/source-codes should i look at.

So i just want to understand how does greenbone does this task and which dataset it is using that gives the user the proper KB it needs based on the CVE? because it seems like a complex thing, considering that the KB number depends on the CVE? Does the database contain the proper KB for different windows builds?

Hi @henrik and welcome to the forum, :slight_smile:

If I understand it correctly, the CVEs themselves are stored as objects along with additional things and available at:

feed.community.greenbone.net

but you need an application as a front-end to be able to utilize it as the feed and data objects (edit) might not be directly searchable. But for something searchable for specific items take a look at https://www.cve.org/ and the older site at https://cve.mitre.org/

Hope that helps!

1 Like

But how does greenbone itself check this inside its source code? there is no documentation for this.

Meaning after it gathered the list of installed patches on a remote machine and the windows build, how does it check whether the system is vulnerable or not? Does this checking happens inside an agent on the remote machine, or in the server? I can’t find this in any of the repositories?

Hi guys,

I am trying to understand how greenbone works under the hood by reading its source code, but i cannot find which part of its source codes is responsible for checking which patches are installed on a remote machine, and whether or not the system is vulnerable or not based on the windows build number and the installed patches?

I moved the posts to the source edition (more people look here).

I don’t know how the patch detection works (I don’t work with the source code) but perhaps someone reading can point you in the right direction.

1 Like

I have some info (and think I misunderstood part of your question).

First you need to download the Greenbone Community Feed (containing the CVEs and VTs)

The CVE information is then available as XML files in /path/to/downloaded/feed/scap-data/

Now- to see what patches are installed- that is in the vulnerability tests (VTs).

The source code for these is also included in the downloaded feed at /path/to/downloaded/feed/plugins/ as NASL files.

And there is some starter documentation on NASL here: VT Development

Edit to add: quick question, what is your goal? It might be easier to point you in the right direction if we know what you are trying to accomplish. :slight_smile:

1 Like

quick question, what is your goal? It might be easier to point you in the right direction if we know what you are trying to accomplish

I am trying to write a simple Windows vulnerability checker for windows for a university project.

Basically i just want to write an agent that gathers windows build and installed patches, and based on the CVE/KB dataset, I wiill report to user which CVEs that windows has, and i will also report the corresponding KB that user needs in order to fix it.

So for this problem, where should i start? I started at greenbone because it already has this functionality, but considering it contains many many huge repositories, i didn’t know which repositories/source-codes should i look at.

I just want to understand how greenbone does this, and which dataset it is using that gives the user the proper KB it needs based on the CVE? because it seems like a complex thing, considering that the KB number depends on the CVE? Does the database contain the proper KB for different windows builds?

Thanks @henrik,

That sounds like a cool project!

With Greenbone, there are several moving parts in different modules, that also work with with software from other projects. So looking at the Greenbone source code only won’t show the entire picture (and using a few selected parts of it probably won’t help right now to get a working application, until you are more familiar with it).

The basics: (not only Greenbone, this is in general)

Getting the current vulnerability info.

Getting the information of the target system(s) including OS version and applications.

Comparing the two via testing and displaying a report.

There are different ways to get there. :slight_smile: To get familiar with the way Greenbone (specifically) is doing it:

Build it from source - this shows you what parts you need, as there are other software projects that Greenbone interfaces with and utilizes.

Source build guide: Greenbone Source Edition – Documentation — Greenbone Documentation documentation

Take a look at the architecture map to see how things work together here

and

https://greenbone.github.io/docs/background.html

And also look here on creating vulnerability tests:

Within the user documentation for GSM (Greenbone Security Manager) there are explanations on usage logic, which you’ll want to look over also. It’s geared towards the user side, but it’s something you’ll want for the development side. It’s linked from the documentation portal here:

and the portal also contains documentation on the API protocols and other useful things.

This is going to be a lot to look at, so what I would do is glance at the documentation, then build from source, use what you built and then re-read the documentation as you go along. But I think that should get you started.

1 Like

Hmm that will not work, i think you misunderstood what the KB is. The knowledge about vulnerabilities is within the feed (VTs) and not the knowledge base (KB), the KB just stores the information during the scan and across VTs temporarily . It is not that simple as you described it above.

You need to build a dependency tree about matching vulnerabilities (source might be NVD), and then scan across that tree for the vulnerable products and installed software if you plan to do this authorized. Scanner and Manager are just tool to execute the VTs and later the manager matches the found vulnerabilities with Meta-Data CVEs and so on …