With a few dozen end points, VMs, containers, NAS, servers, various OSes etc... what is everyone using for Vuln Scanning or security tools for the home network? I mean I have OPNSense set to pretty restrictive and I block adds but is there something I can use to scan for known vulnerabilities? I would love to run Tenable or Qualys but I can't afford those licenses, is there an open source product that I can self host that is good enough?

Is there a good vulnerability scanner free for home use? Needs to check Mac, Windows, Windows Server, Proxmox, OpnSense, Linux, IOs, Andeoid and IpadOS for vulnerabilities and suggestions how to fix or make Firewall rules to secure. I have a M365 Fam account and Defender but i‘m not shure if this is possible like it is with Sentinel and Arc.

What tools do you use to monitor vulnerabilities in your self-hosted services? I think it would be useful to receive a notification in a messaging app (like Telegram or WhatsApp) whenever a critical vulnerability, such as RCE or something similar is discovered in one of the services. I’ve tried a few tools for scanning containers, but none of them work the way I expect.

For example, there’s Trivy, but it’s a tool geared more toward Docker container developers, and it generates a lot of noise. A single container might show over 1,000 vulnerabilities, some of which are critical, but in reality, none of them can actually be exploited. For instance, I don’t need to know about a vulnerability in libssl, but I do need to know about an RCE in Umami or Jellyfin.

I also tested Grype; in addition to CVSS scores, it provides a risk assessment that’s supposed to help determine how likely it is that a vulnerability will be exploited. But it doesn’t detect the issue in Jellyfin because that vulnerability hasn’t been published yet.

What you guys use to scan your lab vulnerability? I know of openvas not sure if that still open-sourced. Diffrent alternatives.

So I am basically looking for a practical guide for a pentest/vulnerability assesment on house with 3rd party domotic systems (such as KNX), own self-hosted server & stuff (QNAP NAS, Plex), and own home automation server (HomeAssistant) with remote access.

At the end, I should be more aware of what the security holes are and what I should try and secure and how. With the results I'll be going to the 3rd party domotic system administrator and be adjusting my own systems as well. I.e., might result in using a VPN for remote access.

Basically, the security test should reveal what can be improved, how, and where it makes sense keeping user comfort (including non-tech users) and security both in mind.

Any practical guides on how to accomplish this?

(Forgot to flair previous)

hi,

what do you use for vulnerability scanning in your homelab?

i'm using nessus essentials because i work i know tenable.sc with nessus scanner but this essential/pro is not what i expect from the product ( the 16 host limit is ok for private use, the scan-results are ok but the whole management in the webapp is not good).

what are your free tools for vuln scanning and why you prefer them?

thank you for input!

I run 14+ containers in my homelab and got tired of not knowing what CVEs were lurking in my images. Checking them one by one was never going to be sustainable, so I automated it.

Built a GitHub Actions workflow that runs every Sunday morning. It dynamically discovers all my container repos, pulls every image from docker-compose files, and scans them with Trivy. The scan results then get passed through Claude CLI with context about my environment -- which services are internet-facing, which are LAN-only, which are behind SSO -- so the output is prioritized by actual risk, not just severity scores.

The whole thing generates a GitHub Issue each week with findings bucketed into Needs Attention, Informational, and Clean. When I add a new container project, it gets picked up on the next scan automatically. No config changes needed.

I used Claude as a coding assistant to build it. Wrote up the full process here: https://spaceterran.com/posts/automated-vulnerability-scanning-homelab-containers-ai/

Repo: https://github.com/SpaceTerran/homelab-vulnerability-scanner

Curious how others are tracking vulnerabilities across their homelab containers.

so, I'm looking to get some insight into my network, and network device security issues, not looking to try and learn pen-testing, not yet, but I'm curious what free security and vulnerability testing software you guys run in your labs, I'm looking to find possible security problems with my network and network devices, anything from issues with my pfsense firewall, to problems on my windows clients on my lan, and anything in between, debian/*nix or otherwise, and figured I'd ask for suggestions.

I need these tools to be free, because I am currently unemployed during these times, I am not against compiling software suites if I can find guides on how to compile them, and I do currently have my esxi server running as well, so I'm more than able to spin up containers or virtual machines as needed for these as well.

heck, if anyone could even suggest some good reads for someone with 0 skills in this who is just trying to look into this and learn from boredom during this pandemic, that's fine with me as well.

it does not nessesarily need to be security testing specific either, I'd be more than happy to read up on ways to boost my internet privacy with pfsense, squid, pfblockerng, and anything else that would be a useful addition or alteration to configs, I'm just going insane from boredom because everything else I'd usually do to satisfy my boredom has been done to death over the time in isolation here at home.

I was wondering what kind of software people here use to see weakpoints in there homelab network.

I am trying to create a Vulnerability Management Practice Lab with WMware Fusion, Windows 10 virtual machine, and Nessus.

I was wondering if anyone could recommend any old software I could install that could appear as a critical vulnerability in a potential Nessus scan. I've tried installing an old version of firefox/internet explorer and did a basic credentialed scan but nothing related appeared in the vulnerability scan.

I'm looking for a an open source security scanner. I'm somewhat familiar with OpenVAS. When I was using it about 4 years ago, it seemed a bit dated. Has there been any major updates to OpenVAS? Are they any better choices for security scanners now?

As the title says im looking for inspiration to check up on the security of my Exposed Websites

i've tried:

• web-check.xyz

• Mozilla Observatory

• immuniweb.com

As the Danger on the Internet is infinite i think i should try out a plethora of Vulnerability Scanners to kind of stay on top of things.

Any feedback and criticism is greatly appreciated

and yes, i know that exposing them to the wider internet is not the safest option, however i don't always have the option of a VPN and exposing them has come in handy plenty of times.

I want to do a few scans of my network to see if there's any security concerns that I am unaware of. I do close ports that aren't in use, I enforce geo blocking, I have a reverse proxy which follows conditional domain / FQDN access, I changed some ports to non common ports for those protocols, I enforce source IP address lists, etc

But I have quite a few web servers and I want to see if there's any blaringly obvious problems. Any software solutions to test for vulnerabilities?

Is there a service, hopefully free, that will try to break into your home network from the Internet? At least detect open ports, for example.

I imagine one way is to get a free account on AWS try to hack your network but that's work I 'd like to avoid

YouTube recently fed me a tech video that was clearly a paid advertisement for Wazuh, but the tech guy had a valid point....I should probably have a tool like work has to check for the obvious vuls and make sure I've got them closed.

Work uses an expensive paid product I'm too cheap for and Wazuh's sales pitch seemed likeable, but I am curious if the hivemind has any other opensource projects I should consider?

Hi All. We are small - about 80 nodes. I need a good vulnerability scanner that won't break the bank. Preferably w/patch management module, but also not necessary. I was on GFI LanGuard crap. Moved recently to PDQ Detect which has proise, but right now is so unreliable with false positives, and false negatives, that I am running a lot of manual scans to compensate. I do not have a big budget obviously. Any suggestions? Thanks

I run my own HomeLab and am looking for a vulnerability scanning tool like nessus or openvas. Aim is obviously for it to be open source and free but main gain is to also have the ability for enterprise detections. Openvas for example has a community feed and an enterprise feed and the community edition doesn't not have certain products that are considered enterprise in their scans. I really do not wanna have to pay for a scanner. Anything out there I could put together or a solution I could build to facilitate this task?

Looking for recommendations, either free or cheap to do an external scan for vulnerabilities. Can't seem to find anything that does much more than a basic port scan.