With a few dozen end points, VMs, containers, NAS, servers, various OSes etc... what is everyone using for Vuln Scanning or security tools for the home network? I mean I have OPNSense set to pretty restrictive and I block adds but is there something I can use to scan for known vulnerabilities? I would love to run Tenable or Qualys but I can't afford those licenses, is there an open source product that I can self host that is good enough?
Videos
Is there a good vulnerability scanner free for home use? Needs to check Mac, Windows, Windows Server, Proxmox, OpnSense, Linux, IOs, Andeoid and IpadOS for vulnerabilities and suggestions how to fix or make Firewall rules to secure. I have a M365 Fam account and Defender but i‘m not shure if this is possible like it is with Sentinel and Arc.
I run 14+ containers in my homelab and got tired of not knowing what CVEs were lurking in my images. Checking them one by one was never going to be sustainable, so I automated it.
Built a GitHub Actions workflow that runs every Sunday morning. It dynamically discovers all my container repos, pulls every image from docker-compose files, and scans them with Trivy. The scan results then get passed through Claude CLI with context about my environment -- which services are internet-facing, which are LAN-only, which are behind SSO -- so the output is prioritized by actual risk, not just severity scores.
The whole thing generates a GitHub Issue each week with findings bucketed into Needs Attention, Informational, and Clean. When I add a new container project, it gets picked up on the next scan automatically. No config changes needed.
I used Claude as a coding assistant to build it. Wrote up the full process here: https://spaceterran.com/posts/automated-vulnerability-scanning-homelab-containers-ai/
Repo: https://github.com/SpaceTerran/homelab-vulnerability-scanner
Curious how others are tracking vulnerabilities across their homelab containers.
So I am basically looking for a practical guide for a pentest/vulnerability assesment on house with 3rd party domotic systems (such as KNX), own self-hosted server & stuff (QNAP NAS, Plex), and own home automation server (HomeAssistant) with remote access.
At the end, I should be more aware of what the security holes are and what I should try and secure and how. With the results I'll be going to the 3rd party domotic system administrator and be adjusting my own systems as well. I.e., might result in using a VPN for remote access.
Basically, the security test should reveal what can be improved, how, and where it makes sense keeping user comfort (including non-tech users) and security both in mind.
Any practical guides on how to accomplish this?
(Forgot to flair previous)
What tools do you use to monitor vulnerabilities in your self-hosted services? I think it would be useful to receive a notification in a messaging app (like Telegram or WhatsApp) whenever a critical vulnerability, such as RCE or something similar is discovered in one of the services. I’ve tried a few tools for scanning containers, but none of them work the way I expect.
For example, there’s Trivy, but it’s a tool geared more toward Docker container developers, and it generates a lot of noise. A single container might show over 1,000 vulnerabilities, some of which are critical, but in reality, none of them can actually be exploited. For instance, I don’t need to know about a vulnerability in libssl, but I do need to know about an RCE in Umami or Jellyfin.
I also tested Grype; in addition to CVSS scores, it provides a risk assessment that’s supposed to help determine how likely it is that a vulnerability will be exploited. But it doesn’t detect the issue in Jellyfin because that vulnerability hasn’t been published yet.
hi,
what do you use for vulnerability scanning in your homelab?
i'm using nessus essentials because i work i know tenable.sc with nessus scanner but this essential/pro is not what i expect from the product ( the 16 host limit is ok for private use, the scan-results are ok but the whole management in the webapp is not good).
what are your free tools for vuln scanning and why you prefer them?
thank you for input!
What you guys use to scan your lab vulnerability? I know of openvas not sure if that still open-sourced. Diffrent alternatives.