Scanning
Hawkra supports multiple scanning methods to discover assets and vulnerabilities across your networks. Scanners are configured in the Admin Dashboard under the Scanning section.
WingSpan Agent
WingSpan is Hawkra's deployable scanning agent. It can be installed on remote endpoints to scan networks from different vantage points, with results automatically fed back into Hawkra. WingSpan agents are managed from the Scans tab within each workspace. See the WingSpan documentation for deployment and usage details.
Nmap
Nmap is a network port scanner and service detection tool. Due to the Nmap Public Source License (NPSL), Nmap must be explicitly opted into by an administrator via the Scanning section on the Admin Dashboard.
Click Install Nmap and accept the license agreement to enable it. Nmap is installed at the container level and must be re-installed after each container restart.
Once enabled, users can run Nmap scans from the Scans > Third Party Scanners tab in any workspace.
OpenVAS
OpenVAS (Open Vulnerability Assessment Scanner) is a full-featured vulnerability scanner. Hawkra can connect to a remote OpenVAS server over SSH to run scans and automatically import results.
Prerequisites
The OpenVAS server must have gvm-tools installed. This is the command-line interface Hawkra uses to communicate with the GVM daemon over SSH.
Install gvm-tools on the OpenVAS server:
apt-get install python3-pip
pip3 install --user gvm-tools
Or alternatively:
python3 -m pip install gvm-tools
Verify the installation:
gvm-cli --version
Configuration
In the Admin Dashboard under Scanning, configure the following OpenVAS settings:
| Setting | Key | Type | Encrypted | Description |
|---|---|---|---|---|
| OpenVAS Server IP | openvas_server_ip | String | No | IP address or hostname of the OpenVAS server. |
| SSH Username | openvas_ssh_username | String | No | SSH username for connecting to the OpenVAS server. |
| SSH Password | openvas_ssh_password | String | Yes | SSH password for connecting to the OpenVAS server. |
| GVM Username | openvas_web_username | String | No | GVM/gvm-cli username for authenticating with the OpenVAS daemon. |
| GVM Password | openvas_web_password | String | Yes | GVM/gvm-cli password for authenticating with the OpenVAS daemon. |
After filling in all five fields, click Test OpenVAS Connection to verify that Hawkra can reach the OpenVAS server and authenticate successfully.
The SSH user must be able to run gvm-cli on the OpenVAS server. The GVM user/password is the credential used to authenticate with the GVM daemon itself (the same credentials you would use in the Greenbone web interface).
How It Works
Once configured, Hawkra automatically syncs available scan configurations, scanners, and port lists from the OpenVAS server. Users can then run OpenVAS scans from the Scans > Third Party Scanners tab by selecting OpenVAS as the scanner type.
When a scan is started, Hawkra:
- Creates a target and task on the OpenVAS server via SSH
- Starts the scan and monitors progress every 3 minutes
- When the scan completes, retrieves the report and imports results (assets, ports, vulnerabilities) into the selected network
Scan progress and results are visible in real time from the Third Party Scanners tab.