OVALdi - an open-source local vulnerability assessment scanner

OVALdi, also named the OVAL Interpreter, is an open-source tool developed by MITRE to demonstrate how the OVAL language may be used to scan a computer for vulnerabilities. This article provides a few hints about how to use this tool.

For now OVALdi is only a command-line tool with very limited documentation.

Download and install

  • Download the ovaldi package or installer from: http://sourceforge.net/projects/ovaldi/
  • On Windows, the installer is a simple auto-unzipper: Just click "unzip" and files should be copied in a folder such as "c:\Program Files\OVAL\ovaldi-5.x.x\".

Update vulnerability definitions

It is recommended to update the XML file containing vulnerability check definitions every time you run the tool:

Scan

Open a shell or CMD window, go to the ovaldi folder, then run the following command (using the XML file name you have just downloaded):

ovaldi.exe -m -o windows.xml

The scanner will first validate the XML data according to the OVAL language schema, this can take a long time so be patient. At this stage, it may stop with an error message. This is usually due to a new version of the OVAL language which is not supported by the installed ovaldi version. In this case, just download a new ovaldi version to upgrade it.

At the end of the scanning process (which may take 5-10 minutes), several result files will be produced. Open the file results.html to look at results.

Known limitations

OVALdi is open-source and still under heavy development, so the results may not always be accurate:

  • The repository of OVAL definitions is not complete yet: Not all vulnerabilities will be detected.
  • Non-English versions of Windows do not seem to be supported as well as English versions: In practice you may encounter more false positives (reported vulnerabilities even when the patch is already installed).
  • Potential bugs.

Additional resources