Can someone recommend some self-hosted or not, tool that I could schedule for periodical scans of all I host and is exposed to public internet?
I think I did all by the book now, including crowdsec and/or fail2ban, but recently for example I got an email from German CERT that my n8n is out of date and has some CVEs. All of them were not exploitable in my case but that got me thinking that if CERT can do it, maybe there are some services or tools that I could use and get alerts sooner if something is vulnerable in my infrastructure.
Any recommendations welcomed! Ideally self hosted and FOSS of course.
OpenVAS is a vulnerability scanner that appears to be open source.
Metasploit is another that I think is free and might be open source.
OpenVAS is a vulnerability scanner. Metasploit is a penetration testing framework.
First one does what OP wants. Second one less so, and is more hands on.
See dirbuster for automated dumb searching of web directories, gives you response codes to tell you if a page is accessible to the outside world. See nuclei which I haven’t used myself but seems to get good reviews for automated vuln scanning from the command line - has nice output and seems simple to use.
They’re both easy to use and install on something like Kali Linux.