Penetration Testing mailing list archives
Re: Aggregating vulnerability report data?
From: Javier Fernández-Sanguino Peña <jfernandez () germinus com>
Date: Fri, 14 Mar 2003 18:27:48 +0100
Mensaje citado por ahecker () evilscientist com:
Folks, Been googling for an answer to this for a number of weeks now, but have had no success, so I figured I'd toss it out to the forum & see what y'all think.
The nessus (-devel) lists are searchable at http://marc.theaimsgroup.com/ (more specifically http://marc.theaimsgroup.com/?l=nessus-devel&r=1&w=2) you might find it useful to go through the database integration development that is being implemented for nessus (in the USE_SQL CVS branch). It currently is possible to take the nessus reports and dump them to a database. See more on this below.
I've been involved in doing vulnerability assessments (and penetration tests) for some time now; I use *both* nessus and ISS Internet Security Scanner, but have yet found a way to correlate and aggregate their information into one comprehemsive document. The only thing I've seen that even purports to do something like this is the HArris STATAnalyzer, but I can't get any real, solid info on *it*, either.
Since ISS's tool uses an SQL database (MSDE IIRC) to store the results you can dump the Nessus results into this same database (using the tools below) and work from there. Notice that since both Nessus and Internet Scanner do use a common vulnerability representation (i.e. CVE, cve.mitre.org) it is possible to generate reports with the information on vulnerabilities found by both scanners rather easily. You just need to understand both Nessus E/R schema (see below) and Internet Scanner's (read the documentation) to work useful SQL queries to correlate both information. Of course you can use third party products to correlate this information. But Nessus support might be lacking in those.
Anyone have any pointers for me? It'd be much appreciated.
On the Nessus side: - For the database information: http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-core/doc/database/?hideattic=0&only_with_tag=NESSUS_SQL#dirlist - For the tool to extract the information: http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-tools/nessus-extract/?hideattic=0&only_with_tag=NESSUS_SQL Oh! And if you manage to do something please contribute it to the list :-) Regards Javier Fernandez-Sanguino Security Division Germinus ---------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes now! Download a free 15-day trial of VAM: http://www2.stillsecure.com/download/sf_vuln_list.html
Current thread:
- Aggregating vulnerability report data? ahecker (Mar 14)
- Re: Aggregating vulnerability report data? Javier Fernández-Sanguino Peña (Mar 14)