Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: Aggregating vulnerability report data?
From: Javier Fernández-Sanguino Peña <jfernandez () germinus com>
Date: Fri, 14 Mar 2003 18:27:48 +0100

Mensaje citado por ahecker () evilscientist com:

Folks,

Been googling for an answer to this for a number of weeks now, but have had
no success, so I figured I'd toss it out to the forum & see what y'all
think.

The nessus (-devel) lists are searchable at http://marc.theaimsgroup.com/
(more specifically http://marc.theaimsgroup.com/?l=nessus-devel&r=1&w=2) you
might find it useful to go through the database integration development that is
being implemented for nessus (in the USE_SQL CVS branch).

It currently is possible to take the nessus reports and dump them to a database.
See more on this below.


I've been involved in doing vulnerability assessments (and penetration tests)
for some time now; I use *both* nessus and ISS Internet Security Scanner, but
have yet found a way to correlate and aggregate their information into one
comprehemsive document. The only thing I've seen that even purports to do
something like this is the HArris STATAnalyzer, but I can't get any real,
solid info on *it*, either.

Since ISS's tool uses an SQL database (MSDE IIRC) to store the results you can
dump the Nessus results into this same database (using the tools below) and work
from there. Notice that since both Nessus and Internet Scanner do use a common
vulnerability representation (i.e. CVE, cve.mitre.org) it is possible to
generate reports with the information on vulnerabilities found by both scanners
rather easily.

You just need to understand both Nessus E/R schema (see below) and Internet
Scanner's (read the documentation) to work useful SQL queries to correlate both
information.

Of course you can use third party products to correlate this information. But
Nessus support might be lacking in those. 


Anyone have any pointers for me? It'd be much appreciated.


On the Nessus side:
- For the database information:
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-core/doc/database/?hideattic=0&only_with_tag=NESSUS_SQL#dirlist
- For the tool to extract the information:
http://cvs.nessus.org/cgi-bin/cvsweb.cgi/nessus-tools/nessus-extract/?hideattic=0&only_with_tag=NESSUS_SQL



Oh! And if you manage to do something please contribute it to the list :-)

Regards

Javier Fernandez-Sanguino
Security Division
Germinus
 

----------------------------------------------------------------------------
Did you know that you have VNC running on your network? 
Your hacker does. Plug your security holes now! 
Download a free 15-day trial of VAM:
http://www2.stillsecure.com/download/sf_vuln_list.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]