Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Results display & mitigation marking tool?

from [Chuck] Network Security [Permanent Link]
Subject: Re: Results display & mitigation marking tool?
Date: Mon, 25 Apr 2005 10:24:21 -0400 
This may not be exactly what you are asking for, but it might be
helpful to you and I am interested to hear if this is a valid
methodology (and if better ones exist) from others on the list :-)  If
you follow this technique, the "first-not-second" file will end up
with issues that were found in the first scan, but not in the second
(i.e. have been remedied) and the "second-not-first" file will have
new issues that have appeared since the first scan.

NOTE: This is intended for use in scanning the same systems twice at
different times.  It should account for limited changes such as new
systems coming online.  It probably will not handle dynamically
assigned addressed (such as DHCP).  You may be able to use the Nessus
"report by MAC" option to account for that, but I haven't tried.  As
always, sanity check the results before relying on them.

To compare the results of two nessus scans:

1. Run two nessus scans, saving output to .nbe files (you can save
other formats as well, I recommend XML, but .nbe is required for this
process)

2. Sort both files with sort
sort file1.nbe > first.nbe
sort file2.nbe > second.nbe

3. Use diff to get list of items in the first not in the second file:
diff first.nbe second.nbe | grep '<' |cut -d' ' -f 2- > first-not-second.nbe

4. Use diff to get list of items in the second not in the first file:
diff first.nbe second.nbe | grep '>' |cut -d' ' -f 2- > second-not-first.nbe

5. Convert new nbe files to another format for reporting (xml or html) with:

nessus -i first-not-second.nbe -o first-not-second.xml

  or

nessus -i first-not-second.nbe -o first-not-second.html

On 4/24/05, Fender, Brian <Brian.Fender@il.proquest.com> wrote:

Do any tools exist to display nessus results from multiple scans, and mark 
results as why they're mitigated or not?

I have my nessus and nmap results being imported into a database.  I'm 
looking for something that will let me view and modify my data excel-style.  
It's easy to dump the data out in an html table, but gets harder when you 
want to select and modify cells.

-Brian
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Scan terminates after just one subnet (Nessus 2.2.4) BUG!, Mercer, Jeff
Next by Date:  RE: Results display & mitigation marking tool?, Jones, David H
Previous by Thread:  Re: Results display & mitigation marking tool?, Michel Arboi
Next by Thread:  RE: Results display & mitigation marking tool?, Fender, Brian
Indexes:  [Date] [Thread] [Top] [All Lists]