I have been working on a set of reports recently though I am unsure whether I will be allowed to contribute the code back to the nessus community (it needs approval from my boss's boss's boss's boss etc.). I have perl post-processing scripts that load the 1.0.x nsr files into a MySQL database. >From the MySQL database I have php scripts that display the results, allowing you to select on IP ranges, Country (needs another table set up to define what ranges of IP addresses reside where), exploit, dates found, severity etc. I've also coded stuff that produces PDF reports containing management-type pretty graphs in pie and bar chart forms.
Personally I'd like to give this back so that we contribute to making nessus a better product. Whether my management see it like that will be a different matter ;-) It also needs work to convert it for 1.2.x format files I suspect but I haven't looked at that yet... too busy. -----Original Message----- From: Tor Houghton [mailto:[EMAIL PROTECTED]] Sent: 14 June 2002 15:46 To: Jared Breland Cc: [EMAIL PROTECTED] Subject: Re: Report generator? FWIW/IMHO/etc, I believe that the nessus team should concentrate on the nuts and bolts of the scanner. It is a free tool. Why spend time on providing a snazzy report generator so that a third party can make money on what their teams should be capable of doing themselves (manually or otherwise). Don't get me wrong; I'd love a nice report too, but I'd rather have a working tool than great graphics. More often than not you need to check the results of whatever nessus gives you anyway. What then, is the point of a nice looking report, when the information in it is untrue? Best regards, Tor Houghton TBS Security / Nextra UK Ltd
