There are quite a few tools available to utilize Nessus. There are always questions on the mailing lists for tools to frontend Nessus or report on Nessus findings or how to get data into and out of MySQL, etc, etc, etc.
I started off in the direction most people are pointed, to use Inprotect (http://www.inprotect.org/). Inprotect is a great place to start and probably fits most peoples needs. However, there were many things that I wanted to do that it couldn't do, plus there where a lot more complexities that I just didn't need. A key feature I was looking for that did not exist (at least at the beginning of 2005) was the ability to set up scans that were defined by hostname instead of IP address (or if it did work, I could never get it to do so). I also wanted the ability to only allow certain people to run scans and/or change report information, but allow a much larger audience the ability to view the report information.
I basically created a couple PHP pages that could read Nessus data from a MySQL database. To get the data into the database, I started off by using nessQuick. Which at the time (late 2004) was very outdated, but as of writing this, I find that it was updated on June 8, 2005. The script was great for taking a basic Nessus NBE file and importing it directly into MySQL. I pretty much ended up re-writing the whole thing, but kept the functions for importing the necessary data.
I am still in the process of finalizing everything and hope to be
done sometime in October 2005. Other priorities have come up and
monopolized my time. But because there are always questions on the
mailing lists, I thought I'd throw this up to see what kind of interest
there was.
http://tech.stlsawall.com/docs/nessus/nessus.html
Chris
Does not seem having HOWTO docs (at least I did not find them) explaining what is done, how it works, and how to install.
After looking at this stuff I've developed DB application/reporting myself. At least I have docs and continuously improving the application. Works fine for me.
Mikhail Utin
AIS Security
[EMAIL PROTECTED]
401-832-6584
-----Original Message-----
From: Paul Melson [mailto: [EMAIL PROTECTED]]
Sent: Tuesday, September 06, 2005 4:03 PM
To: 'John Madden'; [email protected]
Subject: RE: Database and reports
Looked at Inprotect? ( http://www.inprotect.com/)
PaulM
-----Original Message-----
Subject: Database and reports
Hi,
I've been looking into a few utilities to Nessus for storing the results and
querying the database afterwards. Ex: All machines that are vulnerable to X
or all open TCP Port 22 etc...
The best i've found so far is:
http://enterprise.bidmc.harvard.edu/pub/nessus-php/
The problem is that it does not seem to be updated anymore.
I would like to know what are Nessus administrators using to manage all the
scans ?
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
