I would highly recommend NOT getting into the business of presenting scan output to your customers. You'll not have very satisfied customers, and you'll probably not get much repeat business. (just my opinion of course)
A pen test, vulnerability assessment, etc, is not running a scanner and printing off the results. It involves looking at a net with many tools, and using your gray matter and experience to interpret those results, verify those are valid or not. The report should be a human written analysis of what you found, what the network's strengths and weaknesses are, and what you recommend to remedy those. Included somewhere in that report should be a list of the specific vulnerabilities that you found and verified by hand. In short, if you've ever been given the results of a scanner as a report for an assessment, you've been robbed. :) If you're in the business of giving reports from scanners as vulnerability assessments, you'd better make sure you have very good E&O insurance. :) Cause it's going to come back to get you. I'll get off my soapbox. But to answer the original question: There don't exist a lot of tools to make scan results look pretty, because that's not what scan results are for. Scan results are for the security professional to read and interpret, the charts and graphs should be generated by the security professional in your favorite spreadsheet program, based on your interpreted data. Matt On Fri, 2005-11-18 at 15:34 +0100, Patrick Derwael wrote: > Gentlemen, > > I have been comparing a few scanners, and I must say that I find that > Nessus is of high technical quality, but the reporting part is rather > poor. > > I cannot use the standard Nessus 'report' to present the scan results > to my customers. > Would womeone know of any reporting tool that could be used to format > and print the data generated by Nessus ? > > Thank you > > ______________________________________________________________________ > Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! > Messenger > Téléchargez le ici ! > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus -- -------------------------------------------- Matthew Jonkman, CISSP Senior Security Engineer Infotex 765-429-0398 Direct Anytime 765-448-6847 Office 866-679-5177 24x7 NOC www.infotex.com my.infotex.com www.bleedingsnort.com -------------------------------------------- NOTICE: The information contained in this email is confidential and intended solely for the intended recipient. Any use, distribution, transmittal or retransmittal of information contained in this email by persons who are not intended recipients may be a violation of law and is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
