NessusDB is Nessus XMLv2 parser, which pushes reports into an ActiveRecord database, easing report generation. Requirements ruby (Tested with 1.8.7) rubygems (Install it from source!, it is included with ruby 1.9.1+) libxml choice rails yaml logger rmagick gruff prawn mysql.

 _ __   ___  ___ ___ _   _ ___  __| | |__
| '_ \ / _ \/ __/ __| | | / __|/ _` | '_ \
| | | |  __/\__ \__ \ |_| \__ \ (_| | |_) |
|_| |_|\___||___/___/\__,_|___/\__,_|_.__/

Several templates are included:

  1. graphs.rb – several graphs written to disk as png’s and as a complete pdf
  2. technical_findings.rb – a detailed pdf of the high and medium findings from the assessment
  3. finding_statistics.rb – this is a pdf summary of the assessment
  4. assets.rb – this is a summary of all the hosts found during the scan
  5. pci_compliance.rb – this generates of list of hosts that pass or failed pci/dss auditing
  6. exec_summary.rb – A sample executive summary report
  7. executive_summary.rb – A more detailed sample executive summary report
  8. findings_summary.rb – A summary of all the findings report
  9. ms_update_summary.rb – a summary of all the windows update enable hosts
  10. ms_patch_summary.rb – a summary of all the missing windows patches
  11. cover_sheet.rb – a example coversheet report

Changelog

  • Fixed small bug in Windows/Other OS graphs
  • Increased the verboseness of Error messages Ticket #29
  • Added named scopes off the Plugin class Ticket #34
  • Added new PCI related HostProperties Tocket #35
    • New HostProperties attribute: pci-dss-compliance:
    • New HostProperties attribute: pcidss:compliance:failed
    • New HostProperties attribute: pcidss:compliance:passed
    • New HostProperties attribute: pcidss:deprecated_ssl
    • New HostProperties attribute: pcidss:expired_ssl_certificate
    • New HostProperties attribute: pcidss:high_risk_flaw
    • New HostProperties attribute: pcidss:medium_risk_flaw
    • New HostProperties attribute: pcidss:reachable_db
    • New HostProperties attribute: pcidss:www:xss
  • Added more unit tests 91.7% code coverage for testing at the moment. Not including templates

Requirements

Ruby

NessusDB has been tested with ruby-1.8.7-p334, ruby-1.9.1-p431, ruby-1.9.2-p180. Please try to use one of these versions if possible. I recommend using RVM to setup your ruby environment you can get it here.

RubyGems

NessusDB relies heavily on RubyGems to install other dependencies I highly recommend using it. RubyGems is included by default in the Ruby 1.9 branches.

  • libxml
  • rails
  • yaml
  • logger
  • rmagick
  • gruff
  • prawn
  • mysql

Download

Download Post in PDF Save Post as PDF