Nov
22
2009
On a recent engagement, I noticed that people were wasting time scrolling through nessus reports to find vulnerabilities in which they either need to confirm, or dig into deeper. There were many findings that would automatically be written up because there is nothing to further exploit, and the supporting information in the output was good enough. And of course there is informational things in the report like traceroute output, ping times, mac address, operating system, etc. Good information to have, but not really needed while in vulnerability assessment / penetration testing mode.
I really needed something to just show me the interesting things to focus on. Since I had all the nessus data in a database already via nbe2sql, I quickly wrote some sql statements and parsers to solve my problem and make a pretty report.
The latest release of the nessus tools has two more html reports.
- One script is called report_auto which generates html that contain findings to simply write up. For each vulnerability type there is a table with IP and supporting information columns.
- The other script is called report_manual which generates html that contain findings or information to pursue.
Do note that only a handful of nessus pluginid’s are supported in the script. If you want other checks included please provide me with some sample data and I will get it included.
Code:
I do hope that others find these additions useful. I really hate it when testers have to spend time on low level findings. Yes they still need to be looked at and written up, but testers should be focusing on the interesting stuff.
Popularity: 1% [?]
Dec
30
2008
Like every year, I like to reflect on the various accomplishments from this year. 2008 was quite a good year, but I was also very busy as well. Here are some interesting metrics from this year:
- Attended 26 events – a combination of conferences, workshops, and training classes.
- Launched another startup.
- Built several applications that are in use by many today.
- Last year’s startup is gaining more traction.
- Traveled 12 times, being on the road for 46 days.
Hopefully next year will be just as productive, with less time on the road. Thanks to all that helped and supported me through all my various projects.
Popularity: 77% [?]
Oct
26
2008
I just got back from another business trip, and this time I was in New York. That makes it the tenth week out of the last twenty where I have been away on travel! So where else have I been to during all that time? I’ve been to Myrtle Beach, Kansas City, Washington DC, Las Vegas, Dallas, New York, and San Diego.
The rest of the year doesn’t seem that bad. I have one or two more business trips, and then some well needed vacation time. The hard question is if I want to do more traveling during my vacation time. I enjoy traveling and love to explore, but my body might be exhausted by then.
Popularity: 61% [?]
Aug
01
2008
I just got into Las Vegas for a 10 day business trip. I did a similar trip last year, and at day 8 I was ready to be home. Anyone want to take bets on when I will break this time?
I finally got a room with a decent view this time. Is this Encore hotel an extension to Wynn, or a separate thing? I’m starting to get confused on all these brand expansions. Venetian has the Palazo, and Mandalay Bay has THEhotel.
Popularity: 79% [?]
Jul
20
2008
I’m back home from my Washington DC business trip. Overall it was a decent trip, but the weather out there is not fun. I don’t know how people can stand hot and humid weather. This trip I flew out a day early, so I had a free day for once to explore the city. My original plan was to hit up one of the Smithsonian Museums, but I found a pickup kickball game in the park, and I had to join in. I’ve heard that kickball is gaining popularity with adults, and that there are even leagues. The last time I played kickball was in grade school, but because of all my years of kung fu, I could still kick the ball pretty well :) I wonder if there is a league back home.
Speaking of back home, my sister and her family visited me yesterday. I haven’t seen my nieces in a while and they are growing quickly. Here is a cute picture of Ashley.
Popularity: 82% [?]
Jul
08
2008
And tomorrow is supposed to be even hotter! Remember to drink lots of water and try to stay cool out there.
Popularity: 79% [?]