I had to face a challenge today of comparing 2 nessus reports and identifying the progress made towards fixing the vulnerabilities.
First, I used nessus to export each report respectively to a csv file.
Second, I removed the first line of the csv file.
Third, I built 2 tables to accept the input with the following sql respectively:
create table nessusScan1(pluginID INT, CVE VARCHAR(40), CVSS VARCHAR(40), risk VARCHAR(40), ip VARCHAR(40), protocol VARCHAR(40), port INT, name mediumblob, synopsis mediumblob, description mediumblob, solution mediumblob, pluginoutput mediumblob);
create table nessusScan2(pluginID
INT, CVE VARCHAR(40), CVSS VARCHAR(40), risk VARCHAR(40), ip
VARCHAR(40), protocol VARCHAR(40), port INT, name mediumblob, synopsis
mediumblob, description mediumblob, solution mediumblob, pluginoutput
mediumblob);
Forth, I inserted the data from the csv file into the respective table:
load data local infile 'Nessus1.csv' into table nessusScan1 fields terminated by ',' enclosed by '"' lines terminated by '\n';
load data local infile 'Nessus2.csv' into table nessusScan2 fields terminated by ',' enclosed by '"' lines terminated by '\n';
Fifth, I built 2 tables to collect the results of a query due to not wanting to wait for a join:
create table Totals1 (name mediumblob, risk VARCHAR(20), totals INT);
create table Totals2 (name mediumblob, risk VARCHAR(20), totals INT);
Sixth, I populated the table I created with the results of critical and high risk items:
INSERT INTO Totals1 (name, risk, totals) select name, risk, count(DISTINCT ip) AS total FROM nessusScan1 WHERE (risk='Critical' OR risk='High') GROUP BY name ORDER BY risk,total DESC;
INSERT INTO Totals2 (name, risk, totals) select name, risk,
count(DISTINCT ip) AS total FROM nessusScan2 WHERE (risk='Critical' OR
risk='High') GROUP BY name ORDER BY risk,total DESC;
Seventh, then I was able to do a join on the totals table to see the progress that had been made between the scans (This does not show the new vulnerabilities that were identified in the more recent scan):
SELECT a.name, a.risk, a.totals AS "Totals1", b.totals AS "Totals2" FROM Totals1 a, Totals2 b WHERE a.name=b.name;
There probably is an easier way to accomplish this, however I wanted to document this so I can use it in the future also.
Enjoy...
Subscribe to:
Post Comments (Atom)
-
Here is a quick walk through of GetBoo. The first item that I found was you can harvest the usernames of the existing users that are regist... -
As I was glancing through the logs of my honeypots I spent some time to look at the following logs. In the past I have just overlooked them... -
I thought I would work through a few of these web applications provided by OWASP on their broken web applications VM. The first one I th... -
Today looking at the logs of the honeypots, I became curious based on the whois of the IP Addresses attempting to login to SSH which country...
-
Recently I was doing some scanning with a tool that is available on github called masscan. The tool allows you to configure a configuration...
No comments:
Post a Comment