From ff50354bf98d84681b8b551ff236326589c2a92b Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Tue, 2 Jan 2018 07:10:57 -0500 Subject: [PATCH 1/7] Getting started steps --- README.md | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index dc315c9..9be4082 100644 --- a/README.md +++ b/README.md @@ -34,18 +34,20 @@ Currently Supports - [ ] NMAP - [ ] More to come - -Setup +Getting Started =============== -```python -Install pip: -sudo install python-pip -sudo pip install --upgrade pip +1) Follow the [install requirements](#installreq) +2) Fill out the section you want to process in example.ini file +3) Modify the IP settings in the logstash files to accomodate your environment and import them to your logstash conf directory (default is /etc/logstash/conf.d/) +4) Import the kibana visualizations +5) [Run Vulnwhisperer](#run) -Manually install requirements: -sudo pip install pytz -sudo pip install pandas +Install Requirements +-------------------- + + +```python Using requirements file: sudo pip install -r /path/to/VulnWhisperer/requirements.txt @@ -68,7 +70,7 @@ There are a few configuration steps to setting up VulnWhisperer:

-Run +Run ----- To run, fill out the configuration file with your vulnerability scanner settings. Then you can execute from the command line. ```python From 4359478e3d048033a68f63a4e70de7b9c5ad0a04 Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Tue, 2 Jan 2018 07:53:33 -0500 Subject: [PATCH 2/7] Getting started steps --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 9be4082..c1b41bc 100644 --- a/README.md +++ b/README.md @@ -12,14 +12,6 @@ VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will [![MIT License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat)](http://choosealicense.com/licenses/mit/) -Requirements -------------- -#### -* ElasticStack 5.x -* Python 2.7 -* Vulnerability Scanner -* Optional: Message broker such as Kafka or RabbitMQ - Currently Supports ----------------- @@ -43,6 +35,14 @@ Getting Started 4) Import the kibana visualizations 5) [Run Vulnwhisperer](#run) +Requirements +------------- +#### +* ElasticStack 5.x +* Python 2.7 +* Vulnerability Scanner +* Optional: Message broker such as Kafka or RabbitMQ + Install Requirements -------------------- From 2b057f290b52353fa187b6cee708962502b4017e Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Wed, 3 Jan 2018 18:33:14 -0500 Subject: [PATCH 3/7] Remind user to select section if using a config --- bin/vuln_whisperer | 31 ++++++++++++++----------------- 1 file changed, 14 insertions(+), 17 deletions(-) diff --git a/bin/vuln_whisperer b/bin/vuln_whisperer index c131769..5c4645e 100644 --- a/bin/vuln_whisperer +++ b/bin/vuln_whisperer @@ -29,30 +29,27 @@ def main(): parser.add_argument('-p', '--password', dest='password', required=False, default=None, type=lambda x: x.strip(), help='The NESSUS password') args = parser.parse_args() - vw = vulnWhisperer(config=args.config, - profile=args.section, - verbose=args.verbose, - username=args.username, - password=args.password) - - vw.whisper_vulnerabilities() - ''' try: + if args.config and not args.section: + print('{red} ERROR: {error}{endc}'.format(red=bcolors.FAIL, + error='Please specify a section using -s. \ + \nExample vuln_whisperer -c config.ini -s nessus', + endc=bcolors.ENDC)) + else: + vw = vulnWhisperer(config=args.config, + profile=args.section, + verbose=args.verbose, + username=args.username, + password=args.password) - vw = vulnWhisperer(config=args.config, - profile=args.section, - verbose=args.verbose, - username=args.username, - password=args.password) - - vw.whisper_vulnerabilities() - sys.exit(1) + vw.whisper_vulnerabilities() + sys.exit(1) except Exception as e: if args.verbose: print('{red} ERROR: {error}{endc}'.format(red=bcolors.FAIL, error=e, endc=bcolors.ENDC)) sys.exit(2) - ''' + if __name__ == '__main__': main() \ No newline at end of file From 2bf8c2be8b7f881e83285e74134861cd03eb4b66 Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Thu, 4 Jan 2018 13:36:19 -0500 Subject: [PATCH 4/7] Update to readme --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index c1b41bc..c21c0df 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,10 @@ Requirements ```python +Install dependant modules +cd deps/qualysapi +python setup.py install + Using requirements file: sudo pip install -r /path/to/VulnWhisperer/requirements.txt From 882a4be27508fe75452036f5fcf05fe09e3eca5c Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Thu, 4 Jan 2018 13:49:08 -0500 Subject: [PATCH 5/7] Update to readme --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index c21c0df..3752c54 100644 --- a/README.md +++ b/README.md @@ -87,6 +87,17 @@ vuln_whisperer -c configs/example.ini -s qualys

Next you'll need to import the visualizations into Kibana and setup your logstash config. A more thorough README is underway with setup instructions. +Running Nightly +--------------- +If you're running linux, be sure to setup a cronjob to remove old files that get stored in the database. Be sure to change .csv if you're using json. + +Setup crontab -e with the following config (modify to your environment) - this will run vulnwhisperer each night at 0130: + +`00 1 * * * /usr/bin/find /opt/vulnwhisp/ -type f -name '*.csv' -ctime +3 -exec rm {} \;` + +`30 1 * * * /usr/local/bin/vuln_whisperer -c /opt/vulnwhisp/configs/example.ini` + + _For windows, you may need to type the full path of the binary in vulnWhisperer located in the bin directory._ Credit From bbad599a73c82ececb756b8990776116d3c41db9 Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Thu, 4 Jan 2018 13:49:45 -0500 Subject: [PATCH 6/7] Update to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 3752c54..937ae72 100644 --- a/README.md +++ b/README.md @@ -18,6 +18,7 @@ Currently Supports ### Vulnerability Frameworks - [X] Nessus V6 +- [X] Nessus V7 - [X] Qualys Web Applications - [ ] Qualys Vulnerability Management (_in progress_) - [ ] OpenVAS From a1b9ff6273b94ebaf5a34c05b3aad34a9a5ca280 Mon Sep 17 00:00:00 2001 From: Austin Taylor Date: Thu, 4 Jan 2018 13:53:38 -0500 Subject: [PATCH 7/7] Update to readme --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 937ae72..288781f 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,7 @@ Currently Supports ### Vulnerability Frameworks -- [X] Nessus V6 -- [X] Nessus V7 +- [X] Nessus (v6 & **v7**) - [X] Qualys Web Applications - [ ] Qualys Vulnerability Management (_in progress_) - [ ] OpenVAS