Create actionable data from your vulnerability scans

VulnWhisperer is a vulnerability report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed. Requirements ------------- #### * ElasticStack * Python 2.7 * Vulnerability Scanner * Optional: Message broker such as Kafka or RabbitMQ Currently Supports ------------- #### * Elasticsearch 2.x * Python 2.7 * Nessus * . Qualys - Web Application Scanner Setup =============== ```python Install pip: sudo install python-pip sudo pip install --upgrade pip Manually install requirements: sudo pip install pytz sudo pip install pandas Using requirements file: sudo pip install -r /path/to/VulnWhisperer/requirements.txt cd /path/to/VulnWhisperer sudo python setup.py install ``` Configuration ----- There are a few configuration steps to setting up VulnWhisperer: * Configure Ini file * Setup Logstash File * Import ElasticSearch Templates * Import Kibana Dashboards Run ----- To run, fill out the configuration file with your vulnerability scanner settings. Then you can execute from the command line. ```python vuln_whisperer -c configs/example.ini -s nessus or vuln_whisperer -c configs/example.ini -s qualys ``` Next you'll need to import the visualizations into Kibana and setup your logstash config. A more thorough README is underway with setup instructions. _For windows, you may need to type the full path of the binary in vulnWhisperer located in the bin directory._ Credit ------ Big thank you to Justin Henderson for his contributions to vulnWhisperer! AS SEEN ON TV -------------