VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed.

Requirements

ElasticStack 5.x
Python 2.7
Vulnerability Scanner
Optional: Message broker such as Kafka or RabbitMQ

Currently Supports

Vulnerability Frameworks

Nessus V6
Qualys Web Applications
Qualys Vulnerability Management (in progress)
OpenVAS
Nexpose
Insight VM
NMAP
More to come

Setup

Install pip:
sudo <pkg-manager> install python-pip
sudo pip install --upgrade pip

Manually install requirements:
sudo pip install pytz
sudo pip install pandas

Using requirements file:
sudo pip install -r /path/to/VulnWhisperer/requirements.txt

cd /path/to/VulnWhisperer
sudo python setup.py install

Configuration

There are a few configuration steps to setting up VulnWhisperer:

Configure Ini file
Setup Logstash File
Import ElasticSearch Templates
Import Kibana Dashboards

example.ini file

Run

To run, fill out the configuration file with your vulnerability scanner settings. Then you can execute from the command line.


vuln_whisperer -c configs/example.ini -s nessus
or
vuln_whisperer -c configs/example.ini -s qualys

Next you'll need to import the visualizations into Kibana and setup your logstash config. A more thorough README is underway with setup instructions.

For windows, you may need to type the full path of the binary in vulnWhisperer located in the bin directory.

Credit

Big thank you to Justin Henderson for his contributions to vulnWhisperer!

README.md