Skip to content

Instantly share code, notes, and snippets.

@codementum

codementum/nv-v2.md

Created December 7, 2015 00:10
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save codementum/be8089c8e0d0a995d463 to your computer and use it in GitHub Desktop.
Save codementum/be8089c8e0d0a995d463 to your computer and use it in GitHub Desktop.
Download ZIP
Help extend the nv project
Raw
nv-v2.md

Project Extend NV: Nessus Vulnerability Visualization

Note: if you choose to do this for your 4241 final project, make sure you work on something that includes a server component.

Nv is an interactive data visualization for analyzing Nessus Vulnerability scans. Prioritizing and patching vulnerabilities is a critical task in security operations. But before nv there wasn't a way for security analysts to get an overview of the vulnerabilities on their network without hiding many important details.

Nv bridges addresses this problem by providing an overview of an entire vulnerability scan. Interactions and data-integrations allow analysts to view which vulnerabilities are most severe on their network.

Contributing

Originally developed in 2012, nv needs new parsers to be compatible with newer scan file formats.

The current parser works with the older Nessus NBE file format.

It returns an object for each entry in the scan:

return {"ip": (ip === undefined ? "" : ip),
    "vulnid": (isNaN(code) ? 0 : code),
    "vulntype":(holeNote === undefined ? "" : holeNote.indexOf('Note') !== -1 ? 'note' : 'hole'),
    "cvss": score,
    "value": 1,
    "port":port};

The primary need are the new Nessus formats. These include:

Important: To obtain a sample file, try one of the following: a) constructing one from the PDF above, b) downloading the "Home" version of Nessus and running on your own machines. (It might be a bad idea to run it on the University Network.)

It might also be helpful to make a simulator that can produce Nessus v2 files of arbitrary size / complexity.

  • Nessus v3 (lower priority)

Future Directions (compiled from various people)

These might be fun to work on. They're fairly ill-defined, but some early work in each direction can help us better identify requirements.

  • Monitor a folder, ability to pick a date range. And see how long a vulnerability has been open for. (High priority)
  • Start nv from the command line with a specified file.
  • Move from backbone to react/redux
  • Decoupling UI for parser and nessus visualization: make their UI modular so that we can hook in any rest service data-feeder to the visualization and not use their built in parser.
  • Maven-ize it, or at least make it compile into a war for deployment in to a web container
  • Make the tree-map groupings configurable: Right now the UI is coded explicitly to understand each layer in the zoomable tree – make those layers generic so it can be used for any data with minor modifications (ex: Instead of vulnerability, I may want to hook in data on network traffic and people by mission).

You might also come up with your own interesting directions.

Links

The ruby client has some examples: https://github.com/mephux/ruby-nessus/tree/master/examples

Oddly, it references a v3, which I didn't see on the Nessus site...

There is even a javascript node client, although no docs (https://github.com/AlexCline/nessus-api).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment