I've found out that back 2 years ago, there's a question
posted in this mailing list about "using nessus with mySQL via
command line". There are a few replies which i wish to get some
clarifications on.
On Aug 14, 2002 Nicolas A.S.-J. Mendoza replied with a perl
script and a sql script (which i presume is written by himself).
i don't really quite understand the part ..
[nessusrun.pl]
#!/usr/bin/perl
-w
use strict;
use DBI;
# Make sure to edit
these variables so that they suit your needs
my
$nessus_targetsfile = "~/securescan/targets"; # location of
targetsfile
my $nessus_resultsfile = "~/securescan/results";
# location of resultsfile
my $nessus_exec =
"/usr/local/bin/nessus"; # location of nessus
binary
What does the targetfile and resultfile refer to?
Then,on the same date also, Kristofer T. Karas replied
I used to have a huge shell script
written in /bin/bash that would grep
through a directory of
.NSR files and provide a nice searchable web
interface.
But handling multiple scans on different dates for the
same
host became too much of a bear. So I converted the
whole lot to MySQL and PHP under Apache. If I had the
cycles to spare to make the code a bit more public, I'd post it,
as you could use it out of the box; maybe later in the year if I
find those spare cycles...
I wonder if i can
have a look at the script.
Actually, i am trying
to do some sort of data correlation between snort and nessus.
However, i found out that output from both tools are different
types and i have no idea how to compare those outputs, as in
what type of information i should look for and
etc.
However, if nessus
output could be put into mysql, i guess that could help a lot.
I'm not sure if there's any other available methods, but if
anyone know, hope you can tell me. I've read about
Nessus_SQL but i don't think i want to use
that.
Thanx.