Mailing List Archive

Send your DB schema and sample sql statements.

I'll write a xsl file to transform the xml output to sql statements
(... depends on my free time)

Submit your modified nbe_output.c too

> -----Original Message-----
> From: Joe Francis [mailto:jfrancis@kcp.com]
> Sent: Friday, October 11, 2002 3:40 AM
> To: nessus-devel@list.nessus.org
> Subject: SQL Output Plugin
>
>
> Hi guys,
> Are there any plans for some sort of SQL output for the mainstream
> nessus client? Currently we're using a modified nbe-output.c
> to export
> directly to mysql, but this is not ideal because in order to update
> nessus I have to rehack that nbe-output file as well as some of the
> make/configuration files. It would also be nice to have a
> way to change
> my database password without having to recompile nessus.
>
> I'm not sure whether I'd want it to actually do SQL direct to a
> database, or if I'd want to make it just export a file with SQL
> statements in it. Having a file of generic SQL that fit a predefined
> schema would allow more flexibility in what database servers you used,
> because rather than linking against a specific database you just get a
> file to slurp in to the database when you are done. This step would
> easily be handled by the shell script I'm using to call
> nessus from the
> command line anyway.
>
> Is there a plan for such a feature in the future? If there isn't, why
> not? If I wrote the necessary code to handle the output,
> Renaud, would
> there be any hope of getting it put in the main nessus distribution?
>
> Thanks for the advice,
>
> Joe
>
>
>
>
> --
> Joe Francis
> Honeywell - Cyber Security
> 816-997-5872
>

I'd be interested in seeing you schema as well, could you post it to the
list or somewhere public?

On Fri, 2002-10-11 at 03:56, Nennker, Axel wrote:
> Send your DB schema and sample sql statements.
>
> I'll write a xsl file to transform the xml output to sql statements
> (... depends on my free time)
>
> Submit your modified nbe_output.c too
>
> > -----Original Message-----
> > From: Joe Francis [mailto:jfrancis@kcp.com]
> > Sent: Friday, October 11, 2002 3:40 AM
> > To: nessus-devel@list.nessus.org
> > Subject: SQL Output Plugin
> >
> >
> > Hi guys,
> > Are there any plans for some sort of SQL output for the mainstream
> > nessus client? Currently we're using a modified nbe-output.c
> > to export
> > directly to mysql, but this is not ideal because in order to update
> > nessus I have to rehack that nbe-output file as well as some of the
> > make/configuration files. It would also be nice to have a
> > way to change
> > my database password without having to recompile nessus.
> >
> > I'm not sure whether I'd want it to actually do SQL direct to a
> > database, or if I'd want to make it just export a file with SQL
> > statements in it. Having a file of generic SQL that fit a predefined
> > schema would allow more flexibility in what database servers you used,
> > because rather than linking against a specific database you just get a
> > file to slurp in to the database when you are done. This step would
> > easily be handled by the shell script I'm using to call
> > nessus from the
> > command line anyway.
> >
> > Is there a plan for such a feature in the future? If there isn't, why
> > not? If I wrote the necessary code to handle the output,
> > Renaud, would
> > there be any hope of getting it put in the main nessus distribution?
> >
> > Thanks for the advice,
> >
> > Joe
> >
> >
> >
> >
> > --
> > Joe Francis
> > Honeywell - Cyber Security
> > 816-997-5872
> >
>
--
Matt Woodyard (0x8659BAA7)
CISSP
SDG - Security Analyst
My other computer is in Russia.
8592637344x133

On Fri, Oct 11, 2002 at 10:13:19AM -0400, Matt Woodyard wrote:
> I'd be interested in seeing you schema as well, could you post it to the
> list or somewhere public?

As another reference, below is a simple MySQL schema that I have
been using for holding Nessus output. I have written a PHP script
that reads in the Nessus XML output and inserts it into the db. The
script currently only supports version 1.3 of the XML output (in
Nessus 1.26 I believe).

I have been working on a frontend to the db that will allow for viewing,
searching, merging, etc, etc of the Nessus reports. I can make this
available (when I am finished) if it is of interest.

Regards,

Rohan

========

nessus_plugins is populated by the nessus client.

#
# Table structure for table nessus_plugins

CREATE TABLE nessus_plugins (
id int(11) NOT NULL default '0',
name varchar(255) default NULL,
family varchar(255) default NULL,
category varchar(255) default NULL,
copyright varchar(255) default NULL,
summary varchar(255) default NULL,
description blob,
version varchar(255) default NULL,
cve_id varchar(255) default NULL,
PRIMARY KEY (id)
) TYPE=MyISAM;
# --------------------------------------------------------

#
# Table structure for table nessus_results

CREATE TABLE nessus_results (
id int(10) unsigned NOT NULL auto_increment,
sessions_id int(10) unsigned NOT NULL default '0',
sessions_hosts_id int(10) unsigned NOT NULL default '0',
protocol varchar(5) NOT NULL default '',
port int(5) unsigned NOT NULL default '0',
service varchar(20) NOT NULL default '',
severity varchar(30) NOT NULL default '',
nessus_plugins_id int(10) unsigned NOT NULL default '0',
risk_factor enum('low','medium','high','unknown') NOT NULL default
'unknown',
cve_id varchar(15) NOT NULL default '',
output text NOT NULL,
is_false_positive tinyint(1) NOT NULL default '0',
PRIMARY KEY (id)
) TYPE=MyISAM;
# --------------------------------------------------------

#
# Table structure for table sessions

CREATE TABLE sessions (
id int(10) unsigned NOT NULL auto_increment,
name varchar(80) NOT NULL default '',
users_id int(10) unsigned NOT NULL default '0',
start_time int(10) unsigned NOT NULL default '0',
end_time int(10) unsigned NOT NULL default '0',
tools_id int(10) unsigned NOT NULL default '0',
data_complete tinyint(1) NOT NULL default '0',
PRIMARY KEY (id)
) TYPE=MyISAM;
# --------------------------------------------------------

#
# Table structure for table sessions_hosts

CREATE TABLE sessions_hosts (
id int(10) unsigned NOT NULL auto_increment,
session_id int(10) unsigned NOT NULL default '0',
hostname varchar(30) NOT NULL default '',
ip varchar(15) NOT NULL default '',
start_time int(10) unsigned NOT NULL default '0',
end_time int(10) unsigned NOT NULL default '0',
PRIMARY KEY (id)
) TYPE=MyISAM;

Do you care to share your PHP? Your structure for holding the messages
would seem to do better than mine as far as getting things into the right
field. Quite honestly, what I have so far leaves a lot to be desired.

On Mon, 14 Oct 2002, Rohan Amin wrote:

> On Fri, Oct 11, 2002 at 10:13:19AM -0400, Matt Woodyard wrote:
> > I'd be interested in seeing you schema as well, could you post it to the
> > list or somewhere public?
>
> As another reference, below is a simple MySQL schema that I have
> been using for holding Nessus output. I have written a PHP script
> that reads in the Nessus XML output and inserts it into the db. The
> script currently only supports version 1.3 of the XML output (in
> Nessus 1.26 I believe).
>
> I have been working on a frontend to the db that will allow for viewing,
> searching, merging, etc, etc of the Nessus reports. I can make this
> available (when I am finished) if it is of interest.
>
> Regards,
>
> Rohan
>
> ========
>
> nessus_plugins is populated by the nessus client.
>
> #
> # Table structure for table nessus_plugins
>
> CREATE TABLE nessus_plugins (
> id int(11) NOT NULL default '0',
> name varchar(255) default NULL,
> family varchar(255) default NULL,
> category varchar(255) default NULL,
> copyright varchar(255) default NULL,
> summary varchar(255) default NULL,
> description blob,
> version varchar(255) default NULL,
> cve_id varchar(255) default NULL,
> PRIMARY KEY (id)
> ) TYPE=MyISAM;
> # --------------------------------------------------------
>
> #
> # Table structure for table nessus_results
>
> CREATE TABLE nessus_results (
> id int(10) unsigned NOT NULL auto_increment,
> sessions_id int(10) unsigned NOT NULL default '0',
> sessions_hosts_id int(10) unsigned NOT NULL default '0',
> protocol varchar(5) NOT NULL default '',
> port int(5) unsigned NOT NULL default '0',
> service varchar(20) NOT NULL default '',
> severity varchar(30) NOT NULL default '',
> nessus_plugins_id int(10) unsigned NOT NULL default '0',
> risk_factor enum('low','medium','high','unknown') NOT NULL default
> 'unknown',
> cve_id varchar(15) NOT NULL default '',
> output text NOT NULL,
> is_false_positive tinyint(1) NOT NULL default '0',
> PRIMARY KEY (id)
> ) TYPE=MyISAM;
> # --------------------------------------------------------
>
> #
> # Table structure for table sessions
>
> CREATE TABLE sessions (
> id int(10) unsigned NOT NULL auto_increment,
> name varchar(80) NOT NULL default '',
> users_id int(10) unsigned NOT NULL default '0',
> start_time int(10) unsigned NOT NULL default '0',
> end_time int(10) unsigned NOT NULL default '0',
> tools_id int(10) unsigned NOT NULL default '0',
> data_complete tinyint(1) NOT NULL default '0',
> PRIMARY KEY (id)
> ) TYPE=MyISAM;
> # --------------------------------------------------------
>
> #
> # Table structure for table sessions_hosts
>
> CREATE TABLE sessions_hosts (
> id int(10) unsigned NOT NULL auto_increment,
> session_id int(10) unsigned NOT NULL default '0',
> hostname varchar(30) NOT NULL default '',
> ip varchar(15) NOT NULL default '',
> start_time int(10) unsigned NOT NULL default '0',
> end_time int(10) unsigned NOT NULL default '0',
> PRIMARY KEY (id)
> ) TYPE=MyISAM;
>
>
>

Sure. Let me clean it up a bit and I will post it somewhere and send the
url to the list.

My current db schema is partly based on the NessusWX schema. The only thing
that I am not extracting from the XML output is the configuration
information and the plugin descriptions (because the nessus_plugins table
already has them). Once I figure out an elegant way of storing that
information, I will incorporate it into the PHP script.

I don't know if this capability currently exists (in CVS) but it would be
great if nessus could continuously update a sql database as it scanned.
This would be helpful for large networks where you might want to see
intermediate results. Is there already a way to view intermediate
results?



On Mon, Oct 14, 2002 at 11:33:35AM -0500, Joe Francis wrote:
> Do you care to share your PHP? Your structure for holding the messages
> would seem to do better than mine as far as getting things into the right
> field. Quite honestly, what I have so far leaves a lot to be desired.
>
> On Mon, 14 Oct 2002, Rohan Amin wrote:
>
> > On Fri, Oct 11, 2002 at 10:13:19AM -0400, Matt Woodyard wrote:
> > > I'd be interested in seeing you schema as well, could you post it to the
> > > list or somewhere public?
> >
> > As another reference, below is a simple MySQL schema that I have
> > been using for holding Nessus output. I have written a PHP script
> > that reads in the Nessus XML output and inserts it into the db. The
> > script currently only supports version 1.3 of the XML output (in
> > Nessus 1.26 I believe).
> >
> > I have been working on a frontend to the db that will allow for viewing,
> > searching, merging, etc, etc of the Nessus reports. I can make this
> > available (when I am finished) if it is of interest.
> >
> > Regards,
> >
> > Rohan
> >
> > ========
> >
> > nessus_plugins is populated by the nessus client.
> >
> > #
> > # Table structure for table nessus_plugins
> >
> > CREATE TABLE nessus_plugins (
> > id int(11) NOT NULL default '0',
> > name varchar(255) default NULL,
> > family varchar(255) default NULL,
> > category varchar(255) default NULL,
> > copyright varchar(255) default NULL,
> > summary varchar(255) default NULL,
> > description blob,
> > version varchar(255) default NULL,
> > cve_id varchar(255) default NULL,
> > PRIMARY KEY (id)
> > ) TYPE=MyISAM;
> > # --------------------------------------------------------
> >
> > #
> > # Table structure for table nessus_results
> >
> > CREATE TABLE nessus_results (
> > id int(10) unsigned NOT NULL auto_increment,
> > sessions_id int(10) unsigned NOT NULL default '0',
> > sessions_hosts_id int(10) unsigned NOT NULL default '0',
> > protocol varchar(5) NOT NULL default '',
> > port int(5) unsigned NOT NULL default '0',
> > service varchar(20) NOT NULL default '',
> > severity varchar(30) NOT NULL default '',
> > nessus_plugins_id int(10) unsigned NOT NULL default '0',
> > risk_factor enum('low','medium','high','unknown') NOT NULL default
> > 'unknown',
> > cve_id varchar(15) NOT NULL default '',
> > output text NOT NULL,
> > is_false_positive tinyint(1) NOT NULL default '0',
> > PRIMARY KEY (id)
> > ) TYPE=MyISAM;
> > # --------------------------------------------------------
> >
> > #
> > # Table structure for table sessions
> >
> > CREATE TABLE sessions (
> > id int(10) unsigned NOT NULL auto_increment,
> > name varchar(80) NOT NULL default '',
> > users_id int(10) unsigned NOT NULL default '0',
> > start_time int(10) unsigned NOT NULL default '0',
> > end_time int(10) unsigned NOT NULL default '0',
> > tools_id int(10) unsigned NOT NULL default '0',
> > data_complete tinyint(1) NOT NULL default '0',
> > PRIMARY KEY (id)
> > ) TYPE=MyISAM;
> > # --------------------------------------------------------
> >
> > #
> > # Table structure for table sessions_hosts
> >
> > CREATE TABLE sessions_hosts (
> > id int(10) unsigned NOT NULL auto_increment,
> > session_id int(10) unsigned NOT NULL default '0',
> > hostname varchar(30) NOT NULL default '',
> > ip varchar(15) NOT NULL default '',
> > start_time int(10) unsigned NOT NULL default '0',
> > end_time int(10) unsigned NOT NULL default '0',
> > PRIMARY KEY (id)
> > ) TYPE=MyISAM;
> >
> >
> >
>