First of all, please excuse me if this is a beaten horse and developers
(Renaud?) already have an idea on how this is going to evolve and
wether or not it is intented for 1.3 (it is in the ROADMAP_TO_1_2.txt file)
I have been finding my way through the nessus (user's and developers)
mailing list for information on this issue. It seems there are
currently, at least, three tools that can use a database as backend for
Nessus: Inprotect's [1] NessQuick [2] and Nessus-php [3]. With one
patch [4] provided a long time ago to provide this into the Nessus
server itself and changes in the NessusWx client [5] to provide this in
there (rather than in server side).
I am going to volunteer to try to provide something that functionality
in the near term for Nessus. However, I think it's proper to discuss first:
- the schema to be used for the database (none of the mentioned
proposals have a common schema, however, having a common definition
would allow Nessus to provide one for people who want to write
PHP/whatever other language frontends that way users could jump from one
to the other without much problems)
- the location of the backend: it could be either the server (which
could use the database for session/knowledgebase saving/recoverty), the
client (through an 'export to SQL' dialog) and/or a separate tool (which
would process session/XML/NBE/NSR output and insert it into the database)
Now, if no one objects or says that this is already being implemented by
someone I will send out a proposal for schema based on what I've looked
of the different implementations, my opinion and my reviewal of what
other tools seem to do (aka Internet Scanner).
Anyone?
Javi
PS: I'm not going to give my arguments on why this is necessary, since I
believe everybody agrees it is. Feel free to discuss it, in any case.
[1]
http://www.inprotect.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1
[2] www.atriskonline/projects/nessQuick.html
[3] http://enterprise.bidmc.harvard.edu/pub/nessus-php/
[4] http://msgs.securepoint.com/cgi-bin/get/nessus-0101/53.html
[5] http://www.securityprojects.org/nessuswx/sql_tables.html
(Renaud?) already have an idea on how this is going to evolve and
wether or not it is intented for 1.3 (it is in the ROADMAP_TO_1_2.txt file)
I have been finding my way through the nessus (user's and developers)
mailing list for information on this issue. It seems there are
currently, at least, three tools that can use a database as backend for
Nessus: Inprotect's [1] NessQuick [2] and Nessus-php [3]. With one
patch [4] provided a long time ago to provide this into the Nessus
server itself and changes in the NessusWx client [5] to provide this in
there (rather than in server side).
I am going to volunteer to try to provide something that functionality
in the near term for Nessus. However, I think it's proper to discuss first:
- the schema to be used for the database (none of the mentioned
proposals have a common schema, however, having a common definition
would allow Nessus to provide one for people who want to write
PHP/whatever other language frontends that way users could jump from one
to the other without much problems)
- the location of the backend: it could be either the server (which
could use the database for session/knowledgebase saving/recoverty), the
client (through an 'export to SQL' dialog) and/or a separate tool (which
would process session/XML/NBE/NSR output and insert it into the database)
Now, if no one objects or says that this is already being implemented by
someone I will send out a proposal for schema based on what I've looked
of the different implementations, my opinion and my reviewal of what
other tools seem to do (aka Internet Scanner).
Anyone?
Javi
PS: I'm not going to give my arguments on why this is necessary, since I
believe everybody agrees it is. Feel free to discuss it, in any case.
[1]
http://www.inprotect.com/modules.php?op=modload&name=Downloads&file=index&req=viewdownload&cid=1
[2] www.atriskonline/projects/nessQuick.html
[3] http://enterprise.bidmc.harvard.edu/pub/nessus-php/
[4] http://msgs.securepoint.com/cgi-bin/get/nessus-0101/53.html
[5] http://www.securityprojects.org/nessuswx/sql_tables.html