Vulnwhisperer - Practice Actionable Information From Your Vulnerability Scans

Create actionable data from your vulnerability scans

VulnWhisperer is a vulnerability management tool in addition to study aggregator. VulnWhisperer volition line all the reports from the dissimilar Vulnerability scanners in addition to hit a file amongst a unique filename for each one, using that information afterward to sync amongst Jira in addition to feed Logstash. Jira does a unopen cycle sum Sync amongst the information provided past times the Scanners, acre Logstash indexes in addition to tags all of the information within the study (see logstash files at /resources/elk6/pipeline/). Data is thence shipped to ElasticSearch to live indexed in addition to ends upward inwards a visual in addition to searchable format inwards Kibana amongst already defined dashboards.

Currently Supports

Vulnerability Frameworks

• Nessus (v6/v7/v8)
• Qualys Web Applications
• Qualys Vulnerability Management
• OpenVAS (v7/v8/v9)
• Tenable.io
• Detectify
• Nexpose
• Insight VM
• NMAP
• Burp Suite
• OWASP ZAP
• More to come

Reporting Frameworks

• ELK
• Jira
• Splunk

Getting Started

1. Follow the install requirements
2. Fill out the department y'all desire to procedure inwards frameworks_example.ini file
3. [JIRA] If using Jira, hit sum Jira config inwards the config file mentioned above.
4. [ELK] Modify the IP settings inwards the Logstash files to adapt your environment in addition to import them to your logstash conf directory (default is /etc/logstash/conf.d/)
5. [ELK] Import the Kibana visualizations
6. Run Vulnwhisperer

Need assistance or but desire to chat? Join our slack channel

Requirements

• Python 2.7
• Vulnerability Scanner
• Reporting System: Jira / ElasticStack 6.6

Install Requirements-VulnWhisperer(may require sudo)
Install OS packages requirement dependencies (Debian-based distros, CentOS don't demand it)

sudo apt-get install  zlib1g-dev libxml2-dev libxslt1-dev 

(Optional) Use a python virtualenv to non mess amongst host python libraries

virtualenv venv (will hit the python 2.7 virtualenv) source venv/bin/activate (start the virtualenv, at in 1 trial pip volition run at that topographic point in addition to should install libraries without sudo)  deactivate (for quitting the virtualenv in 1 trial y'all are done)

Install python libraries requirements

pip install -r /path/to/VulnWhisperer/requirements.txt cd /path/to/VulnWhisperer python setup.py install

(Optional) If using a proxy, add together proxy URL every bit surround variable to PATH

export HTTP_PROXY=http://example.com:8080 export HTTPS_PROXY=http://example.com:8080

Now you're ready to line downward scans. (see run section)

Configuration
There are a few configuration steps to setting upward VulnWhisperer:

• Configure Ini file
• Setup Logstash File
• Import ElasticSearch Templates
• Import Kibana Dashboards

frameworks_example.ini file

Run
To run, hit sum out the configuration file amongst your vulnerability scanner settings. Then y'all tin laissez passer the axe execute from the ascendence line.

(optional flag: -F -> provides "Fancy" log colouring, proficient for comprehension when manually executing VulnWhisperer) vuln_whisperer -c configs/frameworks_example.ini -s nessus  or vuln_whisperer -c configs/frameworks_example.ini -s qualys

If no department is specified (e.g. -s nessus), vulnwhisperer volition banking concern check on the config file for the modules that cause got the belongings enabled=true in addition to run them sequentially.

Next you'll demand to import the visualizations into Kibana in addition to setup your logstash config. You tin laissez passer the axe either follow the sample setup instructions [here](https://github.com/HASecuritySolutions/VulnWhisperer/wiki/Sample-Guide-ELK-Deployment) or become for the `docker-compose` solution nosotros offer.
Docker-compose
ELK is a whole earth past times itself, in addition to for newcomers to the platform, it requires basic Linux skills in addition to unremarkably a flake of troubleshooting until it is deployed in addition to working every bit expected. As nosotros are non able to furnish back upward for each users ELK problems, nosotros pose together a docker-compose which includes:

• VulnWhisperer
• Logstash 6.6
• ElasticSearch 6.6
• Kibana 6.6

The docker-compose but requires specifying the paths where the VulnWhisperer information volition live saved, in addition to where the config files reside. If ran straight after git clone, amongst but adding the Scanner config to the VulnWhisperer config file (/resources/elk6/vulnwhisperer.ini), it volition piece of occupation out of the box.
It also takes aid to charge the Kibana Dashboards in addition to Visualizations automatically through the API, which needs to live done manually otherwise at Kibana's startup.
For to a greater extent than information well-nigh the docker-compose, banking concern check on the docker-compose wiki or the FAQ.

Getting Started
Our electrical flow Roadmap is every bit follows:

• Create a Vulnerability Standard
• Map every scanner results to the standard
• Create Scanner module guidelines for slow integration of novel scanners (consistency volition permit #14)
• Refactor the code to reuse functions in addition to enable sum compatibility amid modules
• Change Nessus CSV to JSON (Consistency in addition to Fix #82)
• Adapt unmarried Logstash to criterion in addition to Kibana Dashboards
• Implement Detectify Scanner
• Implement Splunk Reporting/Dashboards

On spill out of this, nosotros try to focus on fixing bugs every bit shortly every bit possible, which mightiness delay the development. We also real welcome PR's, in addition to in 1 trial nosotros cause got the novel criterion implemented, it volition live real slow to add together compatibility amongst novel scanners.
The Vulnerability Standard volition initially live a novel unproblematic 1 score JSON amongst all the information that matches from the dissimilar scanners having standardized variable names, acre maintaining the remainder of the variables every bit they are. In the future, in 1 trial everything is implemented, nosotros volition evaluate moving to an existing criterion similar ECS or AWS Vulnerability Schema; nosotros prioritize functionality over perfection.

Video Walkthrough -- Featured on ElasticWebinar

Authors

• Austin Taylor (@HuntOperator)
• Justin Henderson (@smapper)

Contributors

• Quim Montal (@qmontal)
• @pemontto
• @cybergoof

Download VulnWhisperer