Create actionable data from your vulnerability scans
VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed.
- Nessus V6
- Qualys Web Applications
- Qualys Vulnerability Management (in progress)
- OpenVAS
- Nexpose
- Insight VM
- NMAP
- More to come
- Follow the install requirements
- Fill out the section you want to process in example.ini file
- Modify the IP settings in the logstash files to accomodate your environment and import them to your logstash conf directory (default is /etc/logstash/conf.d/)
- Import the kibana visualizations
- Run Vulnwhisperer
- ElasticStack 5.x
- Python 2.7
- Vulnerability Scanner
- Optional: Message broker such as Kafka or RabbitMQ
Using requirements file:
sudo pip install -r /path/to/VulnWhisperer/requirements.txt
cd /path/to/VulnWhisperer
sudo python setup.py installThere are a few configuration steps to setting up VulnWhisperer:
- Configure Ini file
- Setup Logstash File
- Import ElasticSearch Templates
- Import Kibana Dashboards
To run, fill out the configuration file with your vulnerability scanner settings. Then you can execute from the command line.
vuln_whisperer -c configs/example.ini -s nessus
or
vuln_whisperer -c configs/example.ini -s qualys
For windows, you may need to type the full path of the binary in vulnWhisperer located in the bin directory.
Big thank you to Justin Henderson for his contributions to vulnWhisperer!
