Monday, June 25, 2012

Coverage Scanning



I had a set of scans that had the following logic flow today.

- Scan with 95% or better coverage and all scans should be authenticated.

You run into some interesting things as you think this through:

To gather coverage you need to have a target inventory and the script must be aware of what 100% consists of.

To validate authentication its not enough to look for failed items - what if you rescan them, why did it fail, and what if you rescan them how will the script logic work.

What to do when you find extra hosts not in the inventory.

This is the set of issues at this point I have set out to code and enough have been finished I found the script useful as another team needed to use the logic.

So this pre beta code is available as a work in progress. It is able with a command line

java CoverageValidate inventory *.nessus

To import multiple scan files and an inventory and output lists of missing, extra, and hosts that auth failed.

As you can even see in the code, it is a work in progress but its available so if you run with it share the wealth and send me a copy as I am looking for more ideas.



No comments:

Post a Comment