I have been thinking of making some code that would track vulnerabilities overtime for a while now and due to a few people looking for it on Twitter I made up some BETA code over the past few hours.
This script should pull in multiple scans with the following command-line
java XMLVulnOT *.nessus > output.[html/xls]
and output a html or xls report with one table per host showing all pluginIDs found in each scan and what reports based on date the pluginID was found in.
With this report you should be able to see when a vuln was identified, resolved, and if it cropped back up again.
I hope to have some time to enhance the idea and add in more detail like the PluginID Synopsis into the report as well as an over all system chart.
If you have ideas for this script please shoot them my way and I will see what i can do to enhance it.
Post a Comment