On Tenable Network Security’s Nessus Discussions Forum, user Steve Chan asks whether it is possible to use the XMLRPC interface of Nessus 4.2 to display the differences between a scan report and another one, used as a comparison baseline.
This is one of the new features offered by Nessus 4.2 and one that I haven’t felt the need to fiddle with since I do all my comparisons using home-cooked scripts during .nessus v2 file post-processing. But those of you who’d rather use the native XMLRPC interface have a way out as Renaud Deraison pointed out:
to compare reports f2525b2f-8f30-70a0-2e12-2324323c96599c9136dce42ef3db (old) and fbaacdfb-6fc2-2a0c-168b-de748fd0c00dc6f8f750bde6933f (new), you’d do
wget --post-data 'token=xxxx&report=diff-fbaacdfb-6fc2-2a0c-168b-de748fd0c00dc6f8f750bde6933f-f2525b2f-8f30-70a0-2e12-2324323c96599c9136dce42ef3db' https://your.scanner/file/report/download/
As you can see you’d need to keep track of the report UUIDs (unique identifiers to distinguish between each report) and if you are scanning multiple sites, you’d need to keep track of which UUID corresponds to which site and what is the baseline etc. This usually means some kind of a database.
To spare myself the hassle of maintaining yet another piece of software and yet more code to talk to a database, I opted for another option. I generate my own UUIDs but instead of random numbers and letters I use the site’s name and current date (up to the usec) as the readableName (the human-readable name you can associate with each scan you submit to Nessus 4.2).
(view comments)
-
misskities liked this
-
fortmyers liked this
-
myblogself posted this
