Comments (7)
It wiped out my Nessus xml tags, let's try this again without tag delimiters:
tag name="system-type" ->general-purpose
tag name="operating-system" ->Microsoft Windows Server 2003, Enterprise Edition (English)
tag name="MS11-056" ->2507938
tag name="MS11-054" ->2555917
tag name="mac-address" ->00:50:56:9d:4c:ef
from risu.
Thanks for the report. What version of Nessus did you use? I will test that and see if I can reproduce this
from risu.
I am using Nessus version 4.4.1 build 15078, web server version 2.4.14.
Thanks!
On Wed, Aug 10, 2011 at 2:26 PM, hammackj <
[email protected]>wrote:
Thanks for the report. What version of Nessus did you use? I will test that
and see if I can reproduce thisReply to this email directly or view it on GitHub:
#38 (comment)
from risu.
Have you tried re-downloading the report from the Nessus gui? It looks like it may have been corrupt. I cannot recreate this yet.
from risu.
I tried a couple different reloads here.
- Create new MySQL database
- Create new tables
- Load Nessus Data
a) Use the previous .nessus report files (exported from Nessus web
interface with only HIGH vulnerabilities)
b) Create new .nessus report file with no filters
In both cases for #3), the hosts.os field is incorrect. It appears like it
takes the last field between the tag name operating-system and tag name
mac-address and sticks that in the hosts.os field. This is always a tag
name with an MS Security Bulletin. Some examples from the .nessus report
file below:
Fails
Microsoft Windows Server 2008 Service Pack
2
2507938
2555917
2525694 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xx
Fails
Microsoft Windows XP Professional
(English)
2535512
2530548
2544521
2536276
2478663
2476490
2507938
2503665
2555917
2518864
2544893 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xx
Works
Microsoft Windows Server 2003 Service Pack
2
00:xx:56:xx:xx:xx
Fails
Microsoft Windows Server 2008 R2 Standard
00:50:56:9c:00:44
2556532
2539636
2563894
2478663
2560656
2567680
2507938
2559049
2487367 <- this tag gets put
in hosts.mac field
172.16.5.91
Looks like it has something to do with those MS security bulletin tag
names. Looking at the code, do they not match and get put into the
@valid_ms_patches array?
Thanks for the help.
Steve
On Sat, Aug 13, 2011 at 6:46 PM, hammackj <
[email protected]>wrote:
Have you tried re-downloading the report from the Nessus gui? It looks like
it may have been corrupt. I cannot recreate this yet.Reply to this email directly or view it on GitHub:
#38 (comment)
Cell: +1-317-840-9088
LinkedIn: http://www.linkedin.com/in/stevelodin
Twitter: http://twitter.com/stevelodin
from risu.
Looking into this will have a patch as soon as I can.
Sent from my Phone
On Aug 19, 2011, at 8:50 AM, stevelodin
[email protected]
wrote:
I tried a couple different reloads here.
- Create new MySQL database
- Create new tables
- Load Nessus Data
a) Use the previous .nessus report files (exported from Nessus web
interface with only HIGH vulnerabilities)
b) Create new .nessus report file with no filtersIn both cases for #3), the hosts.os field is incorrect. It appears like it
takes the last field between the tag name operating-system and tag name
mac-address and sticks that in the hosts.os field. This is always a tag
name with an MS Security Bulletin. Some examples from the .nessus report
file below:Fails
Microsoft Windows Server 2008 Service Pack
2
2507938
2555917
2525694 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xxFails
Microsoft Windows XP Professional
(English)
2535512
2530548
2544521
2536276
2478663
2476490
2507938
2503665
2555917
2518864
2544893 <- this tag gets put
in hosts.os field
00:xx:56:xx:xx:xxWorks
Microsoft Windows Server 2003 Service Pack
2
00:xx:56:xx:xx:xxFails
Microsoft Windows Server 2008 R2 Standard
00:50:56:9c:00:44
2556532
2539636
2563894
2478663
2560656
2567680
2507938
2559049
2487367 <- this tag gets put
in hosts.mac field
172.16.5.91Looks like it has something to do with those MS security bulletin tag
names. Looking at the code, do they not match and get put into the
@valid_ms_patches array?Thanks for the help.
SteveOn Sat, Aug 13, 2011 at 6:46 PM, hammackj <
[email protected]>wrote:Have you tried re-downloading the report from the Nessus gui? It looks like
it may have been corrupt. I cannot recreate this yet.Reply to this email directly or view it on GitHub:
#38 (comment)Cell: +1-317-840-9088
LinkedIn: http://www.linkedin.com/in/stevelodin
Twitter: http://twitter.com/stevelodinReply to this email directly or view it on GitHub:
#38 (comment)
from risu.
Can you me send your .nessus file, I cannot seem to recreate this by editing a .nessus file to be like that. I should have a fix soon. I have a hunch on what the issue is, just no way to test it.
from risu.
Related Issues (20)
- Unable to read font error HOT 2
- Data too long for column 'plugin_name' HOT 1
- SQL errors from most reports HOT 2
- SQL error when multiple OSs names are returned by Nessus for an host HOT 3
- VERY slow load speed HOT 16
- New XML elements HOT 3
- Trouble with Execute Summary template HOT 9
- risu's graphs template fails to generate, sqllite error HOT 3
- problem with risu in kali HOT 5
- New HostProperties attribute: UnsupportedProduct HOT 1
- Changing Risk Finding Colors HOT 32
- risu not installed in home directory HOT 2
- Risu won't stay installed on Kali HOT 13
- New XML element detected HOT 4
- New XML element: potential_vulnerability HOT 3
- New XML element. HOT 5
- Add support for attribute 'agent' HOT 7
- Support for multiple files and user-specified templates HOT 4
- Boolean fields stored as strings
- High instead of Critical items selected in findings_host.rb HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from risu.