What is the biggest Nessus file you've processed?
64 views
Skip to first unread message
Daniel Martin
Mar 10, 2014, 6:37:15 PM3/10/14
to dradi...@googlegroups.com
Hi all,
I was speaking with a team earlier today that are considering using Dradis. They asked me whether anyone was using Dradis for really big projects (tens of thousands of hosts). I could only remember someone in the list that mentioned working with hundreds of hosts, but I don’t know if anyone else has any experience with Nesus projects of 1,000s or 10,000s of hosts.
If you could let me know, either on-list or privately I’d really appreciated.
Thanks!
Daniel
—
Morris's three golden rules of computer security:
do not own a computer;
do not power it on;
and do not use one
I was speaking with a team earlier today that are considering using Dradis. They asked me whether anyone was using Dradis for really big projects (tens of thousands of hosts). I could only remember someone in the list that mentioned working with hundreds of hosts, but I don’t know if anyone else has any experience with Nesus projects of 1,000s or 10,000s of hosts.
If you could let me know, either on-list or privately I’d really appreciated.
Thanks!
Daniel
—
Morris's three golden rules of computer security:
do not own a computer;
do not power it on;
and do not use one
Mike McLaughlin
Mar 11, 2014, 4:49:08 AM3/11/14
to dradi...@googlegroups.com
I would like any feedback on this.
We have a project coming up which could be >5000 hosts.
Kind regards,
Mike
Mike McLaughlin MBCS GSEC GPEN OSCP
Senior Penetration Tester & Technical Team Lead
First Base Technologies LLP
-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin
Sent: 10 March 2014 22:37
To: dradi...@googlegroups.com
Subject: [dradis-pro] What is the biggest Nessus file you've processed?
Hi all,
I was speaking with a team earlier today that are considering using Dradis. They asked me whether anyone was using Dradis for really big projects (tens of thousands of hosts). I could only remember someone in the list that mentioned working with hundreds of hosts, but I don't know if anyone else has any experience with Nesus projects of 1,000s or 10,000s of hosts.
If you could let me know, either on-list or privately I'd really appreciated.
Thanks!
Daniel
--
You received this message because you are subscribed to the Google Groups "Dradis Pro users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dradis-pro+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
We have a project coming up which could be >5000 hosts.
Kind regards,
Mike
Mike McLaughlin MBCS GSEC GPEN OSCP
Senior Penetration Tester & Technical Team Lead
First Base Technologies LLP
-----Original Message-----
From: dradi...@googlegroups.com [mailto:dradi...@googlegroups.com] On Behalf Of Daniel Martin
Sent: 10 March 2014 22:37
To: dradi...@googlegroups.com
Subject: [dradis-pro] What is the biggest Nessus file you've processed?
Hi all,
I was speaking with a team earlier today that are considering using Dradis. They asked me whether anyone was using Dradis for really big projects (tens of thousands of hosts). I could only remember someone in the list that mentioned working with hundreds of hosts, but I don't know if anyone else has any experience with Nesus projects of 1,000s or 10,000s of hosts.
If you could let me know, either on-list or privately I'd really appreciated.
Thanks!
Daniel
Morris's three golden rules of computer security:
do not own a computer;
do not power it on;
and do not use one
--
do not own a computer;
do not power it on;
and do not use one
You received this message because you are subscribed to the Google Groups "Dradis Pro users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dradis-pro+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com
______________________________________________________________________
Daniel Martin
Apr 4, 2014, 5:45:58 PM4/4/14
to dradi...@googlegroups.com
Hi all,
I’m not quite sure if this is good news or bad news, kind of both I guess.
I got confirmation today that a user was able to process a 60MB+ Nessus file to generate a 1,200 page report automatically.
The report in question covered 462 hosts with 258 vulnerabilities in total.
As for the bad news it took ~80 minutes to process. I guess that leaving a process running for 80 minutes isn’t ideal, but it surely beats having to write a 1,200 page report by hand!
On the brighter side, they were using v1.10, which means that the entire process could be run from the console with two commands:
$ PROJECT_ID=1234 RAILS_ENV=production bundle exec thor dradis:upload:nessus /tmp/output.nessus
$ PROJECT_ID=1234 RAILS_ENV=production bundle exec thor dradis:export:advanced_word:docx —template /path/to/template.docx
I have some ideas on how to make this a bit better by sending report processing to the background so you don’t have to use the console, but for the time being, the PROJECT_ID trick in v1.10 should be quite handy.
More info in the new Debugging guide:
http://securityroots.com/dradispro/support/guides/dradisreports_debugging.html
Have a great weekend everyone,
Daniel
—
Founder
Security Roots Ltd.
Registered company no 07389856 in England and Wales
I’m not quite sure if this is good news or bad news, kind of both I guess.
I got confirmation today that a user was able to process a 60MB+ Nessus file to generate a 1,200 page report automatically.
The report in question covered 462 hosts with 258 vulnerabilities in total.
As for the bad news it took ~80 minutes to process. I guess that leaving a process running for 80 minutes isn’t ideal, but it surely beats having to write a 1,200 page report by hand!
On the brighter side, they were using v1.10, which means that the entire process could be run from the console with two commands:
$ PROJECT_ID=1234 RAILS_ENV=production bundle exec thor dradis:upload:nessus /tmp/output.nessus
$ PROJECT_ID=1234 RAILS_ENV=production bundle exec thor dradis:export:advanced_word:docx —template /path/to/template.docx
I have some ideas on how to make this a bit better by sending report processing to the background so you don’t have to use the console, but for the time being, the PROJECT_ID trick in v1.10 should be quite handy.
More info in the new Debugging guide:
http://securityroots.com/dradispro/support/guides/dradisreports_debugging.html
Have a great weekend everyone,
Daniel
Founder
Security Roots Ltd.
Registered company no 07389856 in England and Wales
Reply all
Reply to author
Forward
0 new messages