Ryan Prather
44669decf4
Nessus 8.2 can accommodate invalid XML tags. In plugin 86067, it now includes a tag <ssl/chain/sha-1>{data}</ssl/chain/sha-1>. The forward slashes in the opening tag cause the PHP stream parser to barf. I added a regex to remove tags with forward slashes in the tag that don't appear as the first character after the less than sign. As a result, this will also remove <attachment> tag items because the <attachment> tag also includes a "type" attribute that contains the MIME type of the attachment file. Not a big deal though because we are not using the attachments. If we decide to grab those as well, we will have to change this regex to make it work. |
||
---|---|---|
classes | ||
conf | ||
data | ||
docs | ||
exec | ||
img | ||
inc | ||
reference | ||
results | ||
script | ||
ste | ||
style | ||
.gitignore | ||
.gitmessage | ||
ajax.php | ||
apple-touch-icon-57x57.png | ||
apple-touch-icon-60x60.png | ||
apple-touch-icon-72x72.png | ||
apple-touch-icon-76x76.png | ||
apple-touch-icon-114x114.png | ||
apple-touch-icon-120x120.png | ||
apple-touch-icon-144x144.png | ||
apple-touch-icon-152x152.png | ||
apple-touch-icon-180x180.png | ||
browserconfig.xml | ||
CHANGELOG.md | ||
config.inc | ||
Database_Baseline.zip | ||
db_schema.json | ||
Dockerfile | ||
dump.php | ||
favicon-16x16.png | ||
favicon-32x32.png | ||
favicon-96x96.png | ||
favicon-160x160.png | ||
favicon-192x192.png | ||
favicon.ico | ||
help.php | ||
import.php | ||
index.php | ||
install.bat | ||
LICENSE | ||
mstile-144x144.png | ||
README.md | ||
README.pdf | ||
Sagacity-1.3-User-Guide.pdf | ||
search.php | ||
setup.php | ||
uninstall.bat | ||
update.php | ||
upload.php |
Cyber Perspectives Sagacity
https://www.cyberperspectives.com
Sagacity is a vulnerability assessment and compliance data management tool designed to make security testing more efficient, effective and complete.
Security assessments, especially those done for DoD and Federal organizations, produce tremendous amounts of scan and compliance data that security engineers must sort through and deconflict, identify untested requirements, and somehow analyze to communicate risk to their employers. Sagacity, originally written to support a government customer, was designed to fill that need.
What if an organization could turn massive amounts of irreconcilable vulnerability scan data into true knowledge and insight about their networks? They would be able to make wise decisions resulting in cost-effective actions to improve their security with the best return on investment.
Keen insight. Sound judgment. Wise decisions. Sagacity.
Features
- ingest data from Nessus vulnerability and compliance scans, SCC, nmap, MBSA and other automated tools
- correlate data to applicable STIG and IAVM checklists and deconflict data from multiple scan sources
- identify required manual STIG checks for a complete compliance assessment
- provide an efficient spreadsheet format for conducting manual tests and reporting compliance data
- track assessed hosts, applicable STIGs, OS's, installed software, missing patches, network services and more
- security assessment task tracking to ensure a complete and thorough test
- statistical analysis of compliance rates, assessment completeness, Cat I, II, III findings and more.
Requirements
Windows:
- Processor: 2.0 Ghz+ (recommend Intel i5+)
- Memory: 8GB
- Hard Drive: 50GB free (SSD recommended)
Linux:
- Processor: 2.0 Ghz+ (recommend Intel i5+)
- Memory: 4GB
- Hard Drive: 50GB (SSD recommended)
Software Requirements
Sagacity has the following software requirements. The versions listed are the minimum required for operation. For PHP, we recommend the closest version you can get to the one listed, further versions may deprecate features before we have the chance to update the code.
- PHP 7.2
- MySQL 5.7+ or MariaDB 10+
- Apache 2.4+
For Windows, you can install XAMPP 7.2.x from https://www.apachefriends.org/download.html
Installation
See README.pdf for complete installation instructions.