dxoigmn / achilles
watch download tarball
public
Forks0Right
Watchers4Right
Description: A web-based client to manage Nessus scans.
Homepage:
Clone URL: git://github.com/dxoigmn/achilles.git 
Fix bug in parsing Nessus results when pluginId = 0.
dxoigmn (author)
Thu Mar 05 14:42:49 -0800 2009
commit  65b8aec6dbddcd7ac0d317cce8d87e11dfedbd2e
tree    26a45964e8d7c4b296a56d97ee1eeca8cce6a097
parent  a31cc86b925374e51de1c2103afba07779b498d0
name age
history
message
file .gitignore Wed Jan 28 15:39:45 -0800 2009 Update git ignores. [dxoigmn]
file LICENSE Sat May 03 00:10:00 -0700 2008 Beautify legalese. [dxoigmn]
file README.markdown Loading commit data...
file Rakefile Tue Mar 04 01:18:41 -0800 2008 Importing rails project. [dxoigmn]
directory app/
directory bugs/ Fri Jun 27 14:00:54 -0700 2008 Use ditz to track issues. [dxoigmn]
directory config/
directory data/ Wed Jan 28 15:39:45 -0800 2009 Update git ignores. [dxoigmn]
directory db/
directory doc/ Tue Mar 04 01:18:41 -0800 2008 Importing rails project. [dxoigmn]
directory lib/
directory log/ Wed Jan 28 15:39:45 -0800 2009 Update git ignores. [dxoigmn]
directory public/ Wed Jan 28 16:08:52 -0800 2009 Move CSS in div.section into div#article. [dxoigmn]
directory script/ Sat May 31 22:03:53 -0700 2008 Upgraded to work with Rails 2.1 and Haml 2.0 [dxoigmn]
directory test/
directory tmp/ Wed Jan 28 15:39:45 -0800 2009 Update git ignores. [dxoigmn]
directory vendor/
README.markdown

Achilles

Achilles is a web-based Nessus client with the added ability to prioritize vulnerabilities by severity. Achilles was built because we needed the ability to prioritize vulnerabilities by location. For example, a vulnerability found on a host in the administrative network might be prioritized much higher than a vulnerability found on a host in the residential network. Achilles allows you to customize this prioritization via several techniques.

In Achilles, a vulnerability inherits almost all of its characteristics from a Nessus plugin. For example, if you were to modify a plugin's severity at a specific location it will be reflected in all vulnerabilities associated with that plugin. However, depending on your setup Nessus could be utilizing several thousand plugins at any given time. It would be a time consuming task to modify the severity in every location for all plugins. Thus, Achilles abstracts this to what we call the severity matrix. The severity matrix is simply a mapping from plugin classifications and location to a severity.

The ability to classify plugins is also a unique ability of Achilles. Because every Nessus plugin must specify a risk and family, Achilles allows you to map these to classifications. For example, a plugin that specifies a "high" risk and as a "backdoor" family you might classify as "compromised." This mapping is entirely your choice and should be chosen carefully.

In general, vulnerability severities are inherited in the following order:

  1. A severity specified on the vulnerability itself
  2. A severity specified on the vulnerability's plugin
  3. A severity specified on the severities matrix.

A minimal Achilles installation should specify locations, plugin classifications, and the severity matrix. Achilles will run with these being empty, but will be unable to prioritize vulnerabilities.

Installation

Installing Achilles is similar to any other Rails-based application. You can play around with Achilles locally using a sqlite3 database but is recommended to use MySQL in production.

To play around with Achilles you must first edit the config/config.yml file. There are several things you will want to change:

  1. The nmap executable path, nmap_path.
  2. Where results from nmap should be stored, nmap_results_path.
  3. The nessus executable path, nessus_path.
  4. Where nessus results should be stored, nessus_results_path and nessus_plugins_path.

You might also want to change the secret that Rails uses to encrypt session cookies:

rake secret

The following commands will create, migrate, and populate the a SQLite3 database and start the HTTP server:

rake db:schema:load
rake db:populate
./script/server

Once the server is running, you can open your web browser to http://0.0.0.0:3000.

Scheduling Nessus Scans

Achilles can schedule nessus scans. In order for this to work, it is advisable to setup a cronjob that executes the following:

./script/runner Scan.run!

This will run exactly 1 scan.

Dependencies

Achilles has been developed on Rails 2.0.2. It is recommended you run Achilles on this version as future version might not be backwards compatible.

Achilles is also dependent on the follow ruby gems: - chronic - netaddr - haml - libxml-ruby

The following command should install the gem dependencies:

rake gems:install

License

Copyright (c) 2007-2008, The Trustees of Dartmouth College.

Achilles is released as open source under a BSD license. See LICENSE for details.

The several plugins (./vendor/plugins/) included in Achilles are copyright their respective authors.