grutz@jingojango.net edited this page Nov 5, 2013 · 18 revisions

Welcome to Kvasir!

Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure. Currently the following sources are supported:

  • Rapid 7 NeXpose
  • Metasploit / Metasploit Pro
  • Tennable Nessus
  • ShodanHQ
  • Nmap
  • THC-Hydra
  • Medusa
  • John The Ripper

Obtaining Support

If you believe you have found an issue or bug with Kvasir, feel free to open an issue ticket here on Github.

For questions and other discussions join the Google Group @ https://groups.google.com/d/forum/kvasir-dev

When things break

It's inevitable that at some point Kvasir is going to break on you. The code has become fairly complex and some features may not get as much testing as they should. When this happens first off calm down and DON'T PANIC!

Then, follow this guide on what to check and what may be required to help remedy any problems.

Scanner Support In-progress

  • QualysGuard XML Report
  • Nmap Scripting Engine results
  • BurpSuite Pro XML Report

What About Web Applications?

Our thought is that Kvasir is to remain focused on network/host-based assessment tools and not applications. This may be addressed in a future release.


See the installation wiki for instructions.

Usage Instructions


Valkyries are enumeration/exploitation tasks that can be kicked off from the Kvasir UI.


Kvasir is released under the 3-clause BSD license.