Importing Data from Vulnerability Scanners
Different importing modules for each product are available within the Vulnerability \ Third Party folder in the Modules view. The following modules are included in Core Impact's Network modules:
- beSECURE
- Frontline
- GFI LANguard
- IBM Enterprise Scanner
- IBM Internet Scanner
- McAfee Vulnerability Manager (formerly McAfee Foundstone)
- Microsoft Baseline Security Analyzer
- Nexpose
- Nessus
- Nmap
- OpenVAS
- PatchLink VMS
- Qualys Guard
- Retina
- SAINT
- STAT Guardian
- Tenable Security Center
- Tripwire IP360
- nCircle
The following modules are included in Core Impact's Web modules located in the Web Application Analysis \ Third Party folder:
- Acunetix Web Vulnerability Scanner
- Burp Suite Professional
- Cenzic
- HP WebInspect
- IBM Rational AppScan
- NTOSpider
- Qualys Web Application Scanner
To manually use a module to import data from one of these scanners, use the modules found in the Import-Export folder. Double-clicking on any of these modules will open the parameters dialog where you can specify the location of the output file where the product data is stored. Refer to each module's documentation for additional information related to the specific product.
In addition, you can export all entities in Core Impact's database (everything found in the Entity Views) to a parsable format to facilitate the application's integration with other products.
Using Imported Information
Importing network information can replace the Network Information Gathering step if these activities have already been performed by the original scanner. After importing information you can advance immediately to step 2 of the Network RPT process, Network Attack and Penetration.
To use imported network information within the Network RPT process, follow this procedure:
- Import data from a scanner. The originally-scanned hosts will appear on the Entity View.
- Run the Network Attack and Penetration RPT step (see Network Attack and Penetration) or individual exploits from the Exploits/Remote module folder against the imported hosts. The Network Attack and Penetration step will use the imported OS, and service information to select and execute applicable exploits.
- If any attack was successful, continue working with the deployed agents using RPT or individual modules as usual.
If the imported data includes vulnerability information (as is the case when importing from vulnerability scanners), this information can be used to drive exploit selection, providing an automated mechanism for validating potential vulnerabilities. In this case, instead of utilizing the Network Attack and Penetration step from RPT, you can launch the "Attack and Penetration using imported data" module from the Import-Export module folder.
To validate potential vulnerabilities follow this procedure:
- Import data from a scanner. The originally scanned hosts will appear in the Entity View.
- Run the "Attack and Penetration using imported data" module from the Import-Export module folder against the imported targets (see Running Modules for more information). This module will only select exploits that match potential vulnerabilities identified by the vulnerability scanner.
- If any of the attacks were successful, continue working with the deployed agents using RPT or individual modules as usual. A successfully-deployed agent validates the exploitability of a potential vulnerability.
- To generate a report of the vulnerabilities imported from a vulnerability scanner that were exploited using Core Impact, you can use the PCI Vulnerability Validation report.