May 022011

I created Project RF to have a reporting framework that provides  consistent reports for various vulnerability scanning tools.  The  project started with support for Nessus back when I would parse nbe files.   I’ve  since included reporting for eEye Retina, Nmap, HP WebInpect,  AppScan AppDetective,  Kismet, and GFI Languard.  This project is still in its alpha stages as  I’m not a top notch web program developer.  Scan results are exported to  XML which is then uploaded, parsed, and imported into a backend MySQL  database.  I have found this framework very useful in generating reports  for my workpapers.  I still continue to work on this project even though I’m no longer an auditor.  Recently I stripped it down to just Nessus and I rewrote the Nessus portion to support the .nesses v2 xml output.  Installation and setup instructions can be found here.

This framework supports many options for report generation and executive reporting.