IssueFinder

This tool has been created out of frustration that NessieViewer is/was not available for *nix systems. Some of the functionality has been added as a result of various requests. The result is an easy tool that can read various formats and show the issues in a table format. This allows you to sort specific columns. When an issue is selected, more information will be visible in the description pane.

You can add reports either through the commandline as arguments, or through the file menu by opening them. The 'New' menu option resets the application.

This tool has been created in Groovy as a learning exercise.

Filters

The filter section allows you to filter on specific values. Filters are like a query language where clause on the data. It is possible to filter on the following elements (case insensitive):

• scanner
• ip
• hostname
• port
• plugin
• service
• risk
• exploitable

The filter language understands the following comparing options:

• '==' equals, an element should is the given value
• '!=' not equals, an element is not the given value
• 'like', an element contains the given value

It is possible to operate with queries, a query can be negated (using the !) or two queries can be combined with 'or' (||) or 'and' (&&) operators.

The use of brackets is encouraged as it will clarify the order in which the queries are processed.

All used filter queries are added to the dropdown list together with the already present examples.

Filtering from table

You can right click on a table entry which allows you to:

• Filter on IP
• Filter on Port
• Filter on Service
• Filter on Plugin
• Modify a single entry

These will fill the specific selected filter.

Edit Screen

The edit menu comes up when you right click on an issue. There are two ways in which the edit menu are used. First is when you have a single issue selected. It will then show all the values in the edit menu. When you have multiple issues selected and open the edit menu it will stay blank and will only change those values that you enter.

Summmary

The summary menu has an overview of all IPs and for each IP it shows:

• How many open ports there are and which
• How many services are discovered and which
• What the highest vulnerability was, how many of those there are and which plugin reported them

Status bar

The status bar has three regions. On the left the application will display general information. The other two areas show the total amount of Findings displayed and the amount of unique IPs displayed.

Right-clicking on the amount of unique IPs shows you a pupup that allows you to copy the following to the clipboard:

• Unique IPs
• Unique IP/Port

Troubleshooting

In case there is a problem with a particular file that you want to load and something goes wrong AND you don't want /can't share that file with me, there are things you can do to help me locating the problem.

First of all, you need to run the jar file from the commandline:

• java -jar IF-<version>.jar [--debug]

This will show some logging within the terminal. You can even increase the amount of logging my using the additional --debug flag.

About

IssueFinder takes some ideas for the definition of an issue from IVIL xml. Currently it is able to parse the following formats:

• Nessus
• Nikto
• NMap
• Netsparker
• TestSSL (json format)

Changelog

1.5.0:

• Implemented Summary Screen
• Fixed Nikto parser
• Fixed Edit functionality

1.4.0:

• Remade graphical interface into JavaFX
• Added Filter technique like Burp-Logger++

1.3.0:

• XML parsers have been optimised to be reused when multiple files are scanned.
• Nikto parser had lost their issues.

1.2.0:

• Added edit functionality.
• Added CVSS Base score and exploitable to findings. Display the port in 'gnmap format'. Made more 'groovy'esk changed to the code. Started smalling down the jar file by removing unneeded classes.

1.1.0:

• Added the following parsers:
  • Arachni
  • Burp

Fixed the Nikto parser

1.0.1 - Added Autocompletion to scanner, plugin and risk filter on request of @anantshri. Used code from Scott Robinson

1.0.0 - Fixed some bugs, made first real release

0.1.1 - Fixed swing threading in regard to filtering

0.1.0 - Initial release

TODO

1. Implement regular expressions in filters
2. Number sort IP overview
3. Add pasers for the following tools:
   • Burp
   • ZAP
   • Nexpose
   • OpenVAS
   • What ever will be requested