I created this repo as part of my master thesis. The goal is a proof of concept therefore the code can be further optimized.
The final result of the script is an LLM-generated report, which can be found in the reports subfolder under the name formatted_ai_report_30_04_2024.
To view the report, click here.
Enter the directory where you cloned the repository (Downloads).
cd Vulnerability-Management
Download the vulnscan script from its creators: https://github.com/scipag/vulscan
Move the vulscan script to the nmap script dir:
For linux:
git clone https://github.com/scipag/vulscan scipag_vulscan
ln -s `pwd`/scipag_vulscan /usr/share/nmap/scripts/vulscan
For other OS:
-
Locate the Nmap scripts folder in the installation directory of Nmap.
-
Download the Vulscan repository manually.
-
Copy the repository folder and paste it into the scripts folder of Nmap using a file explorer.
The update.sh script from the creators of vulscan is not updated anymore and therefore it does not work. I found the follwing way around to get the recent data:
WHERE DID I GET the allitem from describe
cat x* > allitems.csv
cp allitems.csv /usr/share/nmap/scripts/vulscan
For the sorting algorithm to function offline a local copy of the CVSS, EPSS and CISA database is needed. This can be easily downloaded from: https://github.com/trinitor/CVE-Vulnerability-Information-Downloader
This files have to be updated manually from time to time.
- create setup.py - which installes the requirements.txt automatically
- create an option in the script to automatically connect with internet and update the databases
- add option (line) which print when were the dbs last updated
- read_conf.py have all config variables in one file, to be able to easily change the weights for instance
- Environmental variables need to be set before you can use the Azure deployment https://www.howtogeek.com/668503/how-to-set-environment-variables-in-bash-on-linux/