Scavenger - Vulnerability Management Tool

Scavenger is an open source real-time vulnerability management tool. It helps system administrators respond to vulnerability findings, track vulnerability findings, review accepted or false-positive answered vulnerabilities, and not 'nag' system administrators with old vulnerabilities.

At this time, Scavenger parses the results from a Nessus scan and stores them in a MySQL database. From that point, a user can login to a web interface and answer a vulnerability as 'addressed', 'accept', or 'false-positive'. If an administrator answers accept or false-positive, Scavenger will not insert a new vulnerability again. However, if a user marks a vulnerability as 'addressed' and it comes up again in a scan, it will insert a new vulnerability into the database.

The Cyber Security Program Office at Argonne National Laboratory developed the software in 2006 and have been using it for a year. The reason for developing the software was to take the burden of going through vulnerability scan results from our shoulders and distribute the work automatically to the system administrators. An archived presentation from the 2007 DOE Cyber Security Training Conference can be found here (click on "Archived Presentations" and the presentation is located in the "Wednesday/Room A/2pm Wisniewski.pdf") that explains the details of the system.

In the future, we would like to add other alerts to Scavenger. Even though Nessus is an open-source vulnerability scanner, we would like to try to have the organization decide what they would like to add to the program. For example, we are looking at integrating IDS and Netflow alerts so a system administrator of a particular area would have to answer the alarm. This could be applied to so many different applications in this day and age that the possibilities are endless.