DefectDojo can't import a report w/vulnerabilities from Nmap (but can import a report w/o vulnerabilities) #10160
Replies: 1 comment 2 replies
-
|
Can you please open the issue and put there your report? |
Beta Was this translation helpful? Give feedback.
-
|
Reminder, could you please share a report @superpalych ? |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I ran into a similar problem today with our POC, however I'm reluctant to provide the report because it does include company endpoints behind a firewall. What I can share is some of the output results of the ports and vulnerabilities: Example of problem: What I do notice is that for some reason the nse 'vulners' script is what seems to be breaking and generating a broken vulnerability report. I don't think this is a Defectdojo issue. After locally running a vulnerable openssh container on port 2222, I do get a working vulnerability report using that same nse 'vulners' script, which does work on Defectdojo: |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I executed the command sudo nmap -O -sV 172.16.30.0/24 -oA 172-16-30-0
Nmap 7.94SVN created a report with hosts and open ports, but without vulnerabilities.
DefectDojo 2.12.0 successfully imported the report and displayed a list of hosts and open ports, but without vulnerabilities.
I executed the command sudo nmap -O -sV –script vulners 172.16.30.0/24 -oA 172-16-30-0 and command sudo nmap -sV –script vulners 172.16.30.0/24 -oA 172-16-30-0 (w/o -O)
Nmap created two reports with hosts, open ports and vulnerabilities.
DefectDojo was unable to import this reports with hosts, open ports and vulnerabilities. Error text: An exception error occurred during the report import:Version of CPE not implemented
Can the program import a vulnerability report? If so, how do I do it?
Beta Was this translation helpful? Give feedback.
All reactions