Gherkin 0.2.3 review
DownloadGherkin is a Web-enabled, multi-threaded, centralized security scan manager that incorporates Nessus vulnerability scanning, DNS and
|
|
Gherkin is a Web-enabled, multi-threaded, centralized security scan manager that incorporates Nessus vulnerability scanning, DNS and nmblookup name resolution, and Nmap fingerprinting and scanning.
Gherkin is _not_ coded in a secure manner, and is most definately exploitable.
Considering this and the things that can be done through legitimate usage, gherkin should be secured so that only trusted users can execute either the command-line tools or the web interface.
The default number of concurrent connections allowed to Postgres is fairly low. You'll probably want to increase the Postgres default. Other tunning for database is also a good idea as your dataset grows.
What's New in This Release:
removed option to pause before launching nessus scans
added gherkin_queued_job_options to mitigate table bloat in large databases (see erd)
fixed bug where bitwise and was errantly used (thanks, Todd)
updated gherkin_report to show number of queued jobs
fixed some old references to addresses.address
added in-memory job lists to avoid db quey time for random job selection -- now handles starting scans for 24 class bs all at once
changed the way jobs are selected and assigned
added informational logging
moved splitting jobs to the management thread
fixed off-by-one bug in month of nessus scan dates (thanks, Mike)
fixed quotation bug in web UI that hurt the display of targets with apostrophes
changed status screen in web UI to not show queue unless told to, and to show the number of queued jobs without showing the queue
Gherkin 0.2.3 search tags