infobyte
duplicate in same vulnerability found by two different scanners
How to deduplicate the result of a scan with OpenVAS and Nexpose on the same target ? When I import the OpenVAS report and the Nexpose report, the vulnerability found are detected as different vulnerability or most of them are the same.
Hey there, Right now we don't have an specific feature to do this task. A vulnerability is considered the same in faraday as long as it has the same: Name, Description and Target. We are thinking of a way of implementing this sort of intelligence for future version. Cheers!
@WinnaZ
Hi! Can you please confirm if following sentence is still true today? A vulnerability is considered the same in faraday as long as it has the same: Name, Description and Target.
I believe these 3 fields are not enough - at least port needs to be added. It is very common to have, for example, identical SSL/TLS issue on different ports on the same host. Faraday would consider those duplicates and include only one of those.
I'm trying to copy a vulnerability (through template db) and change only the port, but vulnerability does not get added. However, nessus imports several copies of vulnerabilities which seem like duplicates (different port, but Name, Description, Target the same so I guess that sentence is not true anymore.
pls hlp
Hi!
Faraday uses the following unique constraint in the database:
vulnerability_uniqueness = DDL(
"CREATE UNIQUE INDEX uix_vulnerability ON %(fullname)s "
"(md5(name), md5(description), type, COALESCE(host_id, -1), COALESCE(service_id, -1), "
"COALESCE(md5(method), ''), COALESCE(md5(parameter_name), ''), COALESCE(md5(path), ''), "
"COALESCE(md5(website), ''), workspace_id, COALESCE(source_code_id, -1));"
)
It also depends on the service and each service has a unique port. Vulnerabilities affected by a port has a service_id value
