Supported tools
The following tools are currently supported by Canopy:
Tool | Versions supported | Source | Notes |
---|---|---|---|
Nessus | 6.0-6.10 | https://tenable.com | The .nessus format is supported. Canopy supports both the vulnerability results and also the compliance audit results from Nessus. |
Qualys Vulnerability Scanner | scan-1.dtd | https://qualys.com | We track the scan-1.dtd specification and support importing the XML output. |
nmap | v6.x, v7.x | https://nmap.org | XML results file supported. Port scan data is stored separately to vulnerability and NSE data (stored as findings). |
Burpsuite Pro (scanner) | v1.6, v1.7 | https://portswigger.net | The XML report file is currently supported. The HTML report will be supported soon. |
Netsparker | 4.x | https://netsparker.com | XML results file supported. |
SSLScan | 1.11.8 and current | https://github.com/rbsec/sslscan | XML results file supported. The vulnerability extensions are also supported |
Nikto2 | v2 | https://github.com/sullo/nikto | XML results file supported. |
Fortify | 16 <= 16.11 | http://www8.hp.com/us/en/software-solutions/application-security-testing/ | XML results file supported.
|
SecureAssist | Latest | https://www.cigital.com/services/secureassist/ | XML results file supported. |
OpenVAS | v6, v7, v8 | https://openvas.org | XML results file supported. |
Nexpose | Community Edition | https://www.rapid7.com/products/nexpose/ | Limited support for the Nexpose community edition XML results. |
Acunetix | Latest | https://acunetix.com | XML results file supported |
The following tools are on the short term roadmap for support:
- AppScan
- OWASP ZAP
- Nipper
- testssl.sh
- Metasploit
If you have a specific need for a tool, please open a ticket via https://support.checksec.com or you may also consider writing your own importer. For further information, see Extending Canopy.