Skip to content
grutz@jingojango.net edited this page Oct 21, 2013 · 18 revisions

Welcome to Kvasir!

Kvasir is a vulnerability / penetration testing data management system designed to help mitigate the issues found when performing team-based assessments. Kvasir does this by homogenizing data sources into a pre-defined structure. Currently the following sources are supported:

  • Rapid 7 NeXpose
  • Metasploit / Metasploit Pro
  • Tennable Nessus
  • ShodanHQ
  • Nmap
  • THC-Hydra
  • Medusa
  • John The Ripper

Obtaining Support

If you believe you have found an issue or bug with Kvasir, feel free to open an issue ticket here on Github.

For questions and other discussions join the Google Group @ https://groups.google.com/d/forum/kvasir-dev

When things break

It's inevitable that at some point Kvasir is going to break on you. The code has become fairly complex and some features may not get as much testing as they should. When this happens first off calm down and DON'T PANIC!

Then, follow this guide on what to check and what may be required to help remedy any problems.

Scanner Support In-progress

  • QualysGuard XML Report
  • Nmap Scripting Engine results
  • BurpSuite Pro XML Report

What About Web Applications?

Our thought is that Kvasir is to remain focused on network/host-based assessment tools and not applications. This may be addressed in a future release.

Installation

See the installation wiki for instructions.

Usage Instructions

  • [Operating Systems](wiki/Operating Systems)
  • [Nexpose Support](wiki/Nexpose Support)
  • [Metasploit Support](wiki/Metasploit Support)
  • [Nessus Support](wiki/Nessus Support)
  • [Vulnerability Database](wiki/Vulnerability Database)
  • [Exploit Linking](wiki/Exploit Linking)
  • Scheduler
  • De-Duping
  • Account Search List Filters
  • gunicorn webserver

Valkyries

Valkyries are enumeration/exploitation tasks that can be kicked off from the Kvasir UI.

License

Kvasir is released under the 3-clause BSD license.

Clone this wiki locally