Skip to content

ValienteTechnologies/gw-import

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
gw_import
gw_import
 
 
tests/scanners
tests/scanners
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

gw-import

Import security scanner results into Ghostwriter from the command line.

Supported scanners

Scanner Command Input format
Burp Suite burp XML
Nessus nessus .nessus XML
Nmap nmap XML or grepable (-oG)
OpenVAS / GVM openvas XML
Qualys qualys XML
OWASP ZAP zap XML
SSLyze sslyze JSON
Acunetix acunetix XML

Installation

pip install gw-import

Requires Python 3.11+.

Quick start

1. Configure

gw-import configure

This prompts for your Ghostwriter URL and API token (JWT or Hasura admin secret) and saves them to a local config file. You can also use environment variables:

export GW_URL=https://ghostwriter.example.com
export GW_TOKEN=<your-token>

2. Verify connection

gw-import whoami

3. Import a scan

# Attach findings to report ID 42
gw-import nessus -f scan.nessus --report 42

# Preview without uploading
gw-import burp -f burp.xml --dry-run

# Read from stdin
cat zap.xml | gw-import zap --report 42

# Filter by severity
gw-import qualys -f qualys.xml --report 42 --severity high,critical

Usage

gw-import [OPTIONS] COMMAND [ARGS]...

Options:
  --url TEXT       Ghostwriter URL  [env: GW_URL]
  --token TEXT     JWT or admin secret  [env: GW_TOKEN]
  --insecure       Disable TLS verification
  -V, --version    Show version and exit

Commands:
  configure  Interactively configure URL and API token
  login      Authenticate and save a session token
  whoami     Show the currently authenticated user
  burp       Import Burp Suite scan results
  nessus     Import Nessus scan results (.nessus XML)
  nmap       Import Nmap scan results (XML or grepable)
  openvas    Import OpenVAS/GVM scan results
  qualys     Import Qualys scan results
  zap        Import OWASP ZAP scan results
  sslyze     Import SSLyze scan results
  acunetix   Import Acunetix scan results
  templates  Manage finding templates

Scanner-specific options

Nessus

--no-snoozed    Skip snoozed findings

OpenVAS

--min-qod INT   Minimum Quality of Detection score (0–100, default 0)

Nmap

--format TEXT   Input format: xml (default) or grepable

Common options (all scanners)

-f, --file PATH       Input file (default: stdin)
--report INT          Ghostwriter report ID
--severity TEXT       Filter: "high,critical" or "medium-critical"
--include TEXT        Comma-separated plugin/finding IDs to include
--exclude TEXT        Comma-separated plugin/finding IDs to exclude
--dry-run             Preview findings without uploading
-o, --output FORMAT   Output format: table (default), json, csv

Configuration file

The config file lives at the platform-appropriate user config directory (e.g. ~/.config/gw-import/config.toml on Linux). Environment variables (GW_URL, GW_TOKEN) always take precedence.

License

MIT

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages