Supported tools

The following tools are currently supported by Canopy:

Tool

Versions supported

Source

Notes

Nessus

6.0-6.10

https://tenable.com

The .nessus format is supported.

Canopy supports both the vulnerability results and also the compliance audit results from Nessus.

Qualys Vulnerability Scanner

scan-1.dtd

https://qualys.com

We track the scan-1.dtd specification and support importing the XML output.

nmap

v6.x, v7.x

https://nmap.org

XML results file supported. Port scan data is stored separately to vulnerability and NSE data (stored as findings).

Burpsuite Pro (scanner)

v1.6, v1.7

https://portswigger.net

The XML report file is currently supported. The HTML report will be supported soon.

Netsparker

4.x

https://netsparker.com

XML results file supported.

SSLScan

1.11.8 and current

https://github.com/rbsec/sslscan

XML results file supported. The vulnerability extensions are also supported.

Nikto2

v2

https://github.com/sullo/nikto

XML results file supported.

Fortify

16 <= 16.11

http://www8.hp.com/us/en/software-solutions/application-security-testing/

XML results file supported.

  • Legacy Report

  • Template: Developer Workbook

  • Report format: XML

SecureAssist

Latest

https://www.cigital.com/services/secureassist/

XML results file supported.

OpenVAS

v6, v7, v8

https://openvas.org

XML results file supported.

Nexpose

Community edition

https://www.rapid7.com/products/nexpose/

Limited support for the Nexpose community edition XML results.

Surecheck (deprecated)

Not supported

https://twitter.com/wildcroftsec?lang=en

Unfortunately this tool is no longer supported by the vendor.

The following tools are on the short term roadmap for support:

  • AppScan

  • OWASP ZAP

  • Nipper

  • Acunetix

  • testssl.sh

  • Arachni

  • w3af

  • Metasploit

If you have a specific need for a tool, please open a ticket via https://support.checksec.com or you may also consider writing your own importer. For further information, see Extending Canopy.