I've been trying to find the best way to aggregate stig checklists in a domain. For a second Vulnerator looked promising... until I saw the github repo was abandoned and they lost their CON back in 2021-22. It's actually a little depressing seeing the bug requests for the last 3 years with no response from the devteam.

Stig manager isn't an option due to the PKI requirements, and to be honest, seems like its over engineered for what we'd use it for. Emasster isn't an option because we're private sector- last I heard it was only open to DOD personnel. Please correct me if that's wrong- I'd love to demo it if possible.

Is there anything out there that just... you point it at a directory of CKLs and CKLBs, and it aggregates the findings into a CSV? I know that something like that would be much more practical than a full blown web app with API.