About the Author

October 2nd, 2013 Leave a comment Go to comments

Cody Dumont is a former Marine turned Geek, then Security Geek. Cody started in IT during March of 1995, while in the Marines as a former 0311 (Infantry) attending MRC (Micro Computer Repair Course) at 29 Palms CA. Cody then went on to be awarded the Navy Achievement Medal for the IT related work performed for the 24th MEU. After leaving the Marine Corps with a bad knee, go figure, he started working a for a few companies in the North East. Cody currently works for Tenable Network Security www.tenable.com as a Sr. Information Security Content Analyst.

Cody currently holds a MS in Information Technology (Specialty in Information Security) from Capella University, a BS in Information Management from Daniel Webster College. Cody has many industry certifications, starting with MCSE (NT4), MSCE (2k), Exchange (2K), CNE (5), A+, Security +, CCNA, CCNA Security, CCNP, CCIP, CISSP, CCSP, RSA enVision CSE, GCWN (Gold), GCFA, GCFE, and GXPN.

  1. Whinston
    September 20th, 2010 at 14:27 | #1

    Cody,
    You asked that I check in with you on your vulnerability parser. How’s it going? Any updates?

    Also, I have a question on the output format. The xls is great for delivering results. Is there a way to include the IP on the highvuln/medvuln/lowvuln tabs? I know we can sort from the main page, but sometimes that is too difficult for management :) Perhaps this is something I could edit for my configuration if you point me in the right direction. On that same note, is there a way to include conditional formatting to colorize the high and mediums on the main page straight from the template?

    Thank you for your help.
    Whinston

    Please Note: I edited comment to remove the personal information posted.

  2. October 9th, 2010 at 15:18 | #2

    I usually do a pivot table or something like that after the fact depending on the report. But we can create any table you would like in the script. I would caution to list all the IP’s with Low Medium and High tables, only because the IP count in there, if you add would like to simply create a tables similar to first table you mention but sorting by High, Medium and Low, we can add that. But that is just a sort on that first table.

  3. Jeff
    September 9th, 2011 at 10:47 | #3

    Hey cody I was wondering if you can shoot me that unreleased version of your parser? I was the one who asked about the domain issues with the latest version, and id be happy to test any new versions you have.

  4. Alex Haslach
    November 1st, 2011 at 20:01 | #4

    Cody, first of all many thanks are due to you, this parser is the easiest to use and most powerful program of its type I’ve found out there! I have a similar request to Whinston above, I would like to be able to show all the IPs associated with a particular vulnerability on each of the high, medium, and low tabs. I am a perl novice but I was wondering if there was a way for me to make this script show the associated IPs in a cell alongside each vulnerability, or if that was something you had planned for a future release. Please email me! Thank you!

  5. November 2nd, 2011 at 07:32 | #5

    To add that feature in to the spreadsheet would make the spreadsheet extremely large, so I don’t plan on adding it. However the good news is, that you can do it now. if you go to the “host_scan_data” tab, the select the filter for the Plugin ID, and Severity you can see all the IP’s with that severity. There are 4 severity levels, 0 – 3. Listed below are the meanings of the severity.

    Severity 0 – is the port scan Nessus preforms
    Severity 1 – is a Low Severity Vulnerability
    Severity 2 – is a Medium Severity Vulnerability
    Severity 3 – is a High Severity Vulnerability

    So as you can see you can already sort on this information.

    If you wanted to do this in perl, I am sure you can, I would suggest using XPATH modules to do so.

    I hope this helps.

  6. Kurt
    May 22nd, 2012 at 18:01 | #6

    Hi Cody,

    I love your script and use it often. I was wondering if it is simple to create a new tab called ‘Access Points’ and all the findings matching Plugin ID 11026 wuld show up in there. I’ve been successful creating a new tab but cannot import results matching that plugin ID.

    Can you email me or respond with code when you get a chance. This would be very helpful! Thank you again.

  7. May 23rd, 2012 at 07:24 | #7

    I can make that change in july some time, when I do a lot of other updates.

  8. John
    August 10th, 2012 at 12:13 | #8

    Cody,

    I’m looking to parse configs from cisco as well. I don’t have a good parser and am interested in test driving yours. For some odd reason the .zip is not working for download (or Im getting blocked/filtered). Can you shoot it to my email?

    Thanks for your time!

    John

  9. September 27th, 2012 at 14:08 | #9

    I am sending you a new copy in email.

  10. Dan Smith
    December 1st, 2012 at 21:03 | #10

    I have encountered a network relying on zone firewall on the routers. The creator made extensive use of object groups in the ACLs, but you likely already know that the show access list command does not expand the object groups on routers. Has any of your wok addressed this?

  11. Bill Ryan
    March 6th, 2013 at 11:18 | #11

    I am trying to use v16 on a windows machine to parse a nessus v2 file. While the parser finds the file fine, it does not recognize it as a valid file. (I manually checked the file and the required string “NessusClientData_v2” is in my file. Can you give me some troubleshooting steps?

  12. April 25th, 2013 at 06:44 | #12

    In the upcoming version of the ACL parser this is addressed. But all coding over the last 8 months has been at a stand still due to the work load I had. However that is changing due to recent change in jobs. I hope to start coding in the ACL Parser soon.

  13. April 25th, 2013 at 06:58 | #13

    Try v18 and if it does not work, email and let me know. I will load up a windows machine to test with.

  14. Rebecca Kettler
    April 30th, 2014 at 10:52 | #14

    I am getting a error saying can’t XML/TreePP.PM. I don’t see this file in the directory either though the xml modules is installed. Any recommendations?

  15. April 30th, 2014 at 11:04 | #15

    This is usually found when you don’t have the perl modules installed. Look at the earlier posts and there are instructions for installing the perl modules.

  16. Steve Scruggs
    May 1st, 2014 at 16:59 | #16

    I keep getting the following error when running the nessus parser:

    “Can’t find Unicode property definition “A” at parse_nessus_xml.v20.pl line 1364.”

    I can get the script to run just fine for individual scans (nessus v2 files), but when I created a v2 file for my Security Center repositories and run the script with the ‘-d’ option, I get the error.

  17. May 1st, 2014 at 18:08 | #17

    That is really interesting, I have not tried to use the .nessus file from the SecurityCenter repository. I have used the .nessus files downloaded from the Scan Data tab in SecurityCenter with the parser and they worked fine. I would say there must be something different in the repository export .nessus file. I will try testing that as I develop the next version of the parser. But that said, I would recommend using the SecurityCenter API and query the data. Also you can get a lot of great stuff from SecurityCenter App feed with all the dashboards, reports and assets.

    I have considered developing a new script that uses the API to build the same spreadsheet, but I have not started the development.

  18. Robert Wines
    September 5th, 2014 at 13:07 | #18

    Cody,

    You have a great parser that I use shamelessly. I run into this problem every time I get a large number of IPs (about 10,000) I get the following error message ” FILE is not using the Nessus version 2 format, and will NOT be parsed!!!” I am absolutely sure it is version 2 Nessus. Thanks in advance for all your help and your contributions.

    Regards,

    Rob

  19. Steve
    October 28th, 2014 at 11:00 | #19

    Hi Cody- Just found your parser. Getting 403 Unauthorized when I run the script and provide credentials and url. What typically causes this?

    The SecurityCenter is at:
    Nessus Product: Nessus
    Engine:5.2.7
    Web UI: 2.3.16 (master #124)
    PluginsLast Updated: October 27, 2014
    Plugin Set: 201410272215
    Expiration: October 28, 2014

  20. October 29th, 2014 at 14:00 | #20

    I am not sure, the only time i have seen this is when the URL was wrong.

  21. January 17th, 2015 at 10:27 | #21

    Hi Cody,
    Thanks for the great parser. Can I use the same parser to parse mcafee vulnerability manager(MVM) XML reports. If yes, what changes are required? If no then can you point me in right direction in parsing MVM xml reports?

    Awaiting your reply..

  22. CT
    May 11th, 2015 at 03:32 | #22

    Does anyone know, if Robert got the following error figured out: !!FILE is not using the Nessus version 2 format, and will NOT be parsed!!!” I’m using Nessus version 4.0 and so it’s supposed to be in V2 format as well. I’ve only got about 1000 different IP’s of scan data i would liked to get parsed. Any ideas?!!

  23. October 28th, 2015 at 08:35 | #23

    Nessus v4 is not supported any more, Tenable extended the format so I have had change the code.

  24. reuben
    July 26th, 2016 at 21:16 | #24

    Hey Cody,
    The nessus parser has been an incredibly valuable tool. Wondering if you’re still maintaining it?

  25. July 27th, 2016 at 19:09 | #25

    Sure am, the after this update, the script will change and be app API.

  26. Hubert Black
    February 2nd, 2017 at 16:27 | #26

    Cody,

    Thank you for your efforts in this never ending project and we appreciate what you are doing.

    If you have any help/sources/references with using regex within ACAS to extract plugin output information please keep us abreast.

    Hubert Black
    J

  27. Nicola B.
    March 14th, 2017 at 06:54 | #27

    Hi Cody,
    there seem to be a little bug with your script while parsing results that contain plugin ID 11137 (and maybe others). The fact that there’s a comma in the plugin name just causes every column data to be shifted and not correctly fitted in the resulting xls. Can you please check?
    Thanks.

  28. Theo
    September 5th, 2017 at 16:32 | #28

    When using the Nessus parser, I sometimes run into this error that prevents the spreadsheet from being created.

    Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v22.pl line 1553.

    Any ideas for a workaround? It’s happened several times for completely different scans and the error happens for line #.

    Thanks!

  1. No trackbacks yet.