Nessus Parser v19
Version 19 of the Nessus parser is here. There are a few features I am really excited about. Listed below are all the newly added features.
1. CPE report
2. Added Plugin Family Mobile Devices
3. Added Plugin Family Oracle Linux Local Security Checks
4. Added Plugin Family Scientific Linux Local Security Checks
5. Added CVSS Score Data
6. Added CVSS Total Score
The features I think are really exciting, are the CPE and CVSS related features.
First there is a new table with all the CPE’s found during the scan. The CPE’s can help you identify systems with specific software or hardware configuration. This is a great tool to help with software inventory.
The second item is the addition of CVSS information to the vulns tabs.
The third really neat feature allows you to use the CVSS score to assess risk. On the new “CVSS Score Total” tab there is a row for each IP address and the sum of each CVSS for critical, high and medium severities. To allow the analysts to assign risk levels there is a multiplier for each severity level. By changing the value in each multiplier, you effect the over all score assigned to each address.
parse_nessus_xml.v19.pl
Thanks again ! here is the new portable link:
http://rmccurdy.com/scripts/parse_nessus_xml.v19.pl.exe
Thank you very much for this great update!
Hi there! Someone in my Myspace group shared this site with us so I came to check it out. I’m definitely lovingthe information.
Hey man thanks for the great script. Any future plans on adding a “patch summary” tab that parses our the Nessus Patch report(Plugin ID 66334)? As you know the patch report only list the needed and succeeded patches that’s required to bring the system up-to-date. I’m sure that would will help out many vulnerability management specialist out there like myself.
Just wanted to let you know how awesome I found your Nessus parsing script to be. It has saved me many hours of work. I just had a couple of question.
01) It appears that the “plug-in” output information is missing from the report (my apologies if I over looked it). For example, when trying to get more information for plugin id “21725” I was expecting to find the below information. However, this portion is missing from the excel report but exists in the actual .nessus file. I use this type of information when trying to determine what was flagged and why.
The remote host has an antivirus software from Symantec installed. It has
been fingerprinted as :
Symantec Endpoint Protection : 11.0.7000.975
DAT version : 20120306
The remote host has an out-dated version of the Symantec
Corporate virus signatures. Last version is 20130916
02) Also, would you consider creating a new tab within the report to include the following plug-in id’s? These id’s could be used to discover problems that were encountered during a credentialed scan fairly quickly.
26917 – Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry
21745 – Authentication Failure – Local Checks Not Run
24786 – Nessus Windows Scan Not Performed with Admin Privileges
Thanks in advance and look forward to new versions!
I think Tenable may have changed things up again. Their web interface changed about two weeks ago, and when I tried to run parse_nessus_xml.v19.pll, I get the following output from each file I try to parse. Unfortunately I am still a perl n00b, so I don’t feel qualified to try to troubleshoot this.
Thanks,
–vr
################################################################################
NESSUS PARSER V0.19
################################################################################
Parsing File ./20131109.XNICC_weekly_(scheduled).db2b8879-7857-12c1-a9fe-994a447de846f54641468c9a2eae.xml
Can’t use string (“”) as a HASH ref while “strict refs” in use at /home/storm/bin/parse_nessus.pl line 773.
TG…I agree that would be a great addition to have.
the v20 will be posted tonight