Home > Uncategorized > Nessus Parser v20a

Nessus Parser v20a

November 14th, 2013

I fired my QA department, wait..that is me..ok…here is a good version of the Nessus Parser v20.

parse_nessus_xml.v20a.pl

Categories: Uncategorized Tags:
  1. November 15th, 2013 at 09:41 | #1

    Give yourself a raise! I can now parse all of my 5.2.4 v2 files. Keep up the good work

  2. wily
    November 17th, 2013 at 23:27 | #2

    Another great release. Thanks, mate.

  3. Stu
    December 11th, 2013 at 16:11 | #3

    Just downloaded and ran the script. This is my first time using Perl and Nessus, but I noticed a few things that may require attention:

    1) The ‘FQDN’ column on the ‘ScanInfo’ tab seems to be populating with the IP Address rather than the FQDNs. FQDN columns on other tabs appear to contain the correct info.

    2) The ‘User Account Summary’ table on the ‘Summary Report Data’ tab does not contain any info for me.

    These may be user error, but I thought I’d leave a comment just to check. Thanks!

  4. December 20th, 2013 at 09:40 | #4

    great stuff thanks !!

  5. RF
    December 23rd, 2013 at 12:38 | #5

    Hey Cody,
    great parser! I really like the output format it provides. I have some old nessusv1 files that I converted to nessusv2 using the webgui. When I try and parse them, however, I get an error that says “Can’t use string (“”) as a HASH ref while “strict refs” in use at parse_nessus_xml.v20.pl line 812.

    Any way to work around this? I know the v1 files don’t have as much data as the v2 files and it looks like the conversion to v2 isn’t exactly populating hte “missing” data in a way that it can be parsed.

    Thanks much!

  6. April 29th, 2014 at 14:56 | #6

    I think we addressed this via email, if we did not post back here and I will see if I can’t help.

  7. April 29th, 2014 at 14:57 | #7

    It is working as designed, I have a few tests to try and pick out the best data to put in the column.

  8. GC
    May 1st, 2014 at 11:14 | #8

    I have to say that I really like how you put this together. It runs great on the smaller .nessus files that I have. One question though, when I try to run it on a .nessus file that is quite large (~250MiB) it drops an error about running out of memory. Do you know what this might be from? Or a way to fix it?

  9. May 1st, 2014 at 12:25 | #9

    I suspect you are running this in Windows, that is only OS I have really seen this issue. I have run this on OSX and several linux versions with over 1GB of data, and while it took a while to parse the data it still completed fine.

  10. PBC
    May 5th, 2014 at 16:56 | #10

    Thanks for a very helpful tool! I saw this from the SANS post. Pretty cool!

  11. May 7th, 2014 at 22:34 | #11

    Hello Bro

    I got an error when I run the script. Is says something like this

    Can’t locate XML/TreePP.pm in @INC …..

    Can I know what is wrong? Thanks.

  12. May 8th, 2014 at 10:34 | #12

    This is caused because the perl modules are not installed or are not installed in the location Perl is looking for them. I would load up CPAN and reinstall the modules.

    In this post https://secure.bluehost.com/~melcarac/archives/161, I list the modules that you need.

    Also you can open the script with text editor and you will see “use foo::bar;”, these are the modules you need to install.

  13. Security Bazinga
    May 8th, 2014 at 21:54 | #13

    Thanks mate. The solution worked like charm and your script is the best I have seen for a parser :) Keep up the good job mate! :)

  14. Fut
    May 13th, 2014 at 16:02 | #14

    Love love love this tool. It answers everyone’s questions, and has enough pretty pics to keep the management types happy.

    However, there is one issue with the overall summary function that makes management grumpy. It seems that the uniqueness factor is coupled to the individual Nessus files. For instance, we produce our Nessus results based on subnet, and therefore can produce upwards of 14 files. When uniqueness was calculated for our last run, it tallied 71 unique critical findings for the 7 files we had. I.e, each file had uniqueness, and the per file uniqueness counts were summed. When I filtered the results on plugin id alone, I calculated only 19 unique critical findings.

    Feature request: please add plugin publication date. That gives an indicator on how behind we are.

    Thanks for the fabulous work!

  15. May 14th, 2014 at 10:20 | #15

    Thanks for the kind words, hopefully you’ll like what is coming next:)

  16. May 14th, 2014 at 10:24 | #16

    You are correct this is based on file, as a consultant I would have server different scans and would like to be able to sort them differently. But what you can do is create pivot table, and it will give you data you are looking for. I can’t put pivot ables into the script otherwise I would have done that page in that manner.

    As far as the feature request to add publication date…consider that done:)

  17. Dude
    May 16th, 2014 at 17:35 | #17

    Thanks for your effort and the great tool you gave the world.
    Can’t wait for the new version! Can you give us a date?

  18. June 4th, 2014 at 08:25 | #18

    Hi, is there any update of this script? I got Unmatched [ in regex; marked by <– HERE in m/Go[ <– HERE ./ at ../parse_nessus_xml.v20.pl line 1411 during parsin 2 Active Directory servers.

  19. July 4th, 2014 at 03:25 | #19

    Hello!
    Who can make .exe for Win?
    Lika a https://secure.bluehost.com/~melcarac/archives/161 last comment

  20. Tom Waddle
    July 8th, 2014 at 16:44 | #20

    GC :
    I have to say that I really like how you put this together. It runs great on the smaller .nessus files that I have. One question though, when I try to run it on a .nessus file that is quite large (~250MiB) it drops an error about running out of memory. Do you know what this might be from? Or a way to fix it?

    I’m receiving the same message on a Win 7 64 bit system with 8GB of memory. Any chance you know of the culprit? I plan on running the script in a Linux distro as I’m on a deadline.

  21. Kevin
    October 1st, 2014 at 15:34 | #21

    Hi!

    First of all, my name is Kevin and i work with nessus since 2010…im gonna tell you, this is the best parser ive ever seen. Thanks so much!

    I have one question…is there a way to include the IP Address on the Critical, High, Medium, low and information sheets?

    Thanks again!

  22. Nancy
    October 13th, 2014 at 14:21 | #22

    Hi Cody,

    Thanks for doing all this work. I finally got the script to run, but got the following message:
    Creating Spreadsheet Data
    Preparing Hosts Data

    Finished Parsing XML Data

    Create General Vulnerability Data
    Creating Policy Compliance Data
    Creating Nessus Report Spreadsheet
    Can’t call method “add_worksheet” on an undefined value at C:\perl_tests\parse_nessus_xml.v20.pl line 1443

    Thanks!

  23. October 20th, 2014 at 19:50 | #23

    I have seen this when the user names have a “.” or something else that will is part of regex. I dont have a fix for it yet.

  24. October 20th, 2014 at 20:04 | #24

    Contact the author of this blog – http://www.rmccurdy.com

  25. October 20th, 2014 at 20:05 | #25

    I have seen this happen several times when using Windows, try on Linux or OSX.

  26. October 20th, 2014 at 20:26 | #26

    This is added in v0.21, but is on a separate tab.

  27. October 20th, 2014 at 20:27 | #27

    Try the new version and let me know if you still have the issue.

  28. JoJoAdv
    February 24th, 2015 at 17:20 | #28

    I’m on v0.21 and still getting the same problem.

    Create General Vulnerability Data
    Creating Policy Compliance Data
    Creating Nessus Report Spreadsheet
    Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v21.pl line 1528.

  29. Jey2
    June 5th, 2015 at 18:48 | #29

    Hi Cody, My team and I use your parser dozens of times each month. This is a wonderful resource to the community.

    I’m gathering data from critical/high/medium/low/info tabs back to the host_scan_data tab by Excel formula, specifically I’m pulling back patch publication date. On the low worksheet there are no dates in cols W – Z. In the case of the ‘low’ worksheets, it looks like the date data may be in the CVSS columns; Solution and Synopsis may be in Metasploit columns, and data for a few other columns may be in unexpected places on this worksheet.

    In the case of the ‘Information’ worksheet, some of the dates in cols W – Z are bumped in to adjoining columns, apparently based upon commas present in the ‘Synopsis’ text (e.g. PluginID 20301, 29217, 31422, 57041 70544). I also noted dates being nudged over on the Medium sheet (PluginID 73922), but I did not see this on Critical or High worksheets.

    Are these easy fixes for a future release? Thank you!

  30. October 28th, 2015 at 08:32 | #30

    I will take a look at this.

Comments are closed.