Home > Nessus > Nessus Parser v0.21

Nessus Parser v0.21

October 20th, 2014

I am sorry for the long wait, Tenable has kept me really busy.

These are the new features with version 21

1. Created new tab for Plugin 71246 LOCAL GROUP Membership
2. Fixed a few misc spelling issues.
3. Added the date fields to each of the severity tabs.
4. Added a 2 new tabs for the plugin 70329 – MS Process info
5. Added Vulnerability to IP Summary Tab, lists all the IP for each vuln and the severity.
6. Added Solution and Synopsis to severity tabs.
7. Fixed issue with User account formatting changes.
8. Updated Audit file processing, also created code to dynamically add new audit types.
9. Fixed a bug in the host configuration table for password policies

parse_nessus_xml.v21.pl

Categories: Nessus Tags:
  1. Dude
    October 29th, 2014 at 13:44 | #1

    Thank you, Cody! You’ve done a heck of a job!

  2. wsp
    November 4th, 2014 at 07:55 | #2

    Thanks alot, this is really awesome work!! One suggestion, can you create a or section which consists of the most vulnerable hostnames? (eg top 10 hosts with the most critical/high/medium vulnerabilties)?

  3. Mihai Petre
    November 4th, 2014 at 09:04 | #3

    Thank you for this improved version.
    I like the IP Summary tab and what it provide.
    Is there a way to add a switch/option something, to list vulnerable machines by names instead of ip ? In my case I ran a scan on a list of computer names not ip.

  4. JB
    November 7th, 2014 at 11:41 | #4

    Good work another great release

  5. Mike
    November 13th, 2014 at 10:53 | #5

    Nice work! I like the script! I saw that in the severity worksheets (Critcal, High, Medium, Low, Information) that there were two “Solution” columns in each one, was there a reason for that?

  6. BKJ
    December 24th, 2014 at 07:15 | #6

    Thanks again, Cody. Love the script and use it on a daily basis.

  7. Paul
    December 31st, 2014 at 15:13 | #7

    Hey Cody,

    I’m a Shell guy, I am trying to add another sheet with output similar to PCIDSS, with the exception that it displays all Critical, High, Medium and Low vulnerabilities as well as the solution data so that I can put all of this into a pivot table:

    if($PCIDSS[0] ne “”) {
    print “Storing PCI DSS Table\n”;
    my $PCIDSS_ctr = 2;
    our $PCIDSS_worksheet = $workbook->add_worksheet(‘PCIDSSPolicy’);
    $PCIDSS_worksheet->write_url( ‘A1’, $home_url, $url_format, $_);
    $PCIDSS_worksheet->keep_leading_zeros();
    $PCIDSS_worksheet->write(1, 0, ‘File’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 1, ‘IP Address’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 2, ‘FQDN’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 3, ‘PluginID’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 4, ‘protocol’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 5, ‘severity’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 6, ‘pluginFamily’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 7, ‘plugin Type’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 8, ‘Synopsis’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 9, ‘Plugin Output’,$center_border6_format);
    $PCIDSS_worksheet->write(1, 10, ‘See Also’,$center_border6_format);
    $PCIDSS_worksheet->set_tab_color(‘blue’);
    $PCIDSS_worksheet->freeze_panes(‘C3’);
    $PCIDSS_worksheet->autofilter(‘A2:K2’);
    $PCIDSS_worksheet->set_column(‘A:K’, 20);

    Whats the best way to approach this?

  8. asdf
    January 7th, 2015 at 02:14 | #8

    Hi Cody.

    I’m using the script to parse several scanresults to one excel sheet. Unfortunately there’s a problem with the calculation of the values on the home worksheet. When calculating manual I’ll get different values.
    Can you help?

    Regads!

  9. Jerry
    January 21st, 2015 at 11:23 | #9

    Thank you! Excellent!

  10. Cohen
    January 26th, 2015 at 15:36 | #10

    Thank you Cody,

    I ran into an error in executing this against a local dir with .nessus files I get an error stating ‘Can’t call method “add_worksheet” on an undefined at parse_nessus_xml.v21.pl line 1528.’

  11. Cohen
    January 26th, 2015 at 16:08 | #11

    In addition to the spaces in the path, it seemed the soft path via ~ isn’t useful, The full path /home/iamanidiot/nessus_files worked.

  12. January 28th, 2015 at 13:08 | #12

    Is there any way to parse out duplicate IP addresses with this. Nessus sometimes reports each finding twice in my scans. I have either had to re-scan or dump the results into excel and then delete duplicates.

  13. Josh
    February 20th, 2015 at 15:18 | #13

    I just wanted to let you know that I find the nessus parser to be extremely useful and easy to use. Thank you very much for sharing it with the world.

  14. rasta
    February 25th, 2015 at 09:44 | #14

    I keep getting the below error, could anyone please help me ?

    Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v21.pl line 1528.

  15. marc
    March 10th, 2015 at 12:39 | #15

    Thanks Cody! I was wondering if you could add the port number next to list of IP address for each vuln.

    e.g. 192.168.1.1(tcp/443)

  16. Marco
    March 16th, 2015 at 15:28 | #16

    Just wanted to say thank you for this – it works great!

  17. Adel Daham
    March 23rd, 2015 at 09:30 | #17

    Good day,
    I used to use Nessus Parser v0.20 where I had to run the script only. Now, I would like to use it again with Nessus, but I don’t have to configuration requirements for both Win 7 and RHEH 5.6 / RHEL 6. Can you help?

  18. March 31st, 2015 at 17:55 | #18

    The parser script is superb. Thank you so much.

  19. Greg
    April 14th, 2015 at 09:19 | #19

    I’ve never really worked with PERL before but would like to utilize this script. When I run the script I receive an error about a missing module (XML/TreePP.pm in @INC). I attempted to update the modules using ppm but was not able to find a package that was not installed already. Ideas? Thank you

  20. Greg
    April 16th, 2015 at 09:56 | #20

    I’m getting an Out of Memory error on a file that is only 186.5 MB (.18 GB). I know you’ve mentioned a 1 GB limit on file size but this is not even close. Any ideas?

  21. Keelon
    May 15th, 2015 at 12:50 | #21

    Awesome tool, Cody. I just started using it and love it. Do have a question on the user account enumeration. When run against our systems, the column for “Account Disabled” for Windows Guest accounts indicates the accounts are not disabled. However, I verified both on the system tested as well as the Nessus results that the Guest account is reported as disabled. I reviewed the Perl code a little and tried a few things but I am a novice coder and wasn’t able to figure out why this is being reported as such. Any suggestions on why this is the case or any one else experiencing the same thing?

  22. dd
    July 29th, 2015 at 06:21 | #22

    Hi, great job man!

    Is it possible you add some kind of template for translation of the cell fields to another language?

  23. RasKal
    August 11th, 2015 at 11:19 | #23

    Excellent job. Many thanks !

    An RFE maybe? Having a command-line option, or the script checking for the presence of a file or bunch of files in the nessus XML folder (-d option) in order to ignore some IP/Host.

    Why: often, Nessus is scanning by subnet (CIDR) and when scanning a site external Internet subnet the ISP’s router is scanned as well. Although sometime desirable, this can lead to complains from the ISP, and it is also poluting the Nessus Excel report with said vulnerabilities like telnet or SSH detected…

    One could enter an IP or host per line in a bespoke and agreed named file like exclude.txt. These items will not be included in the Excel file.

    P.S. Apart from that, I’m also using the merger.py script from Ben Toews : https://gist.github.com/mastahyeti/2720173

    Thanks again and keep on the good and clever work :-)
    Kind regards,
    RasKal

  24. Roger
    September 4th, 2015 at 12:25 | #24

    Cody.. this rocks!! This totally made my month with being able to use the raw .nessus data and put it in a format that is usable, functional and we can provide meaningful reporting from.

    Many thanks!

  25. Axel
    October 22nd, 2015 at 04:46 | #25

    Thank you, Cody!

    Used your script with 5 version of Nessus, but in 6.5 there is format changing. Do you planing to update your helpfull script?

  26. Mark
    October 28th, 2015 at 06:50 | #26

    Hi! I hope you’re still working on this project cause this useful script won’t work with Nessus 6 and above because (apparently) Nessus 6 it’s not using Nessus version 2 format anympre :(

  27. October 28th, 2015 at 08:29 | #27

    I am doing some testing now.

  28. October 28th, 2015 at 08:30 | #28

    Yes I am doing some testing now

  29. October 28th, 2015 at 08:31 | #29

    I am sure you could,but I don’t know how.

  30. October 28th, 2015 at 08:34 | #30

    not sure, I will look into it

  31. October 28th, 2015 at 08:38 | #31

    Not really, I did not want to leave out any data, so you would have to use a pivot table or something like that.

  32. March 11th, 2016 at 15:18 | #32

    From the dates on the comments it looks like it’s been quite a while since anyone as said thank you but I wanted you to know that your script is still just about the best thing available for parsing out the mountains of data produced by Nessus. Great work and thank you for making it available to the community. I can’t begin to imagine how much time has been saved (by other people) because of your effort.

  33. BatchIndy
    May 31st, 2016 at 11:13 | #33

    I am curious how the script reports Credentialed Checks when scanning workstations. I have an issue where the scan is configured to use domain admin credentials and when analyzing the raw .nessus file it appears that the credentials are being used. But the report I receive after running this script reports the Credentialed Check column as a “no” for every system scanned.

  34. Shinobi
    July 15th, 2016 at 15:01 | #34

    It seems that large scans that include credentialed scans break the script. I’m trying to use a ~900mb .nessus file, it’s recognized as being a vaild Nessus v2 format file, and just sits there for a moment and returns the status of “Killed”.

  35. Jeff
    July 25th, 2016 at 12:37 | #35

    It looks like there was a new plugin family added “Incident Response” which has broken this script recently.

    Creating Spreadsheet Data
    Preparing Hosts Data
    There is a new plugin family added, it is Incident Response

  36. July 27th, 2016 at 19:09 | #36

    new update coming…

  37. July 27th, 2016 at 19:10 | #37

    The Script uses a lot of memory, so try to do smaller scans.

  38. July 27th, 2016 at 19:14 | #38

    Thanks, new version coming.

  39. Scott
    August 10th, 2016 at 12:58 | #39

    Sorry I thought I posted this but cannot find it. Where can I find the recast.txt file?

  40. September 25th, 2017 at 09:08 | #40

    You have to define the recast.txt and the file must be in the same folder as the parser script.

Comments are closed.