Home > Nessus > Nessus Vulnerability XML Parser

Nessus Vulnerability XML Parser

May 21st, 2010

When I do security assessments, I always use Nessus.  Nessus is a great tool and is extremely helpful with one exception, the reporting.  While filtering is good in the new Flash interface, I still found myself needing to do something else.  So I have used Perl for many years and I figured it was time to start coding again.  I am by no means a Perl expert or even a programmer.  But I can hack-up some pretty good Perl code to parse text files. So that is what I did.

This the first Perl code I have ever released to the public.  So if you read it and would like to comment…please be gentle.

The parse-nessus.pl is a CLI only script.   The script does require a few modules that can be found on CPAN.  The required modules are: XML::TreePP, Data::Dumper, Spreadsheet::WriteExcel::Big, and Math::Round.  I used this on Snow Leopard, but all the modules I use should compile fine on any OS.  To install the modules from the command line use the “cpan” command, see below.

sudo cpan XML::TreePP
sudo cpan Data::Dumper
sudo cpan Spreadsheet::WriteExcel::Big
sudo cpan Math::Round
The script is designed to look for all the *.XML files in defined directory.  The directory is passed as an argument, if no directory is specified an error will be returned.  To see the version, then add the v|V|-v|-V and a version will be reported.  The script will create two files, the nessus_report.xls and Nessus_data_report.txt.  The Nessus_data_report.txt is a text version of the data found in the actual Nessus report, but only shows all the Severity 2 & 3 reports.  The nessus_report.xls is a multi spreadsheet workbook that contains all the findings from Nessus.  I then manually create a series of pivot tables as such.  I have the auto-sort on all columns and will be adding more formatting as time allows.

parse_nessus_xml.v5-for-blog.pl

Example

—————————————————————-

Get the Verion

xyz:parse-nessus MyMac$ perl parse_nessus_xml.v5-for-blog.pl v
PARSE NESSUS VER 0.05
RELEASE AS IS AND USE AS YOU SEE FIT.
PLEASE GIVE ME CREDIT IF YOU RELEASE ELSE WHERE!!!!!!

Example with the “.” directory, this is what I use most of the time.

xyz:parse-nessus MyMac$ perl parse_nessus_xml.v5-for-blog.pl .

Parsing File inside.nessus.xml
Finished Parsing File inside.nessus.xml
Printing the Main Report
Creating Spreadsheet Data
Preparing Hosts Data
Create General Vulnerability Data
Creating Policy Compliance Data
Creating Windows Management Data
Creating Nessus Report Spreadsheet

completed

—————————————————————-

I figured I would share this with the world, enjoy and please comment.  I am releasing this code under the GPL, use as you will, please link back to this blog in the source code.  If you would like to contribute and make changes, please feel free to make the changes and post the code here or email me.

Categories: Nessus Tags: , , , ,
  1. May 29th, 2010 at 19:47 | #1

    If only more than 93 people would hear about this.

  2. May 30th, 2010 at 11:33 | #2

    great share, great article, very usefull for me…thank

    you

  3. May 30th, 2010 at 12:04 | #3

    Super interesting article. Honest..

  4. June 1st, 2010 at 00:39 | #4

    Hehe I am honestly the first reply to this amazing post.

  5. June 1st, 2010 at 08:09 | #5

    Incredibly awesome read! Honestly!

  6. June 12th, 2010 at 00:24 | #6

    nice share, good article, very usefull for me…thanks

  7. June 12th, 2010 at 06:59 | #7

    Thank you all for your kind words, I am sorry that I did not release your comments earlier, life sort of got in the way. But anyway I am attending SANSFire in Baltimore this week and started talking about my blog with some of the attendees. If you would like to contribute or ask for any features, please do so.

  8. June 14th, 2010 at 01:08 | #8

    Thanks for good information that comes out to

    read.

  9. June 16th, 2010 at 16:36 | #9

    great information you write it very clean. I am very lucky to get this tips from you.

  10. June 17th, 2010 at 02:12 | #10

    Hey! I just wanted to say your web site is one of the nicely laid out, most inspirational I have come across in quite a while. Thx! :)

  11. July 27th, 2010 at 13:27 | #11

    Cody,
    I am getting the following error — perhaps you could shed some light on this:

    Z:\perl>perl parse_nessus.pl z:\temp
    Parsing File test.xml

    Finished Parsing File test.xml

    Printing the Main Report
    Creating Spreadsheet Data
    Preparing Hosts Data
    Create General Vulnerability Data
    Creating Policy Compliance Data
    Creating Windows Management Data
    Creating Nessus Report Spreadsheet

    completed

    ///the above completed, but none of the IPs are populated into the spreadsheet… Then I try again with a second file in the directory:

    Z:\perl>perl parse_nessus.pl z:\temp
    Parsing File test.xml

    Finished Parsing File test.xml

    No such file or directory – test2.xml at parse_nessus.pl line 286

    //Also, where are you getting the XMLs? Are you renaming a .NBE or .nessus to .XML ?

    Thank you!
    Whinston

  12. July 28th, 2010 at 13:07 | #12

    Greetings All, Whinston and i exchanged a few emails over his comments, listed blow is the email string.

    ———–> From Cody
    Winston,

    The XML is the new *.nessus format from NESSUS 4.2 and higher. So I get the XML document and parse that. I don’t use the NBE file or the other format. Also I am not sure if the original NESSUS XML format will work. So I would start by asking what version of Nessus are you running?

    ———–> From Winston
    Cody,
    I am running Nessus version 4.2.2. You answered my question with the .nessus file info. All I needed to do was rename my exported .nessus to a .xml.

    Not sure if anyone else would make that silly mistake, but might be worth adding to your blog :)

    Thank you for the awesome tool!

    ———–> From Cody
    Whinston

    no worries..I will post this whole string….

    please give me some more feed back on the tool…I am updating every couple of weeks or with each new assessment and the post the major updates to blog

    ———–> From Winston
    Cody,
    I will certainly share any comments with you as I add your tool into our process. One change I would like to implement is a unique output filename for each run, this way the file does not get overwritten in the event that I have made changes. Is this already possible through arguments? Ex: nessus_report_20100727_1451.xls From Cody
    I could do that….I use the tool for doing one time assessments…so I usually on look at the information once. But that feature would not be hard to add.

    ———–> From Winston
    Cody,
    Just an FYI:
    Your tool has serious enterprise potential. The reporting aspect of Nessus Security Center costs and additional $70,000, which is a tough upgrade for most organizations. I am sure I am not the only one searching for a solution that your tool provides.

    Thank you for providing it for free (for now) — again, it is very helpful for intelligent break down of these daunting reports.

    Whinston

    ———–> From Cody
    spread the word….thank for the comments…

  13. Robert
    August 26th, 2010 at 11:38 | #13

    I just have to say THANK YOU!!! This tool is going to be invaluable. I just need more fields than what are in it by default but that will not be hard to add.

    I will make sure that credit is kept where it rightfully belongs as I work with this file.

    Again, THANK YOU!!

  14. August 26th, 2010 at 13:16 | #14

    No problem…glad I could help…I am about to redue the parsing functions…using the XML DOM module. and the intergrate nmap ond a few other tings into also…

  15. Whinston
    December 13th, 2010 at 11:41 | #15

    Cody,
    Is there a way to also export the “Solution” & “CVE” fields to your sheet? I am using your script, packaged with portable perl, and it really is amazing for my work-flow, allowing me to delegate and track issues with ease.

    Thank you for all your hard work!
    Whinston

  16. December 13th, 2010 at 11:47 | #16

    are you asking to add the “Solution” & “CVE” fields to spreadsheet? Sure that should not be to hard to do. I will work on that this evening.

  17. Whinston
    December 13th, 2010 at 13:17 | #17

    Thank you, that will be excellent!

  18. April 3rd, 2013 at 12:49 | #18

    Hello there, You have done an excellent job.
    I will definitely digg it and personally recommend to my friends.
    I am sure they will be benefited from this site.

  19. Tony
    February 12th, 2015 at 15:26 | #19

    Cody,
    Is there a install/user guide. I know nothing about perl

    V/R
    Tony W.

Comments are closed.