Archive

Archive for the ‘Nessus’ Category

SANS Penetration Testing Blog

April 29th, 2014 12 comments

This is really kool stuff Ed Skoudis and Kevin Fiscus, both SANS instructors, are talking about my parser. I have been working on a new version, I guess this is a sign I need to get working harder:)

Data, Data, Everywhere What to do with Volumes of Nessus Output

Categories: Nessus Tags: , ,

Nessus Parser v20

November 14th, 2013 9 comments

Version 20 of the Nessus parser is here. There are a few features I am really excited about. Listed below are all the newly added features.

1. Should work with the Nessus 5.2.4. There may be some issues with this still, but the script does run. If the counts of data are off, please contact me to and send me the .nessus file and I will look at see where data is missing.

2. Fixed the port scanner & informational severities. There is a new tab for port scan results, for the WMI, NETSTAT, and Nessus port scanner.

3. Software inventory 20811, this feature is kind of kludgy, but the installed apps are in a “|” delimited field for each system identified by the plugin.

4. Port scan info, from WMI or Netstat info

5. New Tab for Plugin 54615, Device Type.

6. Added Plugin Output to Scan Info

7. Added new Plugin Families

8. Updated support for PaloAlto Audit

9. Updated Compliance Results

10. Major Revision of the vulnerability tab processing

11. Fix PCIDSS Tab Data.

parse_nessus_xml.v20a.pl

 

Categories: Nessus Tags:

Nessus Parser v19

August 12th, 2013 8 comments

Version 19 of the Nessus parser is here. There are a few features I am really excited about. Listed below are all the newly added features.

1. CPE report
2. Added Plugin Family Mobile Devices
3. Added Plugin Family Oracle Linux Local Security Checks
4. Added Plugin Family Scientific Linux Local Security Checks
5. Added CVSS Score Data
6. Added CVSS Total Score

The features I think are really exciting, are the CPE and CVSS related features.

First there is a new table with all the CPE’s found during the scan. The CPE’s can help you identify systems with specific software or hardware configuration. This is a great tool to help with software inventory.

The second item is the addition of CVSS information to the vulns tabs.

The third really neat feature allows you to use the CVSS score to assess risk. On the new “CVSS Score Total” tab there is a row for each IP address and the sum of each CVSS for critical, high and medium severities. To allow the analysts to assign risk levels there is a multiplier for each severity level. By changing the value in each multiplier, you effect the over all score assigned to each address.
parse_nessus_xml.v19.pl

Categories: Nessus Tags: , ,