Archive

Posts Tagged ‘Command Line’

Nessus Vulnerability XML Parser v6

May 25th, 2010 Comments off

I found an error in the vulnerability worksheets.  So I fixed them and added the port scanning reporting found in the Nessus XML file.  Enjoy…parse_nessus_xml-for-blog.v6.pl

Categories: Nessus Tags: , ,

Nessus Vulnerability XML Parser

May 21st, 2010 19 comments

When I do security assessments, I always use Nessus.  Nessus is a great tool and is extremely helpful with one exception, the reporting.  While filtering is good in the new Flash interface, I still found myself needing to do something else.  So I have used Perl for many years and I figured it was time to start coding again.  I am by no means a Perl expert or even a programmer.  But I can hack-up some pretty good Perl code to parse text files. So that is what I did.

This the first Perl code I have ever released to the public.  So if you read it and would like to comment…please be gentle.

The parse-nessus.pl is a CLI only script.   The script does require a few modules that can be found on CPAN.  The required modules are: XML::TreePP, Data::Dumper, Spreadsheet::WriteExcel::Big, and Math::Round.  I used this on Snow Leopard, but all the modules I use should compile fine on any OS.  To install the modules from the command line use the “cpan” command, see below.

sudo cpan XML::TreePP
sudo cpan Data::Dumper
sudo cpan Spreadsheet::WriteExcel::Big
sudo cpan Math::Round
The script is designed to look for all the *.XML files in defined directory.  The directory is passed as an argument, if no directory is specified an error will be returned.  To see the version, then add the v|V|-v|-V and a version will be reported.  The script will create two files, the nessus_report.xls and Nessus_data_report.txt.  The Nessus_data_report.txt is a text version of the data found in the actual Nessus report, but only shows all the Severity 2 & 3 reports.  The nessus_report.xls is a multi spreadsheet workbook that contains all the findings from Nessus.  I then manually create a series of pivot tables as such.  I have the auto-sort on all columns and will be adding more formatting as time allows.

parse_nessus_xml.v5-for-blog.pl

Example

—————————————————————-

Get the Verion

xyz:parse-nessus MyMac$ perl parse_nessus_xml.v5-for-blog.pl v
PARSE NESSUS VER 0.05
RELEASE AS IS AND USE AS YOU SEE FIT.
PLEASE GIVE ME CREDIT IF YOU RELEASE ELSE WHERE!!!!!!

Example with the “.” directory, this is what I use most of the time.

xyz:parse-nessus MyMac$ perl parse_nessus_xml.v5-for-blog.pl .

Parsing File inside.nessus.xml
Finished Parsing File inside.nessus.xml
Printing the Main Report
Creating Spreadsheet Data
Preparing Hosts Data
Create General Vulnerability Data
Creating Policy Compliance Data
Creating Windows Management Data
Creating Nessus Report Spreadsheet

completed

—————————————————————-

I figured I would share this with the world, enjoy and please comment.  I am releasing this code under the GPL, use as you will, please link back to this blog in the source code.  If you would like to contribute and make changes, please feel free to make the changes and post the code here or email me.

Categories: Nessus Tags: , , , ,

Command Builder

April 12th, 2010 Comments off

There is a great blog called the “Command Line Kung Fu” blog http://blog.commandlinekungfu.com.  Since the guys at the “Command Line Kung Fu” blog started I have told myeself I should take their “Command Line Kung Fu” and add my Excel Fu to it.  So I finally have.  I have not converted all the episodes yet, only 1 – 15, but this is a start.  I will be adding comments on how the Excel Fu works in a week or so.  But in the mean time…check out the spreadsheet and “Command Line Kung Fu” blog.  Command_line_kung_fu_builder.v0.2.xlsx