Home > Nessus > Nessus Parser v0.22

Nessus Parser v0.22

July 27th, 2016

I know, I have been saying a new version is coming, well here it is.

These are the new features with version 22

1. Fixed bug in info and low severity tabs
2. Added support for new plugin families “Incident Response, F5 Networks Local Security Checks, Huawei Local Security Checks, OracleVM Local Security Checks, and alo Alto Local Security Checks”
3. Fixed issue with “Number of IPs Scanned” count.
4. Fixed issue with “Total Unique” count.
5. Updated most common Critical and High Severity vuls
6. Fixed bug in UserAccountData Regex

parse_nessus_xml.v22.pl

Categories: Nessus Tags:
  1. Stevie
    July 28th, 2016 at 08:45 | #1

    Hi Cody,

    We love this tool, and the effort you put in, thanks so much!

    But… the link to download v22 doesn’t seem to exist; is this a minor oversight?

    Thanks,

    Stevie

  2. July 28th, 2016 at 08:53 | #2

    Fixed…

  3. Matosco
    July 28th, 2016 at 08:55 | #3

    Sorry Cody but how can I download this new version?

  4. Matosco
    July 28th, 2016 at 08:56 | #4

    Thanks a lot, I was just commenting that I couldn’t download. Right on time!

  5. jsoberoi
    July 28th, 2016 at 18:23 | #5

    Hi Cody

    I really appreciate your efforts. This new version is a big help and works great.

    Cheers for that.

    jsoberoi

  6. Dan
    July 29th, 2016 at 13:54 | #6

    Cody –

    This tool is awesome! I use it all the time

  7. Anthony
    August 1st, 2016 at 10:36 | #7

    Thanks for this – its so much quicker than messing with CSV’s!

    Very much appreciated.

  8. Clay Ramsey
    August 3rd, 2016 at 16:34 | #8

    I am running this inside strawberry perl on Windows. I think that there’s a breakdown in how the code handles slashes. Here’s an example: Storing Vulnerability Data for hostname.domainname.com
    \C no longer supported in regex; marked by <– HERE in m/DOMAINNAME\ <– HERE ASSETNAME.supremeruler/ at perl_scripts\parse_nessus_xml.v22.pl line 1477.

    Is this related to this being written to work on *nix hosts, and I am trying to write to a Windows file system?

    On a side note, is there by any chance any logging enabled for this?

    Thanks in advance!

    Clay

  9. Clay Ramsey
    August 5th, 2016 at 10:58 | #9

    wanted to share a few things. I am running strawberry perl on windows 7. I have perl 5.24.0.1 installed.

    the problem is fixed. I had to use the \Q & \E character escape for regexes in lines 1477 and 1484 to prevent names with might contain \C from being parsed.

    1477: if ($a =~ /\Q$usr_name\E/ism){$_->{$act_type} = “Y”}

    1484: if($a =~ /(?=\Q$netbios_name\E).+?(\Z)/ism){

    it’s running perfectly now. I took an entire directory holding over 200mb of nessus files, and it rendered a single 29mb spreadsheet, as advertised.

    great idea, Cody!

  10. Shinobi
    August 6th, 2016 at 14:32 | #10

    Is there a file size limit? Every time I run it, I get;

    ################################################################################
    NESSUS PARSER V0.22
    ################################################################################
    Killed

  11. Beth
    August 9th, 2016 at 10:54 | #11

    thanks for the update and all your hard work on this.

  12. paveway
    August 17th, 2016 at 17:40 | #12

    Been waiting for this!!!! Much better than any other parser out there.

    THANKS!

  13. Aldo
    August 18th, 2016 at 09:17 | #13

    Hi Cody,

    Thanks for the tool, I was just wondering if you could create one tab on here, I was trying to modify the code myself, but am missing something I think.

    I’d love to have a tab with the following:

    IP Address, DNS (fqdn), Operating System, Number of Services, Number of Vulnerabilities (excluding informational)

    And if at all possible:

    Another tab with:

    OS, number of nodes with this OS, Number of Running Services, and Number of Vulnerabilities

    Would this be possible? (The second one I was struggling with more)

    Thank you!

  14. jsoberoi
    August 18th, 2016 at 21:01 | #14

    Hi Cody

    The script is failing with the following error with some reports:
    Can’t use string (“33929”) as an ARRAY ref while “strict refs” in use at parse_nessus_xml.v22.pl line 2908.

    Could you have a look when you get time?

    Cheers

    jsoberoi

  15. Shaun
    August 22nd, 2016 at 09:25 | #15

    Great work Cody!! Appreciate your efforts.

  16. Michael Ruffolo
    August 31st, 2016 at 14:50 | #16

    V22 works great, V21 stopped working with new the Nessus Plugins. Thank you for maintaining the Nessus Parser.

  17. Theo
    September 2nd, 2016 at 16:18 | #17

    THANK YOU SO MUCH FOR THE UPDATE! This tool just saved my life immensely.

  18. Sean
    September 7th, 2016 at 14:51 | #18

    Getting an error when I run.

    Unmatched ( in regex; marked by <– HERE in m/MK_DO_NEW_FG_( <– HERE GZ/ at parse_nessus_xml.v22.pl line 1518

    Could you help?

    Thanks

  19. Mark
    September 13th, 2016 at 10:00 | #19

    Cody,
    I love the script! however Today when a was running a larger nessus file the (482,723 KB) The script responds with “Killed” directly after the NESSUS PARSER V0.22 Banner. Idid notice that the scanner did an update on 9-10-16 to 6.8.1. Any assistance would be greatly appreciated.

    Mark

  20. MICHAEL MADL
    September 26th, 2016 at 10:38 | #20

    Are there instructions on running the script with a nessus file?

  21. Aditya Mathur
    October 4th, 2016 at 05:40 | #21

    Hi Cody,

    Thank you so much for this awesome Nessus Parser. Worked like a charm.

    Regards,
    Aditya Mathur

  22. Dude
    October 9th, 2016 at 17:06 | #22

    Thank you Cody!

  23. Bart
    October 11th, 2016 at 06:44 | #23

    I like this!!
    It would be perfect if you had a repository in github!! 🙂

    Thanks for this stuff.

  24. October 13th, 2016 at 12:03 | #24

    Nice script by the way, i’m using it since a long time.

    To share the information :
    i recently got error “can’t locate object method “newdir” /ur/…/Workbook.pm line 1003″.
    It’s seem to be related with a new feature added to perl.
    To fix it i had to update CPAN package and now that’s working again.

  25. burak
    October 14th, 2016 at 04:21 | #25

    Hi,
    karacali$ perl parse_nessus_xml.v22.pl -f ktserver247.xml

    These are the new features with version 22

    1. Fixed bug in info and low severity tabs
    2. Added support for new plugin families “Incident Response, F5 Networks Local Security Checks, Huawei Local Security Checks, OracleVM Local Security Checks, and alo Alto Local Security Checks”
    3. Fixed issue with “Number of IPs Scanned” count.
    4. Fixed issue with “Total Unique” count.
    5. Updated most common Critical and High Severity vuls
    6. Fixed bug in UserAccountData Regex
    The target file is “ktserver247.xml”.
    File ktserver247.xml is a Valid Nessus Ver2 format and will be parsed.

    ################################################################################
    NESSUS PARSER V0.22
    ################################################################################
    Parsing File ktserver247.xml

    Finished Parsing File ktserver247.xml

    Creating Spreadsheet Data
    Preparing Hosts Data

    There is a new plugin family added, it is Brute force attacks.
    and stop.
    What is the problem?

  26. Mekin
    October 19th, 2016 at 05:54 | #26

    Hi Cody,

    This is a great tool. I’m very grateful for your job. But I think there is a more important thing that must be on the reports tables. The parser report does not generate a table which contains “IP versus vulnerability” tab! Yes, you have “Vulnerability to IP Summary” tabs, but it consists of “plugin name versus IP”! This is not we need. We need “IP versus (Vulnerability, Description, and Solution).” Also, IPs should not be cumulated in a row with comma seperated for same vulnerability because a display in that way prevent pivoting in Excel and other analysis.

    Regards

  27. Rob
    November 10th, 2016 at 14:00 | #27

    Hi Cody,

    I’m getting the error below. Any thoughts how I can fix this?
    Thanks in advance!

    Cheers,
    Rob

    Finished Parsing XML Data

    Create General Vulnerability Data
    Creating Policy Compliance Data
    Creating Nessus Report Spreadsheet
    Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v22.pl line 1553.

  28. Chris
    November 15th, 2016 at 10:28 | #28

    Hi Cody,

    The parser seems to not produce an output. I have unzipped added the .nessus in the folder to run and get no csv/xls output.

  29. SuperThanks
    November 16th, 2016 at 08:09 | #29

    Dear Cody,

    I’m using your super script from one year ago and I love it.
    Thanks!!

  30. BRIAN SHAFER
    December 20th, 2016 at 12:04 | #30

    Is there an install guide?

  31. @gustavorobertux
    December 22nd, 2016 at 12:54 | #31

    Hi Cody,

    My name is Gustavo ( @gustavorobertux ), and I have one question !

    Can you help-me to put one column more in host_scan_data, with a CVE content ?

    Sorry my English, this is not my first language 🙂

    Cya !

  32. January 24th, 2017 at 14:21 | #32

    Good morning Cody,
    I have been using version version v0.21 with great success. I am very excited about the v0.22 update and can’t wait to use it. Here is the problem. I need the XML output from the scanner that has all the plugins with their related CVEs. Getting the XML file is not the problem; it’s converting the XML to CSV. When I ask Tenable to publish the CSV data they respond that they cannot support a third party parser. But the parser is not the issue, it works great! The issue is converting the XML data into CSV. The instructions call for using the MS XSL processor to convert the XML but I need to go thru hoops to get that command line utility approved for use.
    Do you have any ideas to get around the conversion?

  33. santhanakrishnan
    February 8th, 2017 at 05:11 | #33

    Hi cody,

    thanks for the code but I experience the Out of memory error for the files nearly 300mb. Is there any solution to overcome this.

  34. LW
    March 15th, 2017 at 12:03 | #34

    Do you have a donation link?

  35. Nicola B.
    March 29th, 2017 at 05:43 | #35

    Hi Cody,
    there seem to be a little bug with your script while parsing results that contain plugin ID 11137 (and maybe others). The fact that there’s a comma in the plugin name just causes every column data to be shifted and not correctly fitted in the resulting xls. Can you please check?
    Thanks.

  36. Tom
    April 4th, 2017 at 11:04 | #36

    Hi Cody,

    I am running your Nessus Parser v22 on a Mac. I seeing the following error message.

    Creating Spreadsheet Data
    Preparing Hosts Data

    Finished Parsing XML Data

    Create General Vulnerability Data
    Creating Policy Compliance Data
    Creating Nessus Report Spreadsheet
    Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v22.pl line 1553.

    I have checked out other versions of your parser and they have the same result.

    Thanks
    Tom

  37. Tom
    April 4th, 2017 at 12:18 | #37

    Ha looks like specifying the file name in the perl command works

    perl /path/to/script/parse_nessus_xml.v22.pl -f /path/to/file.nessus

  38. Lucas
    April 12th, 2017 at 10:07 | #38

    This version seems incredibly functional and does most of what is needed.
    Is this still being managed and potentially updated in the future? I’m not sure that Tenable is changing much, but it’s still good information to have.

  39. Craig
    April 19th, 2017 at 09:48 | #39

    Cody,

    This tool absolutely rocks. Your efforts are very much appreciated.

    Thank you!

    Craig

  40. FRoGito
    June 27th, 2017 at 09:55 | #40

    Amazing tool, very handy. Thanks for sharing!

    There may be a bug with huge file though. When merging several Nessus files into a single one with the script available at https://gist.github.com/mastahyeti/2720173 to avoid duplicates, then your Nessus Parser fails with the following error:
    Can’t use string (“33929”) as an ARRAY ref while “strict refs” in use at parse_nessus_xml.v22.pl line 2908.

    The merged file seems clean at a first glance… Only very big [102’339 lines]

  41. June 27th, 2017 at 13:46 | #41

    for the vulnerability to IP summary page, is there a way to add the description and solution fields? I have played with it but can’t figure out how to add these to field to that tab.

  42. Jason
    July 3rd, 2017 at 21:56 | #42

    Hi, This script looks awesome but I’m getting an error at the Nessus Parser section.

    “Can’t call method “add_worksheet” on an undefined value at parse_nessus_xml.v22.pl line 1553.” Any thoughts?

    Thanks,
    Jay

  43. Jason
    July 3rd, 2017 at 21:58 | #43

    I should probably also mention that I’m using strawberry perl on windows.

  44. Jason
    July 3rd, 2017 at 22:08 | #44

    I may have spoken too soon. Looks like I was using -d with a single file instead of -f. Nice job.

  45. Steve Tilson
    July 24th, 2017 at 17:08 | #45

    Cody, You are one Super Engineer! Much appreciation for your hard work and dedication to helping! YOU ROCK!

  46. September 25th, 2017 at 09:00 | #46

    A fix for this is being released 25 Sept 2017, v24.

  47. September 25th, 2017 at 09:01 | #47

    new version coming out 25 Sept 2017.

  48. September 25th, 2017 at 09:02 | #48

    no, but thanks for the offer.

  49. September 25th, 2017 at 09:03 | #49

    The system needs to be able to read in the full XML file. I did find a new module I am going to play with, but for now you need to be able read in the full file.

  50. September 25th, 2017 at 09:06 | #50

    most likely a space in the absolute path for the file.

Comment pages
1 2 249
Comments are closed.