Nessus Vulnerability XML Parser
When I do security assessments, I always use Nessus. Nessus is a great tool and is extremely helpful with one exception, the reporting. While filtering is good in the new Flash interface, I still found myself needing to do something else. So I have used Perl for many years and I figured it was time to start coding again. I am by no means a Perl expert or even a programmer. But I can hack-up some pretty good Perl code to parse text files. So that is what I did.
This the first Perl code I have ever released to the public. So if you read it and would like to comment…please be gentle.
The parse-nessus.pl is a CLI only script. The script does require a few modules that can be found on CPAN. The required modules are: XML::TreePP, Data::Dumper, Spreadsheet::WriteExcel::Big, and Math::Round. I used this on Snow Leopard, but all the modules I use should compile fine on any OS. To install the modules from the command line use the “cpan” command, see below.
parse_nessus_xml.v5-for-blog.pl
Example
—————————————————————-
Get the Verion
xyz:parse-nessus MyMac$ perl parse_nessus_xml.v5-for-blog.pl v
PARSE NESSUS VER 0.05
RELEASE AS IS AND USE AS YOU SEE FIT.
PLEASE GIVE ME CREDIT IF YOU RELEASE ELSE WHERE!!!!!!
Example with the “.” directory, this is what I use most of the time.
xyz:parse-nessus MyMac$ perl parse_nessus_xml.v5-for-blog.pl .
Parsing File inside.nessus.xml
Finished Parsing File inside.nessus.xml
Printing the Main Report
Creating Spreadsheet Data
Preparing Hosts Data
Create General Vulnerability Data
Creating Policy Compliance Data
Creating Windows Management Data
Creating Nessus Report Spreadsheet
completed
—————————————————————-
I figured I would share this with the world, enjoy and please comment. I am releasing this code under the GPL, use as you will, please link back to this blog in the source code. If you would like to contribute and make changes, please feel free to make the changes and post the code here or email me.
If only more than 93 people would hear about this.
great share, great article, very usefull for me…thank
you
Super interesting article. Honest..
Hehe I am honestly the first reply to this amazing post.
Incredibly awesome read! Honestly!
nice share, good article, very usefull for me…thanks
Thank you all for your kind words, I am sorry that I did not release your comments earlier, life sort of got in the way. But anyway I am attending SANSFire in Baltimore this week and started talking about my blog with some of the attendees. If you would like to contribute or ask for any features, please do so.
Thanks for good information that comes out to
read.
great information you write it very clean. I am very lucky to get this tips from you.
Hey! I just wanted to say your web site is one of the nicely laid out, most inspirational I have come across in quite a while. Thx! 🙂
Cody,
I am getting the following error — perhaps you could shed some light on this:
Z:\perl>perl parse_nessus.pl z:\temp
Parsing File test.xml
Finished Parsing File test.xml
Printing the Main Report
Creating Spreadsheet Data
Preparing Hosts Data
Create General Vulnerability Data
Creating Policy Compliance Data
Creating Windows Management Data
Creating Nessus Report Spreadsheet
completed
///the above completed, but none of the IPs are populated into the spreadsheet… Then I try again with a second file in the directory:
Z:\perl>perl parse_nessus.pl z:\temp
Parsing File test.xml
Finished Parsing File test.xml
No such file or directory – test2.xml at parse_nessus.pl line 286
//Also, where are you getting the XMLs? Are you renaming a .NBE or .nessus to .XML ?
Thank you!
Whinston
Greetings All, Whinston and i exchanged a few emails over his comments, listed blow is the email string.
———–> From Cody
Winston,
The XML is the new *.nessus format from NESSUS 4.2 and higher. So I get the XML document and parse that. I don’t use the NBE file or the other format. Also I am not sure if the original NESSUS XML format will work. So I would start by asking what version of Nessus are you running?
———–> From Winston
Cody,
I am running Nessus version 4.2.2. You answered my question with the .nessus file info. All I needed to do was rename my exported .nessus to a .xml.
Not sure if anyone else would make that silly mistake, but might be worth adding to your blog 🙂
Thank you for the awesome tool!
———–> From Cody
Whinston
no worries..I will post this whole string….
please give me some more feed back on the tool…I am updating every couple of weeks or with each new assessment and the post the major updates to blog
———–> From Winston
Cody,
I will certainly share any comments with you as I add your tool into our process. One change I would like to implement is a unique output filename for each run, this way the file does not get overwritten in the event that I have made changes. Is this already possible through arguments? Ex: nessus_report_20100727_1451.xls From Cody
I could do that….I use the tool for doing one time assessments…so I usually on look at the information once. But that feature would not be hard to add.
———–> From Winston
Cody,
Just an FYI:
Your tool has serious enterprise potential. The reporting aspect of Nessus Security Center costs and additional $70,000, which is a tough upgrade for most organizations. I am sure I am not the only one searching for a solution that your tool provides.
Thank you for providing it for free (for now) — again, it is very helpful for intelligent break down of these daunting reports.
Whinston
———–> From Cody
spread the word….thank for the comments…
I just have to say THANK YOU!!! This tool is going to be invaluable. I just need more fields than what are in it by default but that will not be hard to add.
I will make sure that credit is kept where it rightfully belongs as I work with this file.
Again, THANK YOU!!
No problem…glad I could help…I am about to redue the parsing functions…using the XML DOM module. and the intergrate nmap ond a few other tings into also…
Cody,
Is there a way to also export the “Solution” & “CVE” fields to your sheet? I am using your script, packaged with portable perl, and it really is amazing for my work-flow, allowing me to delegate and track issues with ease.
Thank you for all your hard work!
Whinston
are you asking to add the “Solution” & “CVE” fields to spreadsheet? Sure that should not be to hard to do. I will work on that this evening.
Thank you, that will be excellent!
Hello there, You have done an excellent job.
I will definitely digg it and personally recommend to my friends.
I am sure they will be benefited from this site.
Cody,
Is there a install/user guide. I know nothing about perl
V/R
Tony W.