Silicon Shecky

Infosec Practitioner

Connect

Nessus and Python Scripts

By Leave a Comment

I have been working on some Python scripting over the past couple months for Nessus Pro, which I have been playing with. These are no real big deal, but might be able to help some of you out. The are located at my github page.

The first one, is the grabber script. We had been using one for our local scanner that required username and password. I decided it was about time to do it through API keys so I rewrote the generic script we already head to use them. It was a great way to get to understand how to use API keys to access the Nessus scanner. This script will show you information so you can grab just one scan, or all scans if you have multiple ones set up.

Once that was done, I turned my mind to parsing the raw nessus file, which is XML into an easy to read format (nessus_parser.py). We had been using a perl script from years ago to create a multi-page Excel file. I instead have done it in python, modifying a script I found that was not completely functional, reworking it to use import the CSV feature and output everything into a single CSV file. There is also a remarked out section with some notes, if you only want to parse out vulnerabilities with CVSS scores (so non info data). I personally like having access to all the data.

Inside the parser there is the following line:

csvHeaders = ['CVSS Score', 'IP', 'FQDN', 'OS', 'Port', 'Vulnerability', 'Risk', 'Description', 'Exploit Available', 'Proof', 'Solution', 'See Also', 'CVE'] #headers for the CSV

 

This maps to the line below it:

nessusFields = ['cvss_base_score', 'host-ip', 'host-fqdn', 'operating-system', 'port', 'plugin_name', 'risk_factor', 'description', 'exploit_available', 'plugin_output', 'solution', 'see_also', 'cve'] # headers of the nessus file. These are pulled from the XML. Order here must match up to the CSV headers you want for each item.

 

If you want some piece of data pulled from the raw nessus file that I am not pulling, you can add it into both lines, the lower one being the field in nessus, and the upper being what the head for that data will be called. You can look at the code and the raw nessus file to see what I mean as far as the <tag> goes. Also, there is a section to pull attributes out of the <ReportItem> tag such as port, protocol etc…

if item.tag == 'ReportItem': # this will parse out items that are in the tag <Report item>
            reportRow = dict(reportHost)
            reportRow['Port'] = item.attrib['port']
            reportRow['Vulnerability'] = item.attrib['pluginName']
            reportRow['Plugin ID'] = item.attrib['pluginID']
            for tag in (tag for tag in item if tag.tag in nessusFields):
                reportRow[getKey(tag.tag)] = getValue(tag.text)

 

As I said simple stuff, nothing written from scratch but heavily modified to make them working scripts for this day and age. Enjoy!