Monday, June 25, 2012

.nessus to html/xls

Code:
https://github.com/JasonMOliver/Java_Parsers/blob/master/XMLTable.java

-----

I have been working on a bit of code in my free time as Nessus seems to be moving away from the .nbe format and honestly the .nessus format has a lot more information.

I still need to move this data into a format that is more friendly with the command-line from time to time and also I need the data in a format acceptable for reports. This bit of java will take the V2 .nessus files and convert them to a html table or xls if you so desire as Excel supports html tables.

You need to pass this the .nessus file at the command-line

java XMLTable Input.nessus > output.[html/xls]

and it should churn out the table available for sorting and calculations. I have included the columns useful to me thus far but the java is simple enough to adjust for  more or less columns.

I am working on another project to produce NIST style tables and statistics when I get some more free time. Also I would really like to clean up this code.

I wanted to get this out the door as I have some work that needs this data next week and a few people waiting to use it.

I seem to always be coding under a dire need / deadline .... thus its not pretty.

If this is useful to you as always great use it abuse it drop me a copy.

cheers

JSN  

 --- A Thanks to @dhongyt for the XML jump start.

10 comments:

  1. This looks like exactly what I'm looking for, but no matter how I execute, I get an "Could not find or load main class XMLTable.java" error. I'm definitely no java expert, would you mind enlightening me?

    ReplyDelete
    Replies
    1. With out the error I am not 100% sure but it sounds like you are not compiling the file into a .class from the .java source. You can do that with the command javac. http://www.blackhat.org/2012/06/java-101-howto.html <-- Howto

      Also take a look at the current version of XMLTable in on GitHub it has even more data.

      Delete
    2. Thanks. I got it to work now. Have you thought about hyper-linking Nessus ID or CVE results within the cells?

      One more question too. I was reading through your README, and I don't see the syntax of the commands. Are they all similar to the above? (java XMLWhatever Input.nessus > output.[html/xls]) Thanks!

      Delete
    3. The linking would not be hard to add in you would just have to change the output line in the code.

      All of the command lines are in the blog for that script and in the comments in the header of the .java file. You should be able to find them, most are that format by the way.

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. I get these errors...any ideas?

    com.sun.org.apache.xerces.internal.impl.io.MalformedByteSequenceException: Invalid byte 1 of 1-byte UTF-8 sequence.
    at com.sun.org.apache.xerces.internal.impl.io.UTF8Reader.invalidByte(UTF8Reader.java:687)
    at com.sun.org.apache.xerces.internal.impl.io.UTF8Reader.read(UTF8Reader.java:557)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.load(XMLEntityScanner.java:1719)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.arrangeCapacity(XMLEntityScanner.java:1596)
    at com.sun.org.apache.xerces.internal.impl.XMLEntityScanner.skipString(XMLEntityScanner.java:1634)
    at com.sun.org.apache.xerces.internal.impl.XMLVersionDetector.determineDocVersion(XMLVersionDetector.java:196)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:783)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:748)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:123)
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:239)
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:288)
    at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:205)
    at XMLTable.main(XMLTable.java:36)

    ReplyDelete
    Replies
    1. I have seen this before, most of the time its a Nessus plugin thats putting non-UTF-8 chars in the output and its an actual bug in Nessus or your scanning on US machines.

      The quick fix is to clean up the file manually;
      iconv -c -f utf-8 -t ascii input.nessus > ascii_output.nessus

      You can see more on the forums - https://discussions.nessus.org/thread/4772

      hope this helps

      Delete
  4. This comment has been removed by the author.

    ReplyDelete
  5. Jason,

    when running java XMLVulnStatsV3 scan_v2.nessus output.html I end up with an empty html and my nessus source file being overwriten

    what's the proper syntax to run it ?

    ReplyDelete
  6. You have the files in the wrong order - java XMLVulnStatsV3 output.html scan_v2.nessus

    ReplyDelete