Monday, June 25, 2012

Nessus Vuln Table

** Deprecated  See NBE to Delimited Text **


One thing we as security people do is make reports ... a lot. Everyone seems to want the reports in a custom format but I find the result is a common table.

This table is a sort unique by vulnerability with the associated targets for that vulnerability.

I have created this script to produce the table from a common csv input so it can work with most any scanner after a pre-parse. For this example I will post a Nessus pre-parse line.

grep 'results|' *.nbe | sed 's/Plugin output :/#Plugin output :/g' | sed 's/CVE :/#CVE :/g' | sed 's/Other references :/#Other references :/g' | awk -F '#' '{print $1, $3, $4}' | awk -F '|' '{print $3"|"$5"|"$6"|"$7}' | sed 's/\\n/ /g' | grep -v ‘|||’ > ParseInput.nbe

The line above will put a nbe into my common delimited file and scrub the Plugin Output making the body common for each IP address.

Then just simply run the associated java code (linked above) and you will have your table (i.e Inputs a file [Host|VulnID|Severity|Details] outputs sort -u $2, $3, $4, [All Associated $1])

Now I have posted two versions of this file uniques on the description and VulnTable2 uniques on the pluginID the difference is some times the Detail can be very different for a pluginID hit.

The end result is a simple table. I am working on a more eloquent version of this whole thing from the XML data in the .nessus files as the .nbe format is getting much harder to access.

Also some people have created xslt files that will produce some what the same view in a export from Nessus. So we have many ways to get to this data, I just find this method to be fast as I deal with a lot of disposable data from scanners.

If this helps you out great




** UPDATE: I have added an addition quick fix script that will pre-parse .nessus v2 files to the csv table needed for the VulnTable script called XML2VulnTable. This script will import the Nessus XML and build the 4 column output needed and it should actually unique a bit better than with .nbe source.

I am working on a full version from XML in my free time along with some risk analysis scripting for Nessus files in the next weeks. For now this will get you to the table with out converting your output to nbe. **

No comments:

Post a Comment