nessus grep
January 3rd, 2010 by mopey
The code is pretty self explanatory. It searches through a .nessus file and spits out matching hosts.
#!/usr/bin/python
def usage():
print """
This program takes a regular expression for a problem and returns the
affected hosts. It iterates through all reports saved in a .nessus file
making no attempt at uniqueness, (eg if you scanned a host more than once)
searching through titles, data, port, and IDs for matches.
It prints one host per line, relying on tools like wc, tr, sort, uniq
USAGE:
arg[0] myfile.nessus regex
For a regex reference, see http://docs.python.org/library/re.html
EXAMPLES:
#search for hosts that ran the nikto plugin
python nessus_grep.py scan.nessus nikto
#case insensitive search for nikto
python nessus_grep.py scan.nessus "(?i)nikto"
#it's usually probably ok to just check for id, but be careful
#as an added precaution I give it the beginning end of lines
python nessus_grep.py scan.nessus "^10386$"
#find all hosts with either the SSL Cipher "bug" or running SSL Version 2
python nessus_grep.py scan.nessus "(SSL Weak Cipher Suites Supported|SSL \
Version 2 \(v2\) Protocol Detection)"
"""
import sys
import re
from lxml import etree
def regexsearch(regex, *strings):
for i in strings:
try:
if re.search(regex, i):
return True
except TypeError:
pass
if __name__ == "__main__":
re.IGNORECASE
if len(sys.argv) != 3:
usage()
sys.exit(0)
regex = sys.argv[2]
nessus_xml = etree.parse(sys.argv[1])
for report in nessus_xml.getroot():
if "Report" in repr(report.tag):
for host in report:
if "ReportHost" in host.tag:
hostname = (host.find("HostName").text)
reptitem = (host.findall("ReportItem"))
for issue in reptitem:
data = issue.find("data").text
pluginname = issue.find("pluginName").text
pluginid = issue.find("pluginID").text
port = issue.find("port").text
if regexsearch(regex, data, pluginname, pluginid, port):
print hostname
break