Nessus Parser

Found this very useful script for taking a NessusV2 file and turning into omething our system users might have a prayer of reading. However, I wanted to be able to filter results based on hostname regex, so this diff adds that.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
--- parse_nessus_xml.v18.pl 2013-04-25 06:48:48.000000000 -0400
+++ parse_nessus_xml.v18.pl.new  2013-06-07 17:01:21.996481503 -0400
@@ -101,6 +101,8 @@
             as the XML.  Please note if the path to file has a "SPACE" use
             double quotes around the file path and/or name.

+    -x      Only include hosts matching the provided regex
+
     -r      The Recast option is a feature request from user KurtW.  Kurt wanted
             to be able to change the reported value of Nessus Plugin ID.  While
             this is not recommended in many cases, in some instanses the change
@@ -165,7 +167,7 @@

 my $version = $ARGV[0];
 my %opt;
-getopt('dfro', \%opt);
+getopt('dfrox=s', \%opt);

 if($version =~ /-(v|V|h|H)/)
 {
@@ -277,6 +279,10 @@
     my @Host_uniq_cnt;
     foreach my $item (@host_data)
     {
+        if (defined $opt{'x'})
+        {
+            next unless $item->{name} =~ /$opt{'x'}/;
+        }
         if ($search_item =~ /sev/){$host_seen_cnt{$item->{vuln_cnt}->{$search_item}}++}
         else{$host_seen_cnt{$item->{$search_item}}++}
     }
@@ -741,6 +747,10 @@
         my %hash;
         $hash{file} = $file;
         $hash{name} = $hostproperties->{-name};
+        if (defined $opt{'x'})
+        {
+            next unless $hash{name} =~ /$opt{'x'}/;
+        }
         my @host;
         if (ref($hostproperties->{HostProperties}->{tag}) eq "HASH"){push @host, $hostproperties->{HostProperties}->{tag};}
         elsif (ref($hostproperties->{HostProperties}->{tag}) eq "ARRAY"){@host = @{$hostproperties->{HostProperties}->{tag}};}
@@ -1071,6 +1081,10 @@
 foreach my $host (@host_data)
 {
     my @report_data;
+    if (defined $opt{'x'})
+    {
+        next unless $host->{name} =~ /$opt{'x'}/;
+    }
     if (ref $host->{host_report} eq "HASH"){push @report_data, $host->{host_report};}
     else{@report_data = @{$host->{host_report}};}
     my $name = $host->{name};
@@ -1767,6 +1781,10 @@

 foreach my $host (@host_data)
 {
+    if (defined $opt{'x'})
+    {
+        next unless $host->{"name"} =~ /$opt{'x'}/;
+    }
     $HostConfigData_worksheet->write($HostConfigData_ctr, 0, $host->{"file"},$cell_format);
     $HostConfigData_worksheet->write($HostConfigData_ctr, 1, $host->{"host-ip"},$cell_format);
     $HostConfigData_worksheet->write($HostConfigData_ctr, 2, $host->{"host-fqdn"},$cell_format);
@@ -2772,13 +2790,15 @@

 ++$Home_cnt;++$Home_cnt;
 $Home_worksheet->merge_range( $Home_cnt, 0, $Home_cnt, 1, "Overall Summary Data", $center_border6_format );
-++$Home_cnt;
-$Home_worksheet->write($Home_cnt, 0, "Number of IP's Scanned");
-$Home_worksheet->write($Home_cnt, 1, $target_cnt);
-++$Home_cnt;
-$Home_worksheet->write($Home_cnt, 0, "Number of Discovered Systems");
-$Home_worksheet->write($Home_cnt, 1, $total_discovered);
-++$Home_cnt;
+if (!defined $opt{'x'}) {
+    ++$Home_cnt;
+    $Home_worksheet->write($Home_cnt, 0, "Number of IP's Scanned");
+    $Home_worksheet->write($Home_cnt, 1, $target_cnt);
+    ++$Home_cnt;
+    $Home_worksheet->write($Home_cnt, 0, "Number of Discovered Systems");
+    $Home_worksheet->write($Home_cnt, 1, $total_discovered);
+    ++$Home_cnt;
+}
 ++$Home_cnt;
 $Home_worksheet->write($Home_cnt, 0, "Total Unique Critical Severity Vulnerability");
 $Home_worksheet->write($Home_cnt, 1, $total_critical);

Comments