It's Part 1 because I'm using someone else's script instead of writing my own, or modifying the original. But this one has served well for now.
What do you do when you have the results of several Nessus scans, and you have to use them in a report? You could use the Executive Summary, results outputted by plugin (never host), and click back and forth in multiple HTML documents, in IE for instance. Or you could use this perl script, together with the merger.py code located here, to merge the files into one and output a nice Excel spreadsheet with all the data.
Downside is, it's written in Perl, and I use a clean Kali install on a dedicated pentesting laptop for each job. This necessitates reinstalling all the perl modules, etc, each time. So I finally got tired of it and followed the example of a colleague who packaged them all into a Windows executable.
I did everything in Windows. First, I installed Strawberry perl, then installed cpanm and updated old versions of existing packages and other stuff. It took a while, but gave the nice feeling after a long "apt-get dist-upgrade" has completed. I used Perl Packager, and issued the following command to output an executable (saves you the trouble):
pp -M JSON -M PAR::Dist -M URI::Escape -M LWP::UserAgent -M HTTP::Cookies -M Data::Dump -M Data::Dumper -M XML::Hash::XS -M XML::TreePP -M MIME::Base64 -M Math::Round -M Excel::Writer::XLSX -M Excel::Writer::XLSX::Chart -M Excel::Writer::XLSX::Chart::Pie -M Data::Table -M Getopt::Std parse_nessus_xml.v22.pl
...and voila, an executable emerges that can be used from the command line.
Here's a copy. Update: Note that this copy changes as I start to amend the the original. In the latest version, the IPs output in the IP column of the "Vulnerability to IP Summary" worksheet are newline-delimited, rather than colon-delimited. Saves a find/replace step in SublimeText.
P.S. Adding file version information and more is listed here.
What do you do when you have the results of several Nessus scans, and you have to use them in a report? You could use the Executive Summary, results outputted by plugin (never host), and click back and forth in multiple HTML documents, in IE for instance. Or you could use this perl script, together with the merger.py code located here, to merge the files into one and output a nice Excel spreadsheet with all the data.
Downside is, it's written in Perl, and I use a clean Kali install on a dedicated pentesting laptop for each job. This necessitates reinstalling all the perl modules, etc, each time. So I finally got tired of it and followed the example of a colleague who packaged them all into a Windows executable.
I did everything in Windows. First, I installed Strawberry perl, then installed cpanm and updated old versions of existing packages and other stuff. It took a while, but gave the nice feeling after a long "apt-get dist-upgrade" has completed. I used Perl Packager, and issued the following command to output an executable (saves you the trouble):
pp -M JSON -M PAR::Dist -M URI::Escape -M LWP::UserAgent -M HTTP::Cookies -M Data::Dump -M Data::Dumper -M XML::Hash::XS -M XML::TreePP -M MIME::Base64 -M Math::Round -M Excel::Writer::XLSX -M Excel::Writer::XLSX::Chart -M Excel::Writer::XLSX::Chart::Pie -M Data::Table -M Getopt::Std parse_nessus_xml.v22.pl
...and voila, an executable emerges that can be used from the command line.
Here's a copy. Update: Note that this copy changes as I start to amend the the original. In the latest version, the IPs output in the IP column of the "Vulnerability to IP Summary" worksheet are newline-delimited, rather than colon-delimited. Saves a find/replace step in SublimeText.
P.S. Adding file version information and more is listed here.
No comments:
Post a Comment