def createCSV():
outFile = open('nessus.csv', 'wb')
csvWriter = utfdictcsv.DictUnicodeWriter(outFile,
csvHeaders,
quoting=QUOTE_ALL)
csvWriter.writeheader()
return csvWriter
def report_writer(report_dic, output_filename):
with open(output_filename, "wb") as outFile:
csvWriter = utfdictcsv.DictUnicodeWriter(outFile,
REPORT_HEADERS,
quoting=csv.QUOTE_ALL)
csvWriter.writerow(CUSTOM_HEADERS)
csvWriter.writerows(report_dic)
print "Successfully parsed."
outputDict[outputKey] = inputDict[inputKey]
################################################################
if __name__ == "__main__":
if len(sys.argv) > 1:
header = [
'CVSS Score', 'IP', 'FQDN', 'OS', 'Port', 'Vulnerability',
'Description', 'Proof', 'Solution', 'See Also', 'CVE'
]
with open("nessus.csv", "wb") as outFile:
csvWriter = utfdictcsv.DictUnicodeWriter(outFile,
header,
quoting=csv.QUOTE_ALL)
csvWriter.writeheader()
nessusParser = NessusParser()
for fileName in sys.argv[1:]:
try:
nessusParser.loadXML(fileName)
hostReports = []
hosts = nessusParser.getHosts()
for host in hosts:
# Get properties for this host
hostProperties = nessusParser.getHostProperties(host)
def nipper_parser(nipper_xml_file, output_filename):
with open(output_filename, "wb") as outFile:
csvWriter = utfdictcsv.DictUnicodeWriter(outFile,
REPORT_HEADERS_SECURITY_AUDIT,
quoting=csv.QUOTE_ALL,
extrasaction='ignore')
csvWriter.writerow(CUSTOM_HEADERS_SECURITY_AUDIT)
# ret_rows = []
master_endpoint_table = {}
parser = etree.XMLParser(remove_blank_text=True,
no_network=True,
recover=True)
root = etree.parse(nipper_xml_file, parser)
# NAME, OS, ip pulled from Security audit and configuration section
server_info_list = root.xpath(
"//document/report/part[@ref='SECURITYAUDIT']/section[@ref='SECURITY.INTRODUCTION']"
"/table/tablebody/tablerow")
for server_info in server_info_list:
_device_name = server_info[1].findtext('item')
_device_os = server_info[2].findtext('item')
_device_description = trim_for_excel(
server_info[0].findtext('item'))
# IPs
ip_info = root.xpath(
"//document/report/part[@ref='CONFIGURATION']/section[@ref='CONFIGURATION.']"
)
_ip_list = []
for ip_config in ip_info:
# per device collect all available IP's
if _device_name.lower() in ip_config.attrib['title'].lower():
_temp = ip_config.xpath(
"section[@ref='CONFIGURATION.ADDRESSES']/section/table[starts-with(@ref, 'ADDRESSES.IPV4.INTERFACES')]/tablebody/tablerow"
)
for _row in _temp:
cells = _row.xpath('tablecell')
# 3rd cell is ip address/subnet
iface_network = cells[2].findtext('item')
if len(iface_network) > 0:
_ip_list.append(iface_network)
_device_ips = ",\n".join(_ip_list)
master_endpoint_table[_device_name] = {
'os': _device_os,
'device_description': _device_description,
'fqdn': _device_name,
'ip_address': _device_ips
}
# Vulnerability Audit
vuln_scan_info = root.xpath(
"//document/report/part[@ref='VULNAUDIT']/section")
for vuln_item in vuln_scan_info:
if "VULNAUDIT.CVE" in vuln_item.attrib['ref']:
# get devices that have vuln per vuln
for server_name in master_endpoint_table:
#
_affected_devices = vuln_item.findtext(
"section[@title='Affected Device']/text")
if _affected_devices is None:
# check vuln audit section via alternative method of storing device name in a sub table.
_affected_devices_list = vuln_item.find(
"section[@title='Affected Devices']/list")
_affected_devices = "".join(
[device.text for device in _affected_devices_list])
if server_name.lower() in _affected_devices.lower():
_temp = master_endpoint_table[server_name].copy()
# VULN CVE
_cve = vuln_item.attrib['title']
_temp['cve'] = _cve
_temp['audit_name'] = _cve
# CVSS
_cvss = vuln_item.findtext(
"infobox/infodata[@label='CVSSv2 Score']")
_temp['cvss'] = _cvss
_vuln_solution_links = []
for section in vuln_item:
if section.attrib['title'] == "Summary":
# VULN Summary
_temp['audit_description'] = trim_for_excel(
section.findtext('text'))
elif section.attrib['title'] in [
'Vendor Security Advisory', 'Reference',
'References'
]:
listitem = section.findtext('list/listitem')
_vul_link_key = listitem
listitem = section.findtext(
'list/listitem/weblink')
_vul_links = listitem
_vuln_solution_links.append("{}: {}".format(
_vul_link_key, _vul_links))
# SOLUTION LINKS
_temp['solution'] = trim_for_excel(
"\n".join(_vuln_solution_links))
csvWriter.writerow(_temp)
# Security Audit
security_audit = root.xpath(
"//document/report/part[@ref='SECURITYAUDIT']/section")
for audit_item in security_audit:
if audit_item.attrib['ref'] not in [
"SECURITY.INTRODUCTION", "SECURITY.CONCLUSIONS",
"SECURITY.RECOMMENDATIONS", "SECURITY.MITIGATIONS"
]:
for audit_server_list in audit_item.xpath(
'issuedetails/devices/device'):
server_name = audit_server_list.attrib['name']
_temp = master_endpoint_table[server_name].copy()
_temp['audit_name'] = audit_item.attrib['title']
for section in audit_item.xpath('section[@ref="FINDING"]'):
# VULN DESCRIPTION
_temp['audit_description'] = trim_for_excel(
fix_text(htmltext(etree.tostring(section))))
for section in audit_item.xpath(
'section[@ref="RECOMMENDATION"]'):
# VULN Recommendation
_temp['solution'] = trim_for_excel(
fix_text(htmltext(etree.tostring(section))))
# CVE
_temp['cve'] = "\n".join([
_cve_items.text for _cve_items in audit_item.xpath(
'section[@ref="IMPACT"]/table/tablebody/tablerow/tablecell/item'
) if _cve_items.text is not None
if "cve" in _cve_items.text.lower()
])
csvWriter.writerow(_temp)
