def createCSV(): outFile = open('nessus.csv', 'wb') csvWriter = utfdictcsv.DictUnicodeWriter(outFile, csvHeaders, quoting=QUOTE_ALL) csvWriter.writeheader() return csvWriter
def report_writer(report_dic, output_filename): with open(output_filename, "wb") as outFile: csvWriter = utfdictcsv.DictUnicodeWriter(outFile, REPORT_HEADERS, quoting=csv.QUOTE_ALL) csvWriter.writerow(CUSTOM_HEADERS) csvWriter.writerows(report_dic) print "Successfully parsed."
outputDict[outputKey] = inputDict[inputKey] ################################################################ if __name__ == "__main__": if len(sys.argv) > 1: header = [ 'CVSS Score', 'IP', 'FQDN', 'OS', 'Port', 'Vulnerability', 'Description', 'Proof', 'Solution', 'See Also', 'CVE' ] with open("nessus.csv", "wb") as outFile: csvWriter = utfdictcsv.DictUnicodeWriter(outFile, header, quoting=csv.QUOTE_ALL) csvWriter.writeheader() nessusParser = NessusParser() for fileName in sys.argv[1:]: try: nessusParser.loadXML(fileName) hostReports = [] hosts = nessusParser.getHosts() for host in hosts: # Get properties for this host hostProperties = nessusParser.getHostProperties(host)
def nipper_parser(nipper_xml_file, output_filename): with open(output_filename, "wb") as outFile: csvWriter = utfdictcsv.DictUnicodeWriter(outFile, REPORT_HEADERS_SECURITY_AUDIT, quoting=csv.QUOTE_ALL, extrasaction='ignore') csvWriter.writerow(CUSTOM_HEADERS_SECURITY_AUDIT) # ret_rows = [] master_endpoint_table = {} parser = etree.XMLParser(remove_blank_text=True, no_network=True, recover=True) root = etree.parse(nipper_xml_file, parser) # NAME, OS, ip pulled from Security audit and configuration section server_info_list = root.xpath( "//document/report/part[@ref='SECURITYAUDIT']/section[@ref='SECURITY.INTRODUCTION']" "/table/tablebody/tablerow") for server_info in server_info_list: _device_name = server_info[1].findtext('item') _device_os = server_info[2].findtext('item') _device_description = trim_for_excel( server_info[0].findtext('item')) # IPs ip_info = root.xpath( "//document/report/part[@ref='CONFIGURATION']/section[@ref='CONFIGURATION.']" ) _ip_list = [] for ip_config in ip_info: # per device collect all available IP's if _device_name.lower() in ip_config.attrib['title'].lower(): _temp = ip_config.xpath( "section[@ref='CONFIGURATION.ADDRESSES']/section/table[starts-with(@ref, 'ADDRESSES.IPV4.INTERFACES')]/tablebody/tablerow" ) for _row in _temp: cells = _row.xpath('tablecell') # 3rd cell is ip address/subnet iface_network = cells[2].findtext('item') if len(iface_network) > 0: _ip_list.append(iface_network) _device_ips = ",\n".join(_ip_list) master_endpoint_table[_device_name] = { 'os': _device_os, 'device_description': _device_description, 'fqdn': _device_name, 'ip_address': _device_ips } # Vulnerability Audit vuln_scan_info = root.xpath( "//document/report/part[@ref='VULNAUDIT']/section") for vuln_item in vuln_scan_info: if "VULNAUDIT.CVE" in vuln_item.attrib['ref']: # get devices that have vuln per vuln for server_name in master_endpoint_table: # _affected_devices = vuln_item.findtext( "section[@title='Affected Device']/text") if _affected_devices is None: # check vuln audit section via alternative method of storing device name in a sub table. _affected_devices_list = vuln_item.find( "section[@title='Affected Devices']/list") _affected_devices = "".join( [device.text for device in _affected_devices_list]) if server_name.lower() in _affected_devices.lower(): _temp = master_endpoint_table[server_name].copy() # VULN CVE _cve = vuln_item.attrib['title'] _temp['cve'] = _cve _temp['audit_name'] = _cve # CVSS _cvss = vuln_item.findtext( "infobox/infodata[@label='CVSSv2 Score']") _temp['cvss'] = _cvss _vuln_solution_links = [] for section in vuln_item: if section.attrib['title'] == "Summary": # VULN Summary _temp['audit_description'] = trim_for_excel( section.findtext('text')) elif section.attrib['title'] in [ 'Vendor Security Advisory', 'Reference', 'References' ]: listitem = section.findtext('list/listitem') _vul_link_key = listitem listitem = section.findtext( 'list/listitem/weblink') _vul_links = listitem _vuln_solution_links.append("{}: {}".format( _vul_link_key, _vul_links)) # SOLUTION LINKS _temp['solution'] = trim_for_excel( "\n".join(_vuln_solution_links)) csvWriter.writerow(_temp) # Security Audit security_audit = root.xpath( "//document/report/part[@ref='SECURITYAUDIT']/section") for audit_item in security_audit: if audit_item.attrib['ref'] not in [ "SECURITY.INTRODUCTION", "SECURITY.CONCLUSIONS", "SECURITY.RECOMMENDATIONS", "SECURITY.MITIGATIONS" ]: for audit_server_list in audit_item.xpath( 'issuedetails/devices/device'): server_name = audit_server_list.attrib['name'] _temp = master_endpoint_table[server_name].copy() _temp['audit_name'] = audit_item.attrib['title'] for section in audit_item.xpath('section[@ref="FINDING"]'): # VULN DESCRIPTION _temp['audit_description'] = trim_for_excel( fix_text(htmltext(etree.tostring(section)))) for section in audit_item.xpath( 'section[@ref="RECOMMENDATION"]'): # VULN Recommendation _temp['solution'] = trim_for_excel( fix_text(htmltext(etree.tostring(section)))) # CVE _temp['cve'] = "\n".join([ _cve_items.text for _cve_items in audit_item.xpath( 'section[@ref="IMPACT"]/table/tablebody/tablerow/tablecell/item' ) if _cve_items.text is not None if "cve" in _cve_items.text.lower() ]) csvWriter.writerow(_temp)