Exemple #1
0
def main(argv):
    inputfile = ''
    outputfile = ''
    noMappings = True  # Variable for changing xsl template if no findings
    try:
        opts, args = getopt.getopt(argv, "hi:o:", ["help", "ifile=", "ofile="])
    except getopt.GetoptError:
        print 'OptErr Nessus2Web.py -i <inputfile> -o <outputfile>'
        sys.exit(2)
    for opt, arg in opts:
        if opt == '-h':
            print 'Nessus2Web.py -i <inputfile> -o <outputfile>'
            sys.exit(2)
        elif opt in ("-i", "--ifile"):
            inputfile = arg
        elif opt in ("-o", "--ofile"):
            outputfile = arg
    if (inputfile == '') or (outputfile == ''):
        print 'Please enter input and output files. Syntax: Nessus2Web.py -i <inputfile> -o <outputfile>'
        sys.exit(2)
    pt = dotnessus_v2.Report()
    pt.parse(inputfile)
    f = open(outputfile, 'w')
    for t in pt.targets:
        for v in t.vulns:
            if v.get('svc_name') == 'www' or v.get('plugin_id') == '10107':
                #print t.name +":"+ v.get('port')
                f.write(t.name + ":" + v.get('port') + '\n')
Exemple #2
0
def parseNessusReport(nessusFile):
    """
	Read Nessus file
	:param nessusFile: Nessus file
	:return: Nessus targets
	"""
    rpt = dotnessus_v2.Report()
    rpt.parse(nessusFile)
    return rpt
Exemple #3
0
    def parseOutputString(self, output, debug=False):
        """
        This method will discard the output the shell sends, it will read it from
        the xml where it expects it to be present.

        NOTE: if 'debug' is true then it is being run from a test case and the
        output being sent is valid.
        """
        p = dotnessus_v2.Report()
        try:
            p.parse(output, from_string=True)
        except Exception as e:
            print "Exception - %s" % e

        for t in p.targets:
            mac = ""
            host = ""
            ip = ""

            if t.get('mac-address'):
                mac = t.get('mac-address')
            if t.get('host-fqdn'):
                host = t.get('host-fqdn')
            if t.get('host-ip'):
                ip = t.get('host-ip')

            h_id = self.createAndAddHost(ip, t.get('operating-system'), hostnames=[host])

            if self._isIPV4(ip):
                i_id = self.createAndAddInterface(
                    h_id, ip, mac, ipv4_address=ip, hostname_resolution=host)
            else:
                i_id = self.createAndAddInterface(
                    h_id, ip, mac, ipv6_address=ip, hostname_resolution=host)

            srv = {}
            web = False
            for v in t.vulns:

                desc = ""
                desc += v.get('description').encode("ascii",
                                                    errors="backslashreplace") if v.get('description') else ""
                resolution = ""
                resolution = v.get('solution').encode(
                    "ascii", errors="backslashreplace") if v.get('solution') else ""

                data = "\nOutput: " + v.get('plugin_output').encode(
                    "ascii", errors="backslashreplace") if v.get('plugin_output') else ""

                ref = []
                if v.get('cve'):
                    ref.append(", ".join(v.get('cve')))
                if v.get('cvss_base_score'):
                    ref.append("CVSS: " + ", ".join(v.get('cvss_base_score')))
                if v.get('bid'):
                    ref.append(", ".join(v.get('bid')))
                if v.get('xref'):
                    ref.append(", ".join(v.get('xref')))
                if v.get('svc_name') == "general":
                    v_id = self.createAndAddVulnToHost(h_id, v.get('plugin_name'),
                                                       desc=desc, ref=ref, data=data, severity=v.get('severity'), resolution=resolution)
                else:

                    s_id = self.createAndAddServiceToInterface(h_id, i_id, v.get('svc_name'),
                                                               v.get(
                                                                   'protocol'),
                                                               ports=[
                                                                   str(v.get('port'))],
                                                               status="open")

                    web = True if re.search(
                        r'^(www|http)', v.get('svc_name')) else False
                    if srv.has_key(v.get('svc_name')) == False:
                        srv[v.get('svc_name')] = 1
                        if web:
                            n_id = self.createAndAddNoteToService(
                                h_id, s_id, "website", "")
                            n2_id = self.createAndAddNoteToNote(
                                h_id, s_id, n_id, host, "")

                    if web:
                        v_id = self.createAndAddVulnWebToService(h_id, s_id, v.get('plugin_name'),
                                                                 desc=desc, data=data, website=host, severity=v.get(
                                                                     'severity'),
                                                                 resolution=resolution, ref=ref)
                    else:
                        v_id = self.createAndAddVulnToService(h_id, s_id, v.get('plugin_name'),
                                                              desc=desc, data=data, severity=v.get('severity'), resolution=resolution,
                                                              ref=ref)
import dotnessus_v2
import sys, os

if (len(sys.argv) > 0):
    nessinput = sys.argv[1]
    if (os.path.isfile(nessinput)):
        pass
    else:
        print("That doesn't look like a file")
        sys.exit()
else:
    print("You need to supply a nessus file as input")

rpt = dotnessus_v2.Report()
rpt.parse(nessinput)

output = []

for t in rpt.targets:
    openports = ""
    ports = t.get_open_ports()
    try:
        tcp = ports['tcp']
        openports = ",".join(tcp)
    except:
        pass

    print('%s\t%s\t%s' % (t.get_scanned_ip(), t.get('host-fqdn'), openports))
Exemple #5
0
def reporter(full_xml_path):
    global vuln_systems
    severity_filter = results.severity

    # Start a parsing instance with the dotnessus_v2 class
    rpt = dotnessus_v2.Report()

    try:
        # Perform the parse and start looping through systems and vulnerabilities
        if debug: print "About to Parse XML %s " % (full_xml_path)
        rpt.parse(full_xml_path)
        if debug: print "Print before system parse of targets ...."

        # Iterate through each system listed in a report, first round excludes skips systems that dont match our filter
        #
        for system in rpt.targets:

            if debug: print "Now Filtering System %s " % (system.name)
            # if a particular target is being filtered for and not the right system, continue to next iteration
            if results.target and str(results.target) not in str(system):
                if debug:
                    print "%s has been skipped b/c of target filtering" % system.name
                continue

            if system.get('operating-system'):
                oper_sys = system.get('operating-system').lower()
            else:
                oper_sys = 'Unknown'

            if debug: print "Now Filtering System %s - loop1" % (system.name)

            # check system os matching set in arguments
            if this_characteristic_nothere(results.os_string_match,
                                           [results.os_string_match],
                                           system.name, oper_sys,
                                           'Custom User'):
                continue
            if this_characteristic_nothere(results.Just_Windows, ['windows'],
                                           system.name, oper_sys, 'Windows'):
                continue
            if this_characteristic_nothere(results.Just_Linux,
                                           ['linux', 'mac', 'unix'],
                                           system.name, oper_sys, 'Linux'):
                continue
            if this_characteristic_nothere(results.Just_Print,
                                           ['print', 'jetdirect'], system.name,
                                           oper_sys, 'Printer'):
                continue

            # filter out systems that have include a particular port open
            if results.syshasport:
                sys_has_port_check = 0
                for v in system.vulns:
                    plug_family = v.get('pluginFamily')
                    if v.get('severity') == '0' and str(v.get('port')) == str(
                            results.syshasport) and (plug_family == ''
                                                     or plug_family
                                                     == 'Port scanners'):
                        sys_has_port_check += 1
                        if debug:                            print "%s added because it has port %s open," \
                  "and your arguments are looking for it" % (system.name,str(results.syshasport))
                if sys_has_port_check == 0:
                    if debug:                        print "%s skipped because it does not have port %s open," \
              "and your arguments are looking for it" % (system.name,str(results.syshasport))
                    continue

            if debug: print "Now Filtering System %s - loop2" % (system.name)

            vuln_output = ''
            port_output = ''
            global crit_vulns, vuln_systems, length
            crit_vulns = 0
            port_target = 0

            if debug:
                print "%s passed first round filters, now going thru vulns " % (
                    system.name)

            # Iterate through each vulnerability listed in a system, first section deals with skipping stuff not in filter
            #
            for v in system.vulns:
                port = v.get('port')
                plugin_id = str(v.plugin_id)

                # skip plugin IDs that are listed in beginning and added in arguments
                if v.plugin_id in results.notthisid:
                    if debug:
                        print "Plugin ID# %s has been skipped..." % (plugin_id)
                    continue

                service_name = v.get('svc_name')
                proto = v.get('protocol')
                plugin_name = v.get('plugin_name')
                descript = str(v.get('description'))
                plugin_output = str(v.get('plugin_output'))
                #				plugin_orig=v.get('plugin_output')
                #				plugin_output=plugin_orig.encode('utf-8')
                solution = str(v.get('solution'))
                severity = v.get('severity')
                plug_family = v.get('pluginFamily')

                # ignore ports indicate on argument
                if str(port) == str(results.notthisport):
                    continue

                #ignore vuln that does not include a specific port
                if results.onlythisport:
                    if str(port) != str(results.onlythisport) and not \
                    (severity == '0' and ( plug_family == '' or plug_family == 'Port scanners')):
                        if debug:
                            print "Vulnerability skipped on port %s because it didn't match %s" % (
                                str(port), str(results.onlythisport))
                        continue

                appendme = vulnoutputer(port, severity, service_name, proto,
                                        plugin_name, descript, plugin_output,
                                        solution, plugin_id)

                # Get Tally for Statistics
                if results.stats or results.onlystats:
                    if v.get('severity') != '0' and v.get(
                            'severity') >= severity_filter:
                        vuln_port_freq[v.get('port')] += 1
                        vuln_freq[v.get('severity')] += 1
                    else:
                        port_freq[v.get('port')] += 1

                # Display the system ports if the user requested the -showports flag, otherwise
                # check if vulnerability matches level requested
                if severity == '0' and results.showports and (
                        plug_family == '' or plug_family == 'Port scanners'):
                    port_output += "\n" + "%s\t %s\t\t%s\t\t%s".center(
                        length) % (v.get('port'), proto, service_name,
                                   plugin_name)
                elif ((v.get('severity') >= severity_filter and results.severityeq == 'not_defined') \
or (severity == results.severityeq and results.severity != 'not_defined')):
                    os_stats[oper_sys] += 1
                    if debug:
                        print "%s system.name has a severity of %s" % (
                            system.name, severity)
                    crit_vulns += 1
                    vuln_output += appendme

                # if you want some plugin included that doesn't match anything else
                elif results.inc_plugin and v.get(
                        'plugin_id') in results.inc_plugin:
                    crit_vulns += 1
                    vuln_output += appendme

            if crit_vulns >= 1 or port_target >= 1:
                vuln_systems += 1
                #checking if the only stats flag is enabled
                if not results.onlystats:
                    # hide some of the banners to help out with parsing output
                    sys_strings = (oper_sys.rstrip()).replace('\n', ' | ')
                    if not results.hidebanner:

                        if system.get('host-ip') and str(
                                system.get('host-fqdn')) and str(
                                    system.get('operating-system')):
                            banner = '\n' + '%s (%s)'.center(
                                length, '=') % (system.get('host-ip'),
                                                str(system.get('host-fqdn')))
                            banner += '\n' + 'OS: %s'.center(
                                length, '-') % (sys_strings)
                            if len(sys_strings) > length:
                                length = len(sys_strings) + 4
                        else:
                            banner = 'System : %s'.center(length,
                                                          '=') % (system.name)
                        print(banner)
                        if results.showports:
                            print "\n" + "Port #\tProtocol\tService Name".center(
                                length + 10) + port_output
                    else:
                        print "%s - %s" % (system.get('host-ip'), sys_strings)
    #print vuln_output.rsplit('\n',1)[0]
                    print vuln_output

    except AttributeError as error:
        print "************** Ran into an attribute error ***********\n %s" % (
            error)
        ohno = 1