def main(argv):
inputfile = ''
outputfile = ''
noMappings = True # Variable for changing xsl template if no findings
try:
opts, args = getopt.getopt(argv, "hi:o:", ["help", "ifile=", "ofile="])
except getopt.GetoptError:
print 'OptErr Nessus2Web.py -i <inputfile> -o <outputfile>'
sys.exit(2)
for opt, arg in opts:
if opt == '-h':
print 'Nessus2Web.py -i <inputfile> -o <outputfile>'
sys.exit(2)
elif opt in ("-i", "--ifile"):
inputfile = arg
elif opt in ("-o", "--ofile"):
outputfile = arg
if (inputfile == '') or (outputfile == ''):
print 'Please enter input and output files. Syntax: Nessus2Web.py -i <inputfile> -o <outputfile>'
sys.exit(2)
pt = dotnessus_v2.Report()
pt.parse(inputfile)
f = open(outputfile, 'w')
for t in pt.targets:
for v in t.vulns:
if v.get('svc_name') == 'www' or v.get('plugin_id') == '10107':
#print t.name +":"+ v.get('port')
f.write(t.name + ":" + v.get('port') + '\n')
def parseNessusReport(nessusFile):
"""
Read Nessus file
:param nessusFile: Nessus file
:return: Nessus targets
"""
rpt = dotnessus_v2.Report()
rpt.parse(nessusFile)
return rpt
def parseOutputString(self, output, debug=False):
"""
This method will discard the output the shell sends, it will read it from
the xml where it expects it to be present.
NOTE: if 'debug' is true then it is being run from a test case and the
output being sent is valid.
"""
p = dotnessus_v2.Report()
try:
p.parse(output, from_string=True)
except Exception as e:
print "Exception - %s" % e
for t in p.targets:
mac = ""
host = ""
ip = ""
if t.get('mac-address'):
mac = t.get('mac-address')
if t.get('host-fqdn'):
host = t.get('host-fqdn')
if t.get('host-ip'):
ip = t.get('host-ip')
h_id = self.createAndAddHost(ip, t.get('operating-system'), hostnames=[host])
if self._isIPV4(ip):
i_id = self.createAndAddInterface(
h_id, ip, mac, ipv4_address=ip, hostname_resolution=host)
else:
i_id = self.createAndAddInterface(
h_id, ip, mac, ipv6_address=ip, hostname_resolution=host)
srv = {}
web = False
for v in t.vulns:
desc = ""
desc += v.get('description').encode("ascii",
errors="backslashreplace") if v.get('description') else ""
resolution = ""
resolution = v.get('solution').encode(
"ascii", errors="backslashreplace") if v.get('solution') else ""
data = "\nOutput: " + v.get('plugin_output').encode(
"ascii", errors="backslashreplace") if v.get('plugin_output') else ""
ref = []
if v.get('cve'):
ref.append(", ".join(v.get('cve')))
if v.get('cvss_base_score'):
ref.append("CVSS: " + ", ".join(v.get('cvss_base_score')))
if v.get('bid'):
ref.append(", ".join(v.get('bid')))
if v.get('xref'):
ref.append(", ".join(v.get('xref')))
if v.get('svc_name') == "general":
v_id = self.createAndAddVulnToHost(h_id, v.get('plugin_name'),
desc=desc, ref=ref, data=data, severity=v.get('severity'), resolution=resolution)
else:
s_id = self.createAndAddServiceToInterface(h_id, i_id, v.get('svc_name'),
v.get(
'protocol'),
ports=[
str(v.get('port'))],
status="open")
web = True if re.search(
r'^(www|http)', v.get('svc_name')) else False
if srv.has_key(v.get('svc_name')) == False:
srv[v.get('svc_name')] = 1
if web:
n_id = self.createAndAddNoteToService(
h_id, s_id, "website", "")
n2_id = self.createAndAddNoteToNote(
h_id, s_id, n_id, host, "")
if web:
v_id = self.createAndAddVulnWebToService(h_id, s_id, v.get('plugin_name'),
desc=desc, data=data, website=host, severity=v.get(
'severity'),
resolution=resolution, ref=ref)
else:
v_id = self.createAndAddVulnToService(h_id, s_id, v.get('plugin_name'),
desc=desc, data=data, severity=v.get('severity'), resolution=resolution,
ref=ref)
import dotnessus_v2
import sys, os
if (len(sys.argv) > 0):
nessinput = sys.argv[1]
if (os.path.isfile(nessinput)):
pass
else:
print("That doesn't look like a file")
sys.exit()
else:
print("You need to supply a nessus file as input")
rpt = dotnessus_v2.Report()
rpt.parse(nessinput)
output = []
for t in rpt.targets:
openports = ""
ports = t.get_open_ports()
try:
tcp = ports['tcp']
openports = ",".join(tcp)
except:
pass
print('%s\t%s\t%s' % (t.get_scanned_ip(), t.get('host-fqdn'), openports))
def reporter(full_xml_path):
global vuln_systems
severity_filter = results.severity
# Start a parsing instance with the dotnessus_v2 class
rpt = dotnessus_v2.Report()
try:
# Perform the parse and start looping through systems and vulnerabilities
if debug: print "About to Parse XML %s " % (full_xml_path)
rpt.parse(full_xml_path)
if debug: print "Print before system parse of targets ...."
# Iterate through each system listed in a report, first round excludes skips systems that dont match our filter
#
for system in rpt.targets:
if debug: print "Now Filtering System %s " % (system.name)
# if a particular target is being filtered for and not the right system, continue to next iteration
if results.target and str(results.target) not in str(system):
if debug:
print "%s has been skipped b/c of target filtering" % system.name
continue
if system.get('operating-system'):
oper_sys = system.get('operating-system').lower()
else:
oper_sys = 'Unknown'
if debug: print "Now Filtering System %s - loop1" % (system.name)
# check system os matching set in arguments
if this_characteristic_nothere(results.os_string_match,
[results.os_string_match],
system.name, oper_sys,
'Custom User'):
continue
if this_characteristic_nothere(results.Just_Windows, ['windows'],
system.name, oper_sys, 'Windows'):
continue
if this_characteristic_nothere(results.Just_Linux,
['linux', 'mac', 'unix'],
system.name, oper_sys, 'Linux'):
continue
if this_characteristic_nothere(results.Just_Print,
['print', 'jetdirect'], system.name,
oper_sys, 'Printer'):
continue
# filter out systems that have include a particular port open
if results.syshasport:
sys_has_port_check = 0
for v in system.vulns:
plug_family = v.get('pluginFamily')
if v.get('severity') == '0' and str(v.get('port')) == str(
results.syshasport) and (plug_family == ''
or plug_family
== 'Port scanners'):
sys_has_port_check += 1
if debug: print "%s added because it has port %s open," \
"and your arguments are looking for it" % (system.name,str(results.syshasport))
if sys_has_port_check == 0:
if debug: print "%s skipped because it does not have port %s open," \
"and your arguments are looking for it" % (system.name,str(results.syshasport))
continue
if debug: print "Now Filtering System %s - loop2" % (system.name)
vuln_output = ''
port_output = ''
global crit_vulns, vuln_systems, length
crit_vulns = 0
port_target = 0
if debug:
print "%s passed first round filters, now going thru vulns " % (
system.name)
# Iterate through each vulnerability listed in a system, first section deals with skipping stuff not in filter
#
for v in system.vulns:
port = v.get('port')
plugin_id = str(v.plugin_id)
# skip plugin IDs that are listed in beginning and added in arguments
if v.plugin_id in results.notthisid:
if debug:
print "Plugin ID# %s has been skipped..." % (plugin_id)
continue
service_name = v.get('svc_name')
proto = v.get('protocol')
plugin_name = v.get('plugin_name')
descript = str(v.get('description'))
plugin_output = str(v.get('plugin_output'))
# plugin_orig=v.get('plugin_output')
# plugin_output=plugin_orig.encode('utf-8')
solution = str(v.get('solution'))
severity = v.get('severity')
plug_family = v.get('pluginFamily')
# ignore ports indicate on argument
if str(port) == str(results.notthisport):
continue
#ignore vuln that does not include a specific port
if results.onlythisport:
if str(port) != str(results.onlythisport) and not \
(severity == '0' and ( plug_family == '' or plug_family == 'Port scanners')):
if debug:
print "Vulnerability skipped on port %s because it didn't match %s" % (
str(port), str(results.onlythisport))
continue
appendme = vulnoutputer(port, severity, service_name, proto,
plugin_name, descript, plugin_output,
solution, plugin_id)
# Get Tally for Statistics
if results.stats or results.onlystats:
if v.get('severity') != '0' and v.get(
'severity') >= severity_filter:
vuln_port_freq[v.get('port')] += 1
vuln_freq[v.get('severity')] += 1
else:
port_freq[v.get('port')] += 1
# Display the system ports if the user requested the -showports flag, otherwise
# check if vulnerability matches level requested
if severity == '0' and results.showports and (
plug_family == '' or plug_family == 'Port scanners'):
port_output += "\n" + "%s\t %s\t\t%s\t\t%s".center(
length) % (v.get('port'), proto, service_name,
plugin_name)
elif ((v.get('severity') >= severity_filter and results.severityeq == 'not_defined') \
or (severity == results.severityeq and results.severity != 'not_defined')):
os_stats[oper_sys] += 1
if debug:
print "%s system.name has a severity of %s" % (
system.name, severity)
crit_vulns += 1
vuln_output += appendme
# if you want some plugin included that doesn't match anything else
elif results.inc_plugin and v.get(
'plugin_id') in results.inc_plugin:
crit_vulns += 1
vuln_output += appendme
if crit_vulns >= 1 or port_target >= 1:
vuln_systems += 1
#checking if the only stats flag is enabled
if not results.onlystats:
# hide some of the banners to help out with parsing output
sys_strings = (oper_sys.rstrip()).replace('\n', ' | ')
if not results.hidebanner:
if system.get('host-ip') and str(
system.get('host-fqdn')) and str(
system.get('operating-system')):
banner = '\n' + '%s (%s)'.center(
length, '=') % (system.get('host-ip'),
str(system.get('host-fqdn')))
banner += '\n' + 'OS: %s'.center(
length, '-') % (sys_strings)
if len(sys_strings) > length:
length = len(sys_strings) + 4
else:
banner = 'System : %s'.center(length,
'=') % (system.name)
print(banner)
if results.showports:
print "\n" + "Port #\tProtocol\tService Name".center(
length + 10) + port_output
else:
print "%s - %s" % (system.get('host-ip'), sys_strings)
#print vuln_output.rsplit('\n',1)[0]
print vuln_output
except AttributeError as error:
print "************** Ran into an attribute error ***********\n %s" % (
error)
ohno = 1