I have been making a few programs in c# for parsing nessus and while these have been really good I wanted to expand my knowledge and create a python parser so that I can edit and change it on the fly while pentesting to get any specific information that I need or require. For example, I have used nmap to find all the web services but this never picks all of them up whereas nessus does and places a ‘svc_name=www’ under each port when this is the case, irrespective of whether it is ssl based or not.<\/p>\n
Then I have a list of hosts and ports that I can have some confidence in and start to further explore each web port with ‘nikto’ and possible screenshot with ‘wkhtmltoimage’.<\/p>\n
To cut a long story short I started writing my own class for this then stumbled across this code https:\/\/code.google.com\/p\/pynessus\/. These classes allow you to call all its functions to parse or deal directly with the nessus scanning engine and run scans etc. I have only used this in the smallest way upto now but thought its an interesting blog and others could benefit from this too.<\/p>\n
Here is an example script that pulls out all the web services from a nessus scan and places them in a list with their retrospective port after a colon, 10.0.0.1:443.<\/p>\n
<\/p>\n
import dotnessus_v2<\/em><\/p>\n preport = “\/tmp\/localhost.nessus”<\/em> for t in rpt.targets:<\/em> <\/p>\n Here is another example script that uses the other class to initiate a connection to the nessus server and launches a scan. Once the scan has launched you can also use the script to download reports as shown below. I take no credit in creating these scripts as they have been created by the author, I mererly have used the functions to pull out what data I want from the nessus and want to share this as I think its very useful.<\/p>\n <\/p>\n import pynessus<\/em><\/p>\n server = “localhost”<\/em> n = pynessus.NessusServer(server, port, user, password)<\/em><\/p>\n n.launch_scan(scan_name, policy_id, target_list_iter)<\/em><\/p>\n n.download_report(report_uuid)<\/em><\/p>\n Anyway, thought its worth a simple blog, heres the link to the class files. I also run these through a series of other little scripts to run nikto on all hosts aswell as running a screenshot grab for all web based services so that I can see them quickly. Here is a little bash script I wrote that takes the output from the above and gets a screen capture of all web services. First of all I run the web-parse.py to get my host list like so.<\/p>\n python web-parse.py | sort | uniq | tee web-hosts.txt<\/strong><\/p>\n Then run my bash script below and for loop to run nikto.<\/p>\n for host in `cat web-hosts.txt`; do nikto -h $host > $host.txt ; done<\/strong><\/p>\n grab.sh web-hosts.txt<\/strong><\/p>\n <\/p>\n #!\/bin\/sh<\/em><\/p>\n filename=”$1″<\/em> \u00a0\u00a0 \u00a0TIMEOUT=3<\/em><\/p>\n \u00a0\u00a0 \u00a0( wkhtmltoimage http:\/\/$name $name.jpg ) & pid=$!<\/em> \u00a0\u00a0 \u00a0( wkhtmltoimage https:\/\/$name $name-ssl.jpg ) & pid=$!<\/em> done < “$filename”<\/em><\/p>\n Enjoy \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":" I have been making a few programs in c# for parsing nessus and while these have been really good I wanted to expand my knowledge and create a python parser so that I can edit and change it on the fly while pentesting to get any specific information that I need or require. For example,… Continue reading Nessus Parser in Python<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/422"}],"collection":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=422"}],"version-history":[{"count":1,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/422\/revisions"}],"predecessor-version":[{"id":423,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=\/wp\/v2\/posts\/422\/revisions\/423"}],"wp:attachment":[{"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hackwhackandsmack.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nrpt = dotnessus_v2.Report()<\/em>
\nrpt.parse(preport)<\/em><\/p>\n
\n\u00a0\u00a0\u00a0 for v in t.vulns:<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 if v.get(‘svc_name’) == ‘www’:<\/em>
\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 print t.name +”:”+ v.get(‘port’)<\/em><\/p>\n
\n
\n
\nport = “8834”<\/em>
\nuser = “nessus-user”<\/em>
\npassword = “nessus-password”<\/em><\/p>\n
\n
\n
\nwhile read -r line<\/em>
\ndo<\/em>
\n\u00a0\u00a0 \u00a0name=$line<\/em>
\n\u00a0\u00a0 \u00a0echo “Name read from file – $name”<\/em><\/p>\n
\n\u00a0\u00a0 \u00a0( sleep $TIMEOUT && kill -HUP $pid ) 2>\/dev\/null & watcher=$!<\/em>
\n\u00a0\u00a0 \u00a0wait $pid 2>\/dev\/null && pkill -HUP -P $watcher<\/em><\/p>\n
\n\u00a0\u00a0 \u00a0( sleep $TIMEOUT && kill -HUP $pid ) 2>\/dev\/null & watcher=$!<\/em>
\n\u00a0\u00a0 \u00a0wait $pid 2>\/dev\/null && pkill -HUP -P $watcher<\/em><\/p>\n
\n