-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hello all,
In case anyone's interested, below is a short script I wrote to generate and send out the assessment I inquired about in my email yesterday. It isn't exactly pretty but so far it seems to work reliably.
It could also be modified quite easily for insertion into a database, or for use in another report.
Thank you,
Darren Bounds, CISSP
443D 628D 0AC7 CACF 6085 C0E0 B2FC 534B 3D9E 69AF
- -- Intrusense - Securing Business As Usual
#!/usr/bin/perl
#
# Short script to parse Nessus NSR files and send a simplified report via email.
# Darren Bounds <dbounds AT intrusense DOT com>
$sendmail = "/usr/sbin/sendmail"; $fromaddr = "Network Security <[EMAIL PROTECTED]>"; $toaddr = "[EMAIL PROTECTED]";
if(!$ARGV[0])
{
print "Usage: $0 <NSR_Data>\n";
exit;
}open NSR, "<$ARGV[0]" or die "Error opening NSR file: $!\n";
while($line = <NSR>)
{
my ($ip_address, $service, $plugin, $type, $info) = split /\|/, $line;
if($plugin eq "" || $plugin !~ /[0-9]/)
{
next;
} if(!$vuln_hosts{$plugin})
{
if(($info =~ /Risk factor : High/ ||
$info =~ /Risk factor : Critical/) &&
$type eq "REPORT")
{
undef $solution;
undef $risk;
undef $cve;
undef $bid;
undef $other;
undef $description;my @info_array = split /\;/, $info;
$info_done = 0;
foreach $item (@info_array)
{
if($item =~ /^Solution/)
{
$item =~ s/Solution://g;
$solution = $item;
$info_done = 1;
}
elsif($item =~ /^Risk factor/)
{
$item =~ s/Risk factor ://g;
$risk = $item;
$info_done = 1;
}
elsif($item =~ /^CVE/)
{
$cve = $item;
$info_done = 1;
}
elsif($item =~ /^BID/)
{
$bid = $item;
$info_done = 1;
}
elsif($item =~ /^Other references/)
{
$other = $item;
$info_done = 1;
}
elsif($info_done == 0)
{
$description = $description . " " . $item;
}
}$description =~ s/ / /g;
$vuln_hosts{$plugin} =
[
$description,
$service,
$risk,
$solution,
$ip_address
];
}
}
elsif($plugin ne "" &&
$plugin =~ /[0-9]/)
{
$vuln_hosts{$plugin}[4] = $vuln_hosts{$plugin}[4] . ":" . $ip_address;
}
}
close NSR;
foreach $key (sort(keys %vuln_hosts))
{
$mailbody .= "<tr><td align=justify>";
$mailbody .= "<b>Vulnerability Description:</b><br>$vuln_hosts{$key}[0]<br><br>\n\n";
$mailbody .= "<b>Threat level:</b> <font color=red>$vuln_hosts{$key}[2]</font><br><br>\n\n";
if($vuln_hosts{$key}[3] =~ /[A-Za-z0-9]/)
{
$mailbody .= "<b>Solution:</b> $vuln_hosts{$key}[3]<br><br>\n\n";
}
else
{
$mailbody .= "<b>Solution:</b> See the above description.<br><br>\n\n";
}
my @hosts = split /:/, $vuln_hosts{$key}[4];
$mailbody .= "<b>Hosts affected:</b><br>\n";
foreach $host (sort @hosts)
{
$mailbody .= "<li>" . $host . "\n";
}$mailbody .= "</td></tr><tr height=20><td><hr></td></tr>"; }
open MAIL, "|$sendmail -t $toaddr";
print MAIL <<"end_of_mail"; To: $toaddr From: $fromaddr Reply-to: $fromaddr Importance: High X-Priority: 1 X-MSMail-Priority: High Subject: High/Critical Vulnerability Report Content-Type: text/html;
<html> <body bgcolor=#FFFFFF text=#000000 link=#000000>
<table width=600>
$mailbody
</body> </html>
end_of_mail
close MAIL;
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin)
iD8DBQFAX6nKsvxTSz2eaa8RAm6fAKDtCCQIvSIp9LCie/l5U5euw2aHWQCcDf86 3iSkuWstO21Fq4yVAd6do4U= =Slvl -----END PGP SIGNATURE-----
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
