Greetings to all in Pauldotcom land.... Several weeks ago someone posted to the mailing list asking if anyone had a parsing tool for Nessus in the new XML format. Well I must admit, I didn't respond because the code I had written was not all that great. With that said, I still think the code is prematurely released, but is code ever really ready to be released. LOL....so here you go...
http://www.melcara.com/wp-content/uploads/2010/05/parse_nessus_xml.v5-for-blog.pl_.zip The blog posting can be found in my blog at http://www.melcara.com. Here is a short summary of the posting. The script is designed to look for all the *.XML files in defined directory. The directory is passed as an argument, if no directory is specified an error will be returned. To see the version, then add the v|V|-v|-V and a version will be reported. The script will create two files, the nessus_report.xls and Nessus_data_report.txt. The Nessus_data_report.txt is a text version of the data found in the actual Nessus report, but only shows all the Severity 2 & 3 reports. The nessus_report.xls is a multi spreadsheet workbook that contains all the findings from Nessus. I then manually create a series of pivot tables as such. I have the auto-sort on all columns and will be adding more formatting as time allows. This the first Perl code I have ever released to the public. So if you read it and would like to comment…please be gentle. Enjoy code, I hope this adds value to your Nessus use. Cody P.S. I have also been taking the Command Line Kung Fu, Paul and gang have posted at the http://blog.commandlinekungfu.com, and putting some ExcelFU, if you will to their examples. While the ExcelFu pales to the CLI kung Fu, I find the tools most helpful if I want to change the parameters from the examples given. I call the tool a Command Builder, which can also be found at my blog http://www.melcara.com. Note: This message and any attachments is intended solely for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, legally privileged, confidential, and/or exempt from disclosure. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the original sender immediately by telephone or return email and destroy or delete this message along with any attachments immediately. _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
