Skip to main content

nessus file reader by LimberDuck is a CLI tool and python module created to quickly parse nessus files containing the results of scans performed by using Nessus by (C) Tenable, Inc.

Project description

nessus file reader

nessus file reader by LimberDuck (pronounced ˈlɪm.bɚ dʌk) is a CLI tool and python module created to quickly parse nessus files containing the results of scans performed by using Nessus and Tenable.sc by (C) Tenable, Inc. This module will let you get data through functions grouped into categories like file, scan, host and plugin to get specific information from the provided nessus scan files.

Latest Release version GitHub Release Date PyPI - Downloads

License Repo size Code size Supported platform

Main features

  • read data from nessus files containing results of scans performed by using Nessus and Tenable.sc by (C) Tenable, Inc.
  • use it in CLI to check quickly e.g. quality of your scan
  • use it as python module

Check code examples.

Installation

Note: It's advisable to use python virtual environment for below instructions. Read more about python virtual environment in The Hitchhiker’s Guide to Python!

Read about virtualenvwrapper in The Hitchhiker’s Guide to Python!: virtualenvwrapper provides a set of commands which makes working with virtual environments much more pleasant.

Install nessus file reader

pip install nessus-file-reader

To upgrade to newer version run:

pip install -U nessus-file-reader

How to

Use nfr in CLI

  1. Run nessus file reader

    nfr

  2. Check help for commands

    nfr [command] --help e.g. nfr file --help

File command

Run nfr file --help to see options related to nessus file.

File size

Check size of given file:

nfr file --size test_files/scan_avrx9t.nessus
nessus file reader by LimberDuck 0.4.2
test_files/scan_avrx9t.nessus 2.4 MiB

more than one file:

nfr file --size test_files/scan_avrx9t.nessus test_files/scan_ihc1js.nessus
nessus file reader by LimberDuck 0.4.2
test_files/scan_avrx9t.nessus 2.4 MiB
test_files/scan_ihc1js.nessus 5.0 MiB

all files in given directory and it's subdirectories:

nfr file --size test_files  
nessus file reader by LimberDuck 0.4.2                                                      
test_files/scan_avrx9t.nessus 2.4 MiB
test_files/scan_ihc1js.nessus 5.0 MiB
test_files/test_subdirectory/scan_ihc1js.nessus 878.3 KiB
File structure

Check structure of given file:

nfr file --structure test_files/scan_avrx9t.nessus
nessus file reader by LimberDuck 0.4.2
test_files/scan_avrx9t.nessus
Policy [2/2]
├── policyName [3/3]
├── Preferences [2/3]
│   ├── ServerPreferences [1/1]
│   │   ├── preference [54/54]
│   │   │   ├── name [1/1]
│   │   │   └── value [0/1]
│   │   ├── preference [53/54]
...
│   └── PluginsPreferences [0/1]
│       ├── item [506/506]
│       │   ├── pluginName [6/6]
│       │   ├── pluginId [5/6]
│       │   ├── fullName [4/6]
│       │   ├── preferenceName [3/6]
│       │   ├── preferenceType [2/6]
│       │   ├── preferenceValues [1/6]
│       │   └── selectedValue [0/6]
│       ├── item [505/506]
...
├── FamilySelection [1/3]
│   ├── FamilyItem [53/53]
│   │   ├── FamilyName [1/1]
│   │   └── Status [0/1]
│   ├── FamilyItem [52/53]
│   │   ├── FamilyName [1/1]
│   │   └── Status [0/1]
...
└── IndividualPluginSelection [0/3]
│   ├── PluginItem [6/6]
│   │   ├── PluginId [3/3]
│   │   ├── PluginName [2/3]
│   │   ├── Family [1/3]
│   │   └── Status [0/3]
...
Report [1/2]
└── ReportHost [0/0]
    ├── HostProperties [409/409]
    │   ├── tag [354/354]
    │   ├── tag [353/354]
...
    ├── ReportItem [408/409]
    │   ├── agent [12/12]
    │   ├── description [11/12]
    │   ├── fname [10/12]
    │   ├── plugin_modification_date [9/12]
    │   ├── plugin_name [8/12]
    │   ├── plugin_publication_date [7/12]
    │   ├── plugin_type [6/12]
    │   ├── risk_factor [5/12]
    │   ├── script_version [4/12]
    │   ├── see_also [3/12]
    │   ├── solution [2/12]
    │   ├── synopsis [1/12]
    │   └── plugin_output [0/12]
...

Check whole example structure examples/scan_avrx9t_structure.txt.

Scan command

Run nfr scan --help to see options related to content of nessus file on scan level.

Scan summary

See scan summary of given file/-s or all files in given directory and it's subdirectories:

nfr scan --scan-summary scan_avrx9t.nessus
nessus file reader by LimberDuck 0.4.2
File name           Report name     TH    SH    CC    C    H    M    L    N
------------------  ------------  ----  ----  ----  ---  ---  ---  ---  ---
scan_avrx9t.nessus  test scan        1     1     1   48  182  126   15   38
nfr scan --scan-summary-legend                              
nessus file reader by LimberDuck 0.4.2
Legend for scan summary:
File name - nessus file name
Report name - report name for given nessus file name
TH - number of target hosts
SH - number of scanned hosts
CC - number of hosts scanned with credentials (Credentialed checks yes in Plugin ID 19506)
C - number of plugins with Critical risk factor for whole scan
H - number of plugins with High risk factor for whole scan
M - number of plugins with Medium risk factor for whole scan
L - number of plugins with Low risk factor for whole scan
N - number of plugins with None risk factor for whole scan
Policy scan summary

See policy scan summary of given file/-s or all files in given directory and it's subdirectories:

nfr scan --policy-summary scan_ihc1js.nessus scan_avrx9t.nessus
nessus file reader by LimberDuck 0.4.2
File name           Policy name      Max hosts    Max checks    Checks timeout    Plugins number
------------------  -------------  -----------  ------------  ----------------  ----------------
scan_ihc1js.nessus  Advanced Scan          100             5                 5            103203
scan_avrx9t.nessus  Test                   100             5                 5            103949
Scan file source

See scan file source like Nessus, Tenable.sc, Tenable.io of given file/-s or all files in given directory and it's subdirectories:

nfr scan --scan-file-source scan_ihc1js.nessus scan_avrx9t.nessus
nessus file reader by LimberDuck 0.4.2
File name           Source
------------------  ----------
scan_ihc1js.nessus  Tenable.sc
scan_avrx9t.nessus  Nessus

Use nfr as python module

  1. Import nessus-file-reader module.
import nessus_file_reader as nfr
  1. Use file functions to get details about provided file e.g. root, file name, file size.
import nessus_file_reader as nfr

nessus_scan_file = './your_nessus_file.nessus'
root = nfr.file.nessus_scan_file_root_element(nessus_scan_file)
file_name = nfr.file.nessus_scan_file_name_with_path(nessus_scan_file)
file_size = nfr.file.nessus_scan_file_size_human(nessus_scan_file)
print(f'File name: {file_name}')
print(f'File size: {file_size}')
  1. Use scan functions to get details about provided scan e.g. report name, number of target/scanned/credentialed hosts, scan time start/end/elapsed and more.
import nessus_file_reader as nfr
nessus_scan_file = './your_nessus_file.nessus'
root = nfr.file.nessus_scan_file_root_element(nessus_scan_file)

report_name = nfr.scan.report_name(root)
number_of_target_hosts = nfr.scan.number_of_target_hosts(root)
number_of_scanned_hosts = nfr.scan.number_of_scanned_hosts(root)
number_of_scanned_hosts_with_credentialed_checks_yes = nfr.scan.number_of_scanned_hosts_with_credentialed_checks_yes(root)
scan_time_start = nfr.scan.scan_time_start(root)
scan_time_end = nfr.scan.scan_time_end(root)
scan_time_elapsed = nfr.scan.scan_time_elapsed(root)
print(f' Report name: {report_name}')
print(f' Number of target/scanned/credentialed hosts: {number_of_target_hosts}/{number_of_scanned_hosts}/{number_of_scanned_hosts_with_credentialed_checks_yes}')
print(f' Scan time START - END (ELAPSED): {scan_time_start} - {scan_time_end} ({scan_time_elapsed})')
  1. Use host functions to get details about hosts from provided scan e.g. report hosts names, operating system, hosts scan time start/end/elapsed, number of Critical/High/Medium/Low/None findings and more.
import nessus_file_reader as nfr
nessus_scan_file = './your_nessus_file.nessus'
root = nfr.file.nessus_scan_file_root_element(nessus_scan_file)

for report_host in nfr.scan.report_hosts(root):
   report_host_name = nfr.host.report_host_name(report_host)
   report_host_os = nfr.host.detected_os(report_host)
   report_host_scan_time_start = nfr.host.host_time_start(report_host)
   report_host_scan_time_end = nfr.host.host_time_end(report_host)
   report_host_scan_time_elapsed = nfr.host.host_time_elapsed(report_host)
   report_host_critical = nfr.host.number_of_plugins_per_risk_factor(report_host, 'Critical')
   report_host_high = nfr.host.number_of_plugins_per_risk_factor(report_host, 'High')
   report_host_medium = nfr.host.number_of_plugins_per_risk_factor(report_host, 'Medium')
   report_host_low = nfr.host.number_of_plugins_per_risk_factor(report_host, 'Low')
   report_host_none = nfr.host.number_of_plugins_per_risk_factor(report_host, 'None')
   print(f'  Report host name: {report_host_name}')
   print(f'  Report host OS: {report_host_os}')
   print(f'  Host scan time START - END (ELAPSED): {report_host_scan_time_start} - {report_host_scan_time_end} ({report_host_scan_time_elapsed})')
   print(f'  Critical/High/Medium/Low/None findings: {report_host_critical}/{report_host_high}/{report_host_medium}/{report_host_low}/{report_host_none}')
  1. Use plugin functions to get details about plugins reported in provided scan e.g. plugins ID, plugins risk factor, plugins name.
import nessus_file_reader as nfr
nessus_scan_file = './your_nessus_file.nessus'
root = nfr.file.nessus_scan_file_root_element(nessus_scan_file)

for report_host in nfr.scan.report_hosts(root):
   report_items_per_host = nfr.host.report_items(report_host)
   for report_item in report_items_per_host:
      plugin_id = int(nfr.plugin.report_item_value(report_item, 'pluginID'))
      risk_factor = nfr.plugin.report_item_value(report_item, 'risk_factor')
      plugin_name = nfr.plugin.report_item_value(report_item, 'pluginName')
      print('\t', plugin_id, '  \t\t\t', risk_factor, '  \t\t\t', plugin_name)
  1. If you want to get output for interesting you plugin e.g. "Nessus Scan Information" use below function
import nessus_file_reader as nfr
nessus_scan_file = './your_nessus_file.nessus'
root = nfr.file.nessus_scan_file_root_element(nessus_scan_file)

for report_host in nfr.scan.report_hosts(root):
   pido_19506 = nfr.plugin.plugin_output(root, report_host, '19506')
   print(f'Nessus Scan Information Plugin Output:\n{pido_19506}')
  1. If you know that interesting you plugin occurs more than ones for particular host e.g. "Netstat Portscanner (SSH)" use below function
import nessus_file_reader as nfr
nessus_scan_file = './your_nessus_file.nessus'
root = nfr.file.nessus_scan_file_root_element(nessus_scan_file)

for report_host in nfr.scan.report_hosts(root):
   pidos_14272 = nfr.plugin.plugin_outputs(root, report_host, '14272')
   print(f'All findings for Netstat Portscanner (SSH): \n{pidos_14272}')

Meta

Change log

See CHANGELOG.

Licence

GNU GPLv3: LICENSE.

Authors

Damian Krawczyk created nessus file reader by LimberDuck.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

nessus_file_reader-0.4.2.tar.gz (30.7 kB view details)

Uploaded Source

Built Distribution

nessus_file_reader-0.4.2-py3-none-any.whl (33.4 kB view details)

Uploaded Python 3

File details

Details for the file nessus_file_reader-0.4.2.tar.gz.

File metadata

  • Download URL: nessus_file_reader-0.4.2.tar.gz
  • Upload date:
  • Size: 30.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.9.16

File hashes

Hashes for nessus_file_reader-0.4.2.tar.gz
Algorithm Hash digest
SHA256 420bbc1dff905d5ca69dd3b41a50ddb0f92f8e0368f6f36f39070f6a2cb96245
MD5 63206d0607e302efe3ead2a613624a98
BLAKE2b-256 0c83ff5879f43cf0f918c8ddd0eaa6ca5509d987ad5d4452edf5b291cc18a647

See more details on using hashes here.

File details

Details for the file nessus_file_reader-0.4.2-py3-none-any.whl.

File metadata

File hashes

Hashes for nessus_file_reader-0.4.2-py3-none-any.whl
Algorithm Hash digest
SHA256 8e557b47dac058e646f52f3ce43e3d4a27fe7add0518badd1b1f15e8b27e87d4
MD5 7690b307d588a5ac53d47d9ad2b09d58
BLAKE2b-256 8b88a0108ce907eb19ff577516865083d07bbb06c73d2243f4e637758fea37c0

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page