Skip to main content

Scripts to import nmap and nessus scan results into a SQLite database, analyze the overall results and generate reports or target lists.

Project description

This tool provides some scripts to import Nmap and Nessus scan results into a sqlite database. The imported results can then be analyzed by various tool to generate target list for other tools, generate csv files and DOCX reports ( based on DOCX templates). The following console commands are available after installation:

cli command description
scandb-importer Import nmap and nessus scans into a sqlite database
scandb-services Generate ip address lists based on port filters (e.g. as input for other tools)
scandb-vulns Search and generate ip address lists based on vulnerability filters (e.g. search for severity, cve, plugin-id, plugin output)
scandb-statistics Print scan, port, vulnerability statistics or generate CSV files with these statistics. Can also be used to generate a CSV file with a list of open ports per host.
scandb-compare Compare to scandb instances and generate CSV statistics with differences. (Due to database changes that might happen these instances should be generated with the same scandb version)
scandb-report Generate DOCX Reports based on given templates.

License

This script is licensed under the GNU General Public License in version 3. See http://www.gnu.org/licenses/ for further details.

Installation

The tool has been published to pypi and can be installed via pip.

pip install scandb

scandb-importer

This command can be used do import a single file or many files at once to a sqlite database. You can use the parameters --file and --dir to specify the files that should be imported.

$  scandb-importer -h     
usage: scandb-importer [-h] [--db DB] [--file [FILE [FILE ...]]] [--dir DIR]

I will import Nmap and Nessus scans into a SQLite database.

optional arguments:
  -h, --help            show this help message and exit
  --db DB
  --file [FILE [FILE ...]]
                        The nessus and/or nmap file(s)
  --dir DIR             Directory name with nessus and/or nmap files

scandb-services

This command can be used to generate target lists based on port filters.

$ scandb-services -h
usage: scandb-services [-h] [--db DB] [--status STATUS] [-t PORTS] [-u PORTS] [-o UNION|INTERSECTION] [--list] [-d LIST_DELIMITER] [--list-file FILE]

I can be used to generate target lists (ip address lists) that can be used as input for other tools based on given filters.

optional arguments:
  -h, --help            show this help message and exit
  --db DB
  --status STATUS       Status string stored in database (default: up)
  -t PORTS, --tcp PORTS
                        Open TCP ports
  -u PORTS, --udp PORTS
                        Open UDP ports
  -o UNION|INTERSECTION, --operation UNION|INTERSECTION
                        Operation to combine the sets of TCP and UDP ports (default: UNION)
  --list                Generate a target list
  -d LIST_DELIMITER, --list-delimiter LIST_DELIMITER
                        Delimiter used to separate hosts in the list output
  --list-file FILE      Generate a file with the targets instead of printing them to stdout

Generate a list of all hosts (with status 'up'):

$ scandb-services --list
192.168.1.2
192.168.1.1
192.168.1.11
192.168.1.19

Generate a list of all hosts (with status 'up') and use the delimiter "," instead of a new line:

$ scandb-services --list -d ","
192.168.1.2,192.168.1.1,192.168.1.11,192.168.1.19

Generate a list of hosts with open tcp port 80:

$ scandb-services --list -d " " -t 80
192.168.1.2 192.168.1.1

Generate a list of hosts with open udp port 53:

$ scandb-services --list -d " " -u 53
192.168.1.19 192.168.1.1

Generate a list of hosts with open tcp port 80 or udp port 53:

$ scandb-services --list -d " " -u 53 -t 80
192.168.1.19 192.168.1.2 192.168.1.1

Generate a list of hosts with open tcp port 80 and udp port 53:

$ scandb-services --list -d " " -u 53 -t 80 -o intersection
192.168.1.1

scandb-statistics

This command can be used to display statistics or to create a csv file with all IP addresses and their open ports.

$  scandb-statistics -h
usage: scandb-statistics [-h] [--db DB] [-s] [-v] [-p] [--host-portlist] [-d DELIMITER] [-o OUTFILE] [-w] [--docx] [--template TEMPLATE]

I can generate statistics about vulnerabilities, open ports or for the imported scans. Furthermore I can generate a host/portlist as csv file. All statistics can be displayed on stdout or they can be written to csv or docx files (based on templates). See
https://bitbucket.org/cbless/scandb/src/master/examples/ for example templates.A description of usable objects and their attributes can be found under: https://bitbucket.org/cbless/scandb/wiki/Report-Templates

optional arguments:
  -h, --help            show this help message and exit
  --db DB
  -s, --scan-statistics
                        Print statistics for each scan
  -v, --vuln-statistics
                        Print number of vulns foreach host.
  -p, --port-statistics
                        Print number of 'open' TCP and UDP ports foreach host.
  --host-portlist       generate a csv with a list of TCP and UDP Ports per host
  -d DELIMITER, --delimiter DELIMITER
                        Delimiter for CSV files.
  -o OUTFILE, --outfile OUTFILE
                        Prefix for output files.
  -w, --write-file      Write data to CSV file. Prefix of filename can be changed with parameter outfile
  --docx                Render the given DOCX template for the selected statistics. Prefix of filename can be changed with parameter '--outfile'. The template can be specified with parameter '--template'
  --template TEMPLATE   Name of the template to render. Examples can be found under: https://bitbucket.org/cbless/scandb/src/master/examples/

To generate a list of open TCP and UDP ports you can use the following command:

$  scandb-statistics --host-portlist
Results written to : scandb-hostportlist.csv

The content of the file scandb-hostportlist.csv will looks like this.

192.168.1.1;53;udp
192.168.1.1;53,80,443,5060,8181;tcp
192.168.1.19;161;udp
192.168.1.2;53,80,5060,8089;tcp

scandb-vulns

This command can be used to generate target lists based on vulnerability filters.

$    scandb-vulns -h        
usage: scandb-vulns [-h] [--db DB] [--min-severity MIN_SEVERITY] [--filter-by {cve,plugin-id,plugin-name,plugin-output,description,ip}] [--search SEARCH-Term] [--list {ips,details}] [-d LIST_DELIMITER] [--list-file FILE]

I can be used to query the sqlite database to filter specific vulnerabilities. Results can be displayed to stdout or written to a csv file.

optional arguments:
  -h, --help            show this help message and exit
  --db DB
  --min-severity MIN_SEVERITY
                        Minimum severity level (default: 0)
  --filter-by {cve,plugin-id,plugin-name,plugin-output,description,ip}
                        Filter hosts by the given filter. The search value is specified with option --search. The following fields can be used as filter 'cve', 'plugin-id', 'plugin-name', 'description', 'ip'. (Note: The option 'ip' returns just the ip itself, when '
                        --list ips' is selected and a vulnerability was detected for that ip, otherwise the result is empty.)
  --search SEARCH-Term  Search term used for querying the database. The type of the search field can be selected with the parameter --filter-by
  --list {ips,details}  Generate a target list of ip addresses when selecting 'ips' or display the columns Address,Port,Protocol,Severity,Plugin-ID,Plugin-Name
  -d LIST_DELIMITER, --list-delimiter LIST_DELIMITER
                        Delimiter used to separate hosts in the list output. Only when --list ips is used.
  --list-file FILE      Generate a file with the results instead of printing them to stdout. Incase of '--list ips' is selected the file contains a list of ip address (one per line), in case of '--list details' it will be a csv file

Select hosts that are affected by a cve starting with CVE-2015- and display only the ip address.

scandb-vulns --filter-by cve --search CVE-2015- --list ips

Select hosts that are affected by a vulnerability with Plugin-ID 48243 and display the columns Address,Port,Protocol,Severity,Plugin-ID,Plugin-Name.

 scandb-vulns --db test.sqlite --filter-by plugin-id --search 48243 --list details
             Address           Port       Protocol       Severity      Plugin-IDPlugin-Name
      192.168.100.101            443            tcp              0          48243PHP Version Detection
      192.168.100.111             80            tcp              0          48243PHP Version Detection
      192.168.100.122            443            tcp              0          48243PHP Version Detection

scandb-compare

This command can be used to compare two scandb database instances (databases must be created with scandb v0.4.0 or a later version).

$   scandb-compare -h
usage: scandb-compare [-h] [--db1 DB1] [--db2 DB2] [-v] [-p] [--host-portlist] [-o OUTFILE]

optional arguments:
  -h, --help            show this help message and exit
  --db1 DB1
  --db2 DB2
  -v, --vuln-statistics
                        Print number of vulns foreach host and db.
  -p, --port-statistics
                        Print number of 'open' TCP and UDP ports foreach host and db.
  --host-portlist       generate a csv with a list of TCP and UDP Ports per host and db
  -o OUTFILE, --outfile OUTFILE
                        Prefix for output files.

scandb-report

This command can be used to export vulnerabilities to a docx format based on custom templates.

See also:

$     scandb-report -h       
usage: scandb-report [-h] [--db DB] [--min-severity MIN_SEVERITY] [--plugins PLUGINS [PLUGINS ...]] [--export-vulns {all,unsorted,host,plugin}] [--template TEMPLATE] [--outfile OUTFILE]

Generate DOCX reports based on custom templates. See https://bitbucket.org/cbless/scandb/src/master/examples/ for example templates.A description of usable objects and their attributes can be found under: https://bitbucket.org/cbless/scandb/wiki/Report-Templates

optional arguments:
  -h, --help            show this help message and exit
  --db DB
  --min-severity MIN_SEVERITY
                        Minimum severity level (default: 0). Either plugins or min-severity can be used.
  --plugins PLUGINS [PLUGINS ...]
                        List of plugins to export. Either plugins or min-severity can be used.
  --export-vulns {all,unsorted,host,plugin}
                        Can be used to specifiy how the vulnerabilities will be injected into the template. 'unsorted' means that the vulnerabilites will be available unsorted as 'vulns'. 'host' means that a list of vulnerabilities is avaialable per host. 'plugin'
                        means that the list of affected systems is available per plugin/vulnerability as 'vulns_by_plugin'. 'all' means that all three options are available in the template. (default 'plugin')
  --template TEMPLATE   Name of the template to render. Examples can be found under: https://bitbucket.org/cbless/scandb/src/master/examples/
  --outfile OUTFILE     Name that is used for the generated report.

Example: Export only vulnerabilities with a minimum severity of MEDIUM.

scandb-report --min-severity 2  --db scandb.sqlite --template "examples/vulns-by-plugin_with_stats.docx"

Example: Export only a list of vulnerabilities that match the specified plugin IDs.

scandb-report --plugins 12344,44443,22211  --db scandb.sqlite --template "examples/vulns-by-plugin_with_stats.docx"

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

scandb-1.1.0.tar.gz (25.6 kB view hashes)

Uploaded source

Built Distribution

scandb-1.1.0-py3-none-any.whl (28.5 kB view hashes)

Uploaded py3

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page