unitas 1.2.4

unitas - A tool to help with nessus and nmap scans

Unitas

Unitas is a powerful network scan parser and analyzer tool designed to simplify the process of managing and analyzing network scan results. With Unitas, you can easily parse scan files from various tools, including Nmap and Nessus, merge scan results, search for specific ports or services, generate markdown reports, and even automate the export of scans from Nessus.

Features

• Parse scan files from Nmap and Nessus
• Merge multiple scan results into a single, comprehensive report per scanner
• Search for specific ports or services across all scanned hosts
• Track source information for each port (which scanner and file detected it)
• Generate well-formatted markdown reports for easy sharing and collaboration
• Export scans from Nessus for seamless integration with your workflow
• Identify hosts that are up but have no open ports
• Generate Nmap commands to re-scan ports that were not service scanned
• Filter out uncertain services to focus on confirmed findings
• Concurrent parsing of scan files for improved performance
• Interactive web visualization with built-in HTTP server

Installation

pip install unitas

Usage

To use Unitas, run the unitas.py script with the appropriate arguments:

unitas /path/to/scan/folder [options]

Options

• -v, --verbose: Enable verbose output (sets log level to DEBUG)
• -V, --version: Show the version number and exit
• -u, --update: Update existing markdown from state.md or stdin
• -s, --search: Search for specific port numbers or service names (comma-separated)
• -U, --url: Adds the protocol of the port as URL prefix (used for search)
• -S, --service: Show only service scanned ports
• -r, --rescan: Print an Nmap command to re-scan the ports not service scanned
• -e, --export: Export all scans from Nessus
• -m, --merge: Merge scans in the folder
• -g, --grep: Print host and ports in a grep-able format (including hosts that have no open ports)
• -j, --json: Export scan results as a JSON file that can be loaded by the HTML viewer
• -o, --origin: Show origin information (source scanner type, file, and date) for each port
• -M, --mac-report: Generate a markdown report of MAC addresses for network inventory
• -H, --http-server: Start an HTTP server with interactive visualization of scan results
• --port: Specify the port for the HTTP server (default: 8000)
• --report-title: Specify a custom title for the merged Nessus report

Interactive Visualization

Unitas includes a built-in web interface for visualizing your network scan results. This interactive tool allows you to explore your network topology, filter by services and ports, and perform various analyses.

Using the Web Interface

To start the web visualization server:

unitas /path/to/scan/folder -H

This will:

1. Process all scan files in the specified folder
2. Start a local HTTP server (default port 8000)
3. Open your web browser to the visualization page
4. Automatically load the scan results

You can specify a custom port if needed:

unitas /path/to/scan/folder -H --port 9000

Visualization Features

The web interface provides several powerful features:

• Interactive network graph showing hosts and services
• Filter by service type, port range, and subnets
• Highlight TLS/SSL services
• View detailed information about hosts and services
• Run automated analyses including:
  • Finding common services
  • Identifying network segments
  • Highlighting unusual ports
  • Finding most connected hosts
• Export the graph as a PNG image

To stop the server, press Ctrl+C in your terminal.

Markdown Table Output

The markdown output looks something like this:

IP	Hostname	Port	Status	Comment
10.31.112.29	qa3app09	445/tcp(smb)	TBD
10.31.112.29	qa3app09	3389/tcp(msrdp)	TBD	TLS
12.233.108.201	preprod.boardvantage.net	443/tcp(https?)	TBD
74.207.244.221	scanme.nmap.org	22/tcp(ssh)	TBD	OpenSSH 5.3p1 Debian 3ubuntu7
74.207.244.221	scanme.nmap.org	80/tcp(http)	TBD	Apache httpd 2.2.14
198.38.82.159	joaquinlp.me	21/tcp(ftp?)	TBD
198.38.82.159	joaquinlp.me	25/tcp(smtp?)	TBD

The markdown table generated by Unitas displays only the open ports discovered during the scan. Services marked with a question mark at the end (e.g., http?) indicate that the port was scanned, but no service information was obtained. In other words, these ports were simply port scanned and not service scanned.

The "Status" column in the markdown table does not represent the port state (e.g., open, closed, filtered) but rather serves as a status field for you to track your progress or add notes. You can use this column to mark ports that you have investigated or add any relevant comments.

Unitas also provides a useful feature that allows you to update your markdown table without losing your custom comments. This can be particularly helpful when you need to rerun scans and want to preserve your notes. To update the table, simply use the -u flag followed by the path to your state.md file or pipe the updated scan results to Unitas via stdin.

For example, to update the table in the state.md file:

unitas /path/to/scan/folder -u state.md

Or to update the table using stdin:

cat updated_scan_results.md | unitas -u

This feature ensures that your comments and notes are retained while the table is updated with the latest scan results.

Other Examples

Search for specific ports:

unitas /path/to/scan/folder -s "80,443"

Search for specific services with URL prefix (filter non service scanned entries):

unitas /path/to/scan/folder -s "http,https" -U --service

Generate an Nmap command to re-scan non-service scanned ports:

unitas /path/to/scan/folder -r

Export scans from Nessus:

unitas /path/to/scan/folder -e

Merge scan files in a folder:

• creates a single nessus file for all nessus scans, two duplicate scan will lead to duplicate hosts in the scan
• creates a single nmap scan xml and html report if xsltproc is installed

unitas /path/to/scan/folder -m

Output hosts and ports in a grepable format:

unitas /path/to/scan/folder -g

Export scan results as JSON and launch the interactive visualization:

unitas /path/to/scan/folder -H

Configuration

Unitas uses a configuration file (~/.unitas) to store Nessus API credentials. If the configuration file doesn't exist, Unitas will create a template for you. Make sure to update the secret_key, access_key, and url fields with your Nessus API credentials.

Changelog

1.2.0

• Added MAC address reporting with -M/--mac-report flag
• Network inventory feature to track MAC addresses and vendors
• Markdown output format for MAC address reports
• Integrates with MAC vendor lookup

1.1.0

• Added interactive network visualization with -H/--http-server flag
• Built-in HTTP server for viewing network topology
• Interactive graph with filtering and analysis capabilities
• Auto-loading of scan data in the web interface
• Customizable server port with --port option

1.0.4

• nessus title feature
• fixed a bug in merge detection
• added github workflow

1.0.3

• improved the service lookup
• fixed a bug if a directory with .xml is found

1.0.2

• fixed bug #1
• fixed bug #2
• improved nessus export (speedup by fixing the file exist check and change filename of exports to include the scan id)
• added grep-able output feature
• improved command for re-scan nmap command

1.0.1

• improved merging
• added docs

1.0.0

• first release

Contributing

Contributions are welcome! If you find a bug or have a feature request, please open an issue on the GitHub repository. If you'd like to contribute code, please fork the repository and submit a pull request.

License

This project is licensed under the GPL-3.0 License.