I have been making a few programs in c# for parsing nessus and while these have been really good I wanted to expand my knowledge and create a python parser so that I can edit and change it on the fly while pentesting to get any specific information that I need or require. For example, I have used nmap to find all the web services but this never picks all of them up whereas nessus does and places a ‘svc_name=www’ under each port when this is the case, irrespective of whether it is ssl based or not.
Then I have a list of hosts and ports that I can have some confidence in and start to further explore each web port with ‘nikto’ and possible screenshot with ‘wkhtmltoimage’.
To cut a long story short I started writing my own class for this then stumbled across this code https://code.google.com/p/pynessus/. These classes allow you to call all its functions to parse or deal directly with the nessus scanning engine and run scans etc. I have only used this in the smallest way upto now but thought its an interesting blog and others could benefit from this too.
Here is an example script that pulls out all the web services from a nessus scan and places them in a list with their retrospective port after a colon, 10.0.0.1:443.
import dotnessus_v2
preport = “/tmp/localhost.nessus”
rpt = dotnessus_v2.Report()
rpt.parse(preport)
for t in rpt.targets:
for v in t.vulns:
if v.get(‘svc_name’) == ‘www’:
print t.name +”:”+ v.get(‘port’)
Here is another example script that uses the other class to initiate a connection to the nessus server and launches a scan. Once the scan has launched you can also use the script to download reports as shown below. I take no credit in creating these scripts as they have been created by the author, I mererly have used the functions to pull out what data I want from the nessus and want to share this as I think its very useful.
import pynessus
server = “localhost”
port = “8834”
user = “nessus-user”
password = “nessus-password”
n = pynessus.NessusServer(server, port, user, password)
n.launch_scan(scan_name, policy_id, target_list_iter)
n.download_report(report_uuid)
Anyway, thought its worth a simple blog, heres the link to the class files. I also run these through a series of other little scripts to run nikto on all hosts aswell as running a screenshot grab for all web based services so that I can see them quickly. Here is a little bash script I wrote that takes the output from the above and gets a screen capture of all web services. First of all I run the web-parse.py to get my host list like so.
python web-parse.py | sort | uniq | tee web-hosts.txt
Then run my bash script below and for loop to run nikto.
for host in `cat web-hosts.txt`; do nikto -h $host > $host.txt ; done
grab.sh web-hosts.txt
#!/bin/sh
filename=”$1″
while read -r line
do
name=$line
echo “Name read from file – $name”
TIMEOUT=3
( wkhtmltoimage http://$name $name.jpg ) & pid=$!
( sleep $TIMEOUT && kill -HUP $pid ) 2>/dev/null & watcher=$!
wait $pid 2>/dev/null && pkill -HUP -P $watcher
( wkhtmltoimage https://$name $name-ssl.jpg ) & pid=$!
( sleep $TIMEOUT && kill -HUP $pid ) 2>/dev/null & watcher=$!
wait $pid 2>/dev/null && pkill -HUP -P $watcher
done < “$filename”
Enjoy 🙂