Nessus-Report: A flexible and light-weight framework for parsing and reporting Nessus results

OverviewNessus-Report is a framework consisting of an object-oriented library and script intended for administrators and security assessors requiring a simple, portable, on-the-spot formatted report of a Nessus scan.  It is written in Python to ensure readability, extensibility and portability.  As a library, Nessus-Report provides functionality to process Nessus .nbe and .nessus format reports and collate identified vulnerabilities across the list of all hosts scanned.  It contains built-in support for outputting content into industry-standard Open Document Format (ODF) tables with the ODFPy.  Before using the program you will need to install the ODF python library if it is not already installed.  This can easily be done by following the steps below: 1.    Install pip (if not already installed) sudo apt-get install python-pip 2.    Install the ODF python library sudo pip install odfpy

To see the options for the tool run the following: python nessus-report.py --help

As an executable, it produces clear output that shows all hosts identified by specific Nesuss plugins or Common Vulnerabilities and Exposures (CVE) identification numbers.  For example, analyzing a Nessus NBE-formatted output file is as easy as issuing the following command:

nessus-report -f outputfile inputfile(s)

Where inputfile(s) is a space-delimited list of .nbe or .nessus formatted Nessus output files, and outputfile is the name of the OpenDocument text file to which Nessus-Report will write its report.  By default, the result will be printed by default to the standard output.  The screen-shot below shows a sample of what the output of the –f flag looks like.

nessus-parser-screenshot-2

The report lists vulnerabilities by severity, with the most critical findings appearing at the top of the table.  The Vulnerability Description, Recommendation all come from Nessus' own report; the IP addresses of affected hosts appear in the final column. Run without output options, Nessus-report will show all the hosts identified as having failing this plugin.  The listing will appear sorted in Nessus severity, from Critical down through High, Medium, Low and None.

Nessus-report offers several options for report inspection, including printing only vulnerabilities from a specific Nessus plugin, from specific hosts or only findings matching select sensitivities.

Search for specific Nessus plugin matches

Issuing Nessus-Report with the -i switch will narrow down the reported findings to only those whose plugin IDs match those in the supplied comma-separated list:

nessus-report -i 21631,15136,19301 *.nbe

Search by severity(s) The scope of findings can be narrowed to specific severity levels with the '-s' (severity; choose from warn, hole, info, and note) and 'r' (risk factor;choose from critical,high,medium,moderate,low and none) options:

nessus-report -s critical,high,medium -s Hole,Warning

Summary While this tool does not take away all of the analysis that is needed when reviewing and documenting Nessus results it does automate some of the more tedious reporting functions.  This is just the initial release of the tool and we plan on updating the tool and adding enhancements in the future.  If there are any feature requests that you would like to see or if you encounter any issues when using the tool please let us know.