Nessus-Report.py - Overview of switches and options

Nessus-report.py is a tool for making the process of analyzing Nessus files easier.  The latest version is always located here.  This posting provides an overview of the switches and options that the tool has available. Nessus-Report is a framework consisting of an object-oriented library and script intended for administrators and security assessors requiring a simple, portable, on-the-spot formatted report of a Nessus scan. It is written in Python to ensure readability, extensibility and portability. As a library, Nessus-Report provides functionality to process Nessus NBE-format reports and collate identified vulnerabilities across the list of all hosts scanned. It contains built-in support for outputting content into industry-standard Open Document Format (ODF) tables with the ODFPy. As an executable, it produces clear output that shows all hosts identified by specific Nesuss plugins or Mitre's Common Vulnerabilities and Exposures (CVE) identification numbers. For an example on analyzing a Nessus NBE-formatted output file, issue the command:

nessus-report -f outputfile inputfile(s)

where inputfile(s) is a space-delimited list of NBE-formatted Nessus output files, and outputfile is the name of the OpenDocument text file to which Nessus-Report will write its report. The result will be printed by default to the standard output. Nessus-Report reports vulnerabilities by severity, with the most critical findings appearing at the top of the table. The “Vulnerability Description”, “Implication”, “Recommendation” all come from Nessus' own report, and the IP addresses of affected hosts appear in the final column. Run without output options, Nessus-report will show all the hosts identified as having failing this plugin. The listing will appear sorted in Nessus severity, from “Critical” down through “Low” and “None”.

The library is composed of two principal classes, Result and ResultBase, which are used to parse and narrow down a set of Nessus findings. The Result class – performs additional parsing of Nessus plugin output, and provides reporting functions to inspect parsed Nessus results. It is responsible for parsing one line of Nessus NBE output

The ResultsBase class – this class holds record containing all the relevant information Nessus findings identified in the input file. It provides introspection methods for searching the database based on desired criteria matching specific conditions. The wrapper script instantiates one object from this class. It accepts multiple input files and adds them to a single database.

Report Ordering options Host Map A host map lists the hosts identified in the Nessus NBE report, and is given by the -o g switch. It returns a list of hosts matching the specified criteria. This output mode is useful for creating hostfiles (lists of hosts, one per line) for further analysis in other tools. This mode only outputs to standard output. By Nessus ID With the -o p option, Nesuss-report displays a list of all hosts affected by relating to specific Nessus plugin IDs. The resulting listing will show all the hosts identified as having failing this plugin. The listing will be sorted in Nessus severity, from “Critical” down throw “Low” and “None”. By Host: With the -o h option, Nessus displays all the vulnerabilities identified for a host.

Output Options ODF output Nessus-Report uses the ODFPy library to produce Open-Document Format (ODF) [ODFPY]. When run with the -f switch, Nessus-Report will save its report to a table in, as shown above. nessus-report -f report.odt *.nbe When run without options, Nessus-Report prints its report to the command line.

Inspection options

Search for specific Nessus plugin matches Issuing Nessus-Report with the -i switch will narrow down the reported findings to only those whose plugin IDs match those in the supplied comma-separated list: nessus-report -i 21631,15136,19301 *.nbe Search by severity(s) The scope of findings can be narrowed to specific severity levels with the '-s' (“severity”; choose from “warn,hole”) and 'r' (“risk factor; choose from “critical,high,medium,moderate,low,none”) options: nessus-report -s critical,high,medium -s Hole,Warning

Roey Katz