Skip to content
/ Nessus_File_Parser Public

This script parses Nessus XML scan reports to extract vulnerability details, including CVE/CWE IDs, severity levels, and other pertinent information. It then generates two HTML reports: one summarizing vulnerabilities in a table format and another providing detailed findings for each vulnerability.

License

GPL-3.0 license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

chanakayaa/Nessus_File_Parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Nessus_file_parser.py
Nessus_file_parser.py
 
 
README.md
README.md
 
 

Repository files navigation

The script is a Python tool designed to parse Nessus vulnerability scan reports, process and merge vulnerability data, and generate HTML reports. Here's a description of its functionality:

Script Description

Overview This script parses Nessus XML scan reports to extract vulnerability details, including CVE/CWE IDs, severity levels, and other pertinent information. It then generates two HTML reports: one summarizing vulnerabilities in a table format and another providing detailed findings for each vulnerability. The script ensures readability and ease of use, integrating best practices for security analysis and reporting.

Features

  1. Parsing Nessus Files:

    • The script reads and parses Nessus XML files to extract detailed information about each reported vulnerability.
    • It captures details such as affected IPs, vulnerability names, CVE/CWE IDs, severity levels, recommendations, references, descriptions, and ports.

  2. Adjusting Severity Levels:

    • The script adjusts the severity levels of specific vulnerabilities based on predefined conditions. For example:
      • "SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE)" is marked as Low.
      • "SSL Version 2 and 3 Protocol Detection" is marked as High.

  3. Merging Vulnerabilities:

    • Vulnerabilities are merged based on their names to consolidate data, preventing redundancy. This includes merging affected IPs and CVE/CWE IDs.

  4. Sorting by Severity:

    • The vulnerabilities are sorted by severity levels (Critical, High, Medium, Low) for clear prioritization.

  5. Generating HTML Reports:

    • Summary Report: A table summarizing the vulnerabilities, sorted by severity, with color-coded severity levels.
    • Detailed Findings Report: A detailed report for each vulnerability, including descriptions, recommendations, and proof of concept.

  6. User Interaction:

    • The script prompts the user to input the path of the Nessus file.
    • It provides feedback on the generated reports' locations.

  7. Dependencies:

    • Standard Python libraries: os, xml.etree.ElementTree, collections.defaultdict.

Example Execution

$ python nessus_parser.py

Author Note

The script includes motivational quotes and personal touch by the creator, adding a unique flair to its functionality.

Author: Pushkar Singh

Feel free to modify and adapt the script to suit your specific needs, and ensure to review the extracted data for accuracy and completeness.

About

This script parses Nessus XML scan reports to extract vulnerability details, including CVE/CWE IDs, severity levels, and other pertinent information. It then generates two HTML reports: one summarizing vulnerabilities in a table format and another providing detailed findings for each vulnerability.

Topics

parser nessus tenable nessus-scanner nessus-files nessus-parser nessus-report

Resources

Readme

License

GPL-3.0 license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages