By Matt Flick | May 30, 2019
Having a vulnerability management tool like Tenable Security Center is great. They offer a lot of functionality to analyze, track, and report on the current and past state of systems in the environment. But sometimes that’s overkill. Sometimes you want something quick and easy. Hence we wrote a quick little python script that parses one or more .nessus files and produces a spreadsheet (Excel format). There are five worksheets in the workbook output file:
- Scan Data (vuln) - results from the vulnerability scan, not including any audit compliance results. Informational results are included by default but can be changed using the “-i” command line option.
- Scan Data (audit failure) - results from the audit compliance scans with “[FAILED]” in the description.
- Scan Data (audit error) - results from the audit compliance scans with “[ERROR]” in the description.
- Errors - useful details when certain plugins are included in the results, including:
- 10428 (“Microsoft Windows SMB Registry Not Fully Accessible Detection”)
- 10919 (“Open Port Re-check”)
- 21745 (“Authentication Failure - Local Checks Not Run”)
- 24786 (“Nessus Windows Scan Not Performed with Admin Privileges”)
- 26917 (“Microsoft Windows SMB Registry : Nessus Cannot Access the Windows Registry”)
- 35705 (“SMB Registry : Starting the Registry Service during the scan failed”)
- 104410 (“Authentication Failure(s) for Provided Credentials”)
- Time - scan timeframe for each system in each scan results file.
The script runs with python 3. It takes the following options:
-d : Location of the directory that the finding spreadsheets are in -f : Name of the nessus file you want to parse. Ignored if '-d' option is used -i : Include Informational severity items in output (default=True) -o : Base name of spreadsheet file to which you want the parsed results to be written
python nepali.py -d . -o combined_output
The above command will parse all .nessus files in the current directory and include the results in a file named “combined_output__parsed__(YYYYMMDD_HHMM).xlsx”