Burp Suite has been my favorite web app testing tool for a while and seems like it keeps getting better with age & updates. Typically, I have avoided using other tools to parse the Burp output (xml) because most of what we report comes from manual testing. Somewhat recently, I started using extensions to add the manual testing results to Burp and thus it made sense to write a script to parse Burp xml output.
Having a vulnerability management tool like Tenable Security Center is great. They offer a lot of functionality to analyze, track, and report on the current and past state of systems in the environment. But sometimes that’s overkill. Sometimes you want something quick and easy. Hence we wrote a quick little python script that parses one or more .nessus files and produces a spreadsheet (Excel format). There are five worksheets in the workbook output file: