Fork: 0
0xRoM / DirtyScripts
Browse code
nessus 2 json parser
master
1 parent d0218d8 commit 2acb97c142ebfe89c9229198c9bc732fcdb52aec
root authored on 16 Dec 2019
Patch
Unified Split
Showing 2 changed files
View
22
ReportToolz/README.md
[+] creating json for: Untrustworthy Server Certificate Chain
[+] creating json for: Missing or Permissive HTTP Content-Security-Policy Header
[+] creating json for: Missing or Permissive X-Frame-Options HTTP Response Header
[+] creating json for: No HTTP Strict Transport Security
```
 
# nessus to JSON files
Convert .nessus output file to JSON files for repgen.php
 
```
╰» ./ns2json.php -d /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.nessus -i
______ _
(_____ \ (_)
____ ___ ____) ) _ ___ ___ ____
| _ \ /___)/ ____/ | |/___)/ _ \| _ \
| | | |___ | (_____ | |___ | |_| | | | |
|_| |_(___/|_______)| (___/ \___/|_| |_|
(__/
 
[!] doc: /mnt/hgfs/Pentest/pentests/2019/Company/report/Company-9ajgty.nessus
[-] Issue: Nessus Scan Information
[-] Issue: Host Fully Qualified Domain Name (FQDN) Resolution
[-] Issue: IPSEC Internet Key Exchange (IKE) Version 2 Detection
[-] Issue: IPSEC Internet Key Exchange (IKE) Version 1 Detection
[-] Issue: Common Platform Enumeration (CPE)
[+] Saving: SSL Medium Strength Cipher Suites Supported (SWEET32)
[-] Issue: SSL Cipher Block Chaining Cipher Suites Supported
```
View
114
ReportToolz/ns2json.php 0 → 100755
#!/usr/bin/php
<?php
//error_reporting(0);
 
/***
* Main program - Don't edit below
*/
echo " ______ _ \n (_____ \ (_) \n ____ ___ ____) ) _ ___ ___ ____ \n| _ \ /___)/ ____/ | |/___)/ _ \| _ \ \n| | | |___ | (_____ | |___ | |_| | | | |\n|_| |_(___/|_______)| (___/ \___/|_| |_|\n (__/ \n\n";
 
foreach (glob("classes/*.php") as $filename)
include $filename;
 
$definitions = new \Clapp\CommandLineArgumentDefinition(
array(
"help|h" => "Shows help message",
"doc|d=s" => "/path/to/doc.nessus to use",
"no-save|n" => "Output only - Don't save JSON files",
"no-info|i" => "Don't save \"informational\" issues (recommended)",
)
);
 
$filter = new \Clapp\CommandArgumentFilter($definitions, $argv);
 
if ($filter->getParam('h') === true || $argc < 2) {
echo "Convert ptreport reprep output file to JSON files for repgen.php\n\n";
fwrite(STDERR, $definitions->getUsage());
exit(0);
}
 
// see if doc exists
if ($filter->getParam("doc") == false)
die("[-] no doc set\n");
 
echo "[!] doc: ".$filter->getParam("doc")."\n";
if(!file_exists($filter->getParam("doc")))
die("[-] no such file! \n");
 
 
$xmlfile = file_get_contents($filter->getParam("doc"));
$nessus= simplexml_load_file($filter->getParam("doc"));
 
 
//print_r($configData);
//file_put_contents('/mnt/hgfs/Pentest/pentests/2019/Remploy/test/array.x', print_r($configData, true));
$resultsFolder = substr($filter->getParam("doc"), 0, strrpos( $filter->getParam("doc"), '/') )."/";
$vulnarray = array();
 
foreach ($nessus->Report[0]->ReportHost as $host) {
foreach ($host->ReportItem as $bug) {
//echo $bug->plugin_name ."\n";
$output = NULL;
 
//mosty solen from: https://github.com/adamziaja/php/blob/master/nessus/nessus.php
$vulnarray[(string)$bug->plugin_name]['risk'] = (string)$bug->risk_factor;
if($bug->cvss_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_score'] = (string)$bug->cvss_base_score; }
if($bug->cvss_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss_vector'] = (string)$bug->cvss_vector; }
if($bug->cvss3_base_score <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_score'] = (string)$bug->cvss3_base_score; }
if($bug->cvss3_vector <> ""){ $vulnarray[(string)$bug->plugin_name]['cvss3_vector'] = (string)$bug->cvss3_vector; }
if($bug->synopsis <> ""){ $vulnarray[(string)$bug->plugin_name]['description'] = (string)$bug->synopsis; }
if($bug->description <> ""){ $vulnarray[(string)$bug->plugin_name]['tech_description'] = (string)$bug->description; }
if($bug->solution <> ""){ $vulnarray[(string)$bug->plugin_name]['solution'] = (string)$bug->solution; }
 
}
}
 
foreach ($vulnarray as $key => $value) {
 
$cvssS = "";
if(isset($value['cvss_score']) && $value['cvss_score'] <> "")
$cvssS = $value['cvss_score'];
if(isset($value['cvss3_score']) && $value['cvss3_score'] <> "")
$cvssS = $value['cvss3_score'];
 
if ($value['risk'] == 'None') { $value['risk'] = "Informational"; }
 
$vulnFileName = preg_replace( '/[^a-z0-9]+/', '-', strtolower( @$key ) );
$jsonFile = '{
"title":'.json_encode(@$key).',
"remediation":"",
"cvss_score":'.json_encode($cvssS).',
"risk":'.json_encode(@$value['risk']).',
"impact":"High/Medium/Low",
"description":'.json_encode(@$value['description']).',
"tech_description":'.json_encode(@$value['tech_description']).',
"solution":'.json_encode(@$value['solution']).',
"cvss2_score":'.json_encode(@$value['cvss_score']).',
"cvss2_vector":'.json_encode(@$value['cvss_vector']).',
"cvss3_score":'.json_encode(@$value['cvss3_score']).',
"cvss3_vector":'.json_encode(@$value['cvss3_vector']).',
"owasp":"",
"tags":"",
"to_check":"checked"}';
 
if($filter->getParam('no-save') === false){
file_put_contents($resultsFolder.$vulnFileName.".json", $jsonFile);
if($filter->getParam('no-info') === true && $value['risk'] == 'Informational')
unlink($resultsFolder.$vulnFileName.".json");
}
 
$prefix = ($filter->getParam('no-save') === true)? "[!] Issue:" : ($filter->getParam('no-info') === true && $value['risk'] == 'Informational')? "[-] Issue:" : "[+] Saving:";
echo "$prefix $key\n";
/*if ((string) $value['risk'] != 'None') {
echo "##########################\n";
echo "Title: ".@$key."\n";
echo "Impact: ".@$value['risk']."\n";
echo "CVSS2 score: ".@$value['cvss_score']." vector: ".@$value['cvss_vector']."\n";
echo "CVSS3 score: ".@$value['cvss3_score']." vector: ".@$value['cvss3_vector']."\n";
echo "Desc: ".@$value['description']."\n";
echo "Tech Desc: ".@$value['tech_description']."\n";
echo "Solution: ".@$value['solution']."\n";
}*/
}
 
?>
Buy Me A Coffee