LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 06-01-2017, 12:56 AM   #1
sknsk
LQ Newbie
 
Registered: Mar 2017
Posts: 12

Rep: Reputation: Disabled
How to parse .nessus file to get result in human readable format?


Scripting Language: bash shell script, python

I want to parse .nessus file in human readable format. If any one have any ideas please help me.
 
Old 06-01-2017, 01:15 AM   #2
sknsk
LQ Newbie
 
Registered: Mar 2017
Posts: 12

Original Poster
Rep: Reputation: Disabled
Need to export report in .html or .pdf format

Operating system: Kali Linux
Scripting Language: Python

I have write the script which scan the IP using nessus and export result in .nessus file

Expected: Need to export result in .html or .pdf file

Code:
#!/usr/bin/python3
import requests
import json
import time
import sys
import urllib3
import datetime


from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
urllib3.disable_warnings()

url = 'https://localhost:8834'
verify = False
token = ''
username = 'admin'
password = 'password'




def build_url(resource):
    return '{0}{1}'.format(url, resource)


def connect(method, resource, data=None, params=None):
    headers = {'X-Cookie': 'token={0}'.format(token),'content-type': 'application/json'}
    data = json.dumps(data)

    if method == 'POST':
        r = requests.post(build_url(resource), data=data, headers=headers, verify=verify)
    elif method == 'PUT':
        r = requests.put(build_url(resource), data=data, headers=headers, verify=verify)
    elif method == 'DELETE':
        r = requests.delete(build_url(resource), data=data, headers=headers, verify=verify)
    else:
        r = requests.get(build_url(resource), params=params, headers=headers, verify=verify)

    if r.status_code != 200:
        e = r.json()
        print(e['error'])
        sys.exit()

    if 'download' in resource:
        return r.content

    try:
        return r.json()
    except ValueError:
        return r.content

def login(usr, pwd):
    login = {'username': usr, 'password': pwd}
    data = connect('POST', '/session', data=login)
    return data['token']

def logout():
    connect('DELETE', '/session')

def get_policies():
    data = connect('GET', '/editor/policy/templates')
    return dict((p['title'], p['uuid']) for p in data['templates'])

def get_history_ids(sid):
    data = connect('GET', '/scans/{0}'.format(sid))
    return dict((h['uuid'], h['history_id']) for h in data['history'])

def get_scan_history(sid, hid):
    params = {'history_id': hid}
    data = connect('GET', '/scans/{0}'.format(sid), params)

    return data['info']

def add(name, desc, targets, pid):
    scan = {'uuid': pid,
            'settings': {
                'name': name,
                'description': desc,
                'text_targets': targets}
            }
    data = connect('POST', '/scans', data=scan)
    return data['scan']

def launch(sid):
    data = connect('POST', '/scans/{0}/launch'.format(sid))
    return data['scan_uuid']

def status(sid, hid):
    d = get_scan_history(sid, hid)
    return d['status']

def export_status(sid, fid):
    data = connect('GET', '/scans/{0}/export/{1}/status'.format(sid, fid))
    return data['status'] == 'ready'


def export(sid, hid):
    data = {'history_id': hid,
            'format': 'nessus',
            'chapters': 'vuln_hosts_summary'}
    data = connect('POST', '/scans/{0}/export'.format(sid), data=data)
    fid = data['file']
    while export_status(sid, fid) is False:
        time.sleep(5)
    return fid

def download(sid, fid):
    data = connect('GET', '/scans/{0}/export/{1}/download'.format(sid, fid))
    filename = 'nessus_{0}_{1}.nessus'.format(sid, fid)
    print('Saving scan results to {0}.'.format(filename))
    with open(filename, 'wb') as f:
        f.write(data)

def delete(sid):
    connect('DELETE', '/scans/{0}'.format(scan_id))

def history_delete(sid, hid):
    connect('DELETE', '/scans/{0}/history/{1}'.format(sid, hid))

if __name__ == '__main__':
    print('Login')
    token = login(username, password)
    target_checks=[]
    finalized_targets = ""
    with open("targets.txt","r") as targets:
        for target in targets.readlines():
            target_checks.append(target.rstrip("\r\n"))
    finalized_targets = ','.join(target_checks)
    print("Scanning these targets: "+finalized_targets)
    print('Adding new scan.')
    policies = get_policies()
    policy_id = policies['Basic Network Scan']
    scan_data = add('Network scan', 'CLI API scan using API', finalized_targets, policy_id)
    scan_id = scan_data['id']
    print('Launching new scan.')
    scan_uuid = launch(scan_id)
    history_ids = get_history_ids(scan_id)
    history_id = history_ids[scan_uuid]
    while status(scan_id, history_id) != 'completed':
        time.sleep(30)
    print('Exporting the completed scan.')
    file_id = export(scan_id, history_id)
    download(scan_id, file_id)
    print('Deleting the scan.')
    history_delete(scan_id, history_id)
    delete(scan_id)
    print('Logout')
    logout()
Target.txt file data:

Code:
192.168.0.1
192.168.0.2
192.168.0.101
Is it possible to export result in .html or .pdf in above script.
 
Old 06-01-2017, 04:15 AM   #3
rdgreenlaw
Member
 
Registered: May 2007
Location: Newport, Maine, USA
Distribution: Debian 8.7
Posts: 72

Rep: Reputation: 18
To report the results in .html simply write a html header to the output file

Code:
<html>
<head>
<title>
*** Put the title of your HTML file (what displays in the browser window title) here ****
</title>
</head>
<body>
*** Put a title for the page here if you wish ***
*** follow it with </p> if you do to put space between the title and data ***
Direct the output from your processing to this html file instead of the .nessus file if you only want .html
or direct the output here after writing the data to the .nessus file if you want 2 files

After each line of data written to the .html file add <br> to put the next data line on the next html line

then put the following at the end of the .html file
Code:
</body>
</html>
The result will look something like this
Code:
<html>
<head>
<title>
IP Scan
</title>
</head>
<body>
IP Scan report from nessus<p>
192.168.0.1
<br>
192.168.0.2
<br>
192.168.0.101
<br>
</body>
</html>
Opening this html file in a web browser will look something like this
Code:
IP Scan report from nessus

192.168.0.1
192.168.0.2
192.168.0.101
Hope this helps.
 
Old 06-01-2017, 04:28 AM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 9,570

Rep: Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811Reputation: 2811
https://fileinfo.com/extension/nessus
based on this you can use python xml parser
 
Old 06-01-2017, 04:32 AM   #5
NevemTeve
Senior Member
 
Registered: Oct 2011
Location: Budapest
Distribution: Debian/GNU/Linux, AIX
Posts: 3,240

Rep: Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981Reputation: 981
Or simply:
Code:
<pre>
existing content
</pre>
 
2 members found this post helpful.
Old 06-01-2017, 04:34 AM   #6
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,372
Blog Entries: 3

Rep: Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049
If you're heading towards HTML5, you'll be able to pick from any of the HTML5 elements to structure your output. It's quite likely that some of this will end up as a legitimate use case for a table.

It will also help to save your output to a file and run tidy over it. Then go back and address the errors in the script.

If you want to change the appearance of your output and, to a certain extent, the layout, then you can make use of (CSS). The documentation for CSS 1 is the easiest to get started with, though now we are up to CSS 3.

Code:
<head>
  <title></title>
  <style type="text/css" media="screen">
  BODY { font-family: sans-serif; margin: 0; }
  H1 { font-size: 150%; font-weight: bold; font-family: serif;
       background-color: #a080ff; padding-left: 1em; padding-right: 1em;
       border-right:  thin solid #000000;
       border-left:   thin solid #000000;
    }

  @media print {
     article a {
        font-weight: bolder;
        text-decoration: none;
     }

     article a[href^=http]:after {
        content:" <" attr(href) "> ";
     }
  }
  </style>

</head>
<body>
 ... output ...
</body>
</html>
 
1 members found this post helpful.
Old 06-01-2017, 05:00 AM   #7
rdgreenlaw
Member
 
Registered: May 2007
Location: Newport, Maine, USA
Distribution: Debian 8.7
Posts: 72

Rep: Reputation: 18
Quote:
Originally Posted by NevemTeve View Post
Or simply:
Code:
<pre>
existing content
</pre>
Great improvement on my post

putting <pre> after my sample html header would allow using the same output statements as the ones used to output to the .nessus file without the need to add the <br> at the end of each line. The </pre> would go immediately before the </body> at the end.

Using this one could create a nessus.start file containing my header, a nessus.end file containing my trailer, and use cat nessus.start filename.nessus nessus.end > filename.html at the end of a script that calls the python code to create the html from the nessus output. The static header and trailer files would only need to be updated if the header for the report needed to be changed, and would not have to be recreated on each nessus process.
 
Old 06-01-2017, 06:21 AM   #8
sknsk
LQ Newbie
 
Registered: Mar 2017
Posts: 12

Original Poster
Rep: Reputation: Disabled
Need to export report in .html or .pdf format Reply to Thread

Thank you for your suggestions. It's very helpful.

But How to get output in this format that is written below.


Nessus Report
Nessus Scan Report
Wed, 31 May 2017 09:40:42 ACST

Table Of Contents
Vulnerabilities By Host
192.168.43.251

Vulnerabilities By Host
[-] Collapse All
[+] Expand All

192.168.43.251
Scan Information

Start time: Wed May 31 09:35:19 2017
End time: Wed May 31 09:40:38 2017

Host Information

DNS Name: sonal-PC
IP: 192.168.43.251

Results Summary
Critical High Medium Low Info Total
0 0 0 0 4 4

Results Details
0/tcp
12053 - Host Fully Qualified Domain Name (FQDN) Resolution [-/+]
19506 - Nessus Scan Information [-/+]

1900/udp
35711 - Universal Plug and Play (UPnP) Protocol Detection [-/+]

2869/tcp
35712 - Web Server UPnP Detection [-/+]
This is a report from the Nessus Vulnerability Scanner .

Nessus is published by Tenable Network Security, Inc | 7021 Columbia Gateway Drive Suite 500, Columbia, MD 21046
2017 Tenable Network Security, Inc. All rights reserved.


HTML file cannot attached so I have attached pdf file of Nessus report. Is it possible to get output in this format by using stylesheet and css.
Attached Files
File Type: pdf IP_k59v6e.pdf (13.2 KB, 5 views)

Last edited by sknsk; 06-01-2017 at 06:23 AM.
 
Old 06-01-2017, 07:21 AM   #9
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Ubuntu, Devuan, OpenBSD
Posts: 2,372
Blog Entries: 3

Rep: Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049Reputation: 1049
Quote:
Originally Posted by sknsk View Post
Is it possible to get output in this format by using stylesheet and css.
Yes, it is, but you'll have to work through that yourself. Did you see the link to CSS1 above?

Which HTML elements are you using and what have you so far for CSS? What structures do you see in that PDF?
 
Old 06-01-2017, 12:27 PM   #10
astrogeek
Moderator
 
Registered: Oct 2008
Distribution: Slackware [64]-X.{0|1|2|37|-current} ::12<=X<=14, FreeBSD_10{.0|.1|.2}
Posts: 4,466
Blog Entries: 6

Rep: Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407Reputation: 2407
Please post your thread once in a single forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. Your two threads have been merged.
 
Old 06-01-2017, 12:50 PM   #11
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,455
Blog Entries: 4

Rep: Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918Reputation: 2918
From reading this, it seems that you would be most expedient to produce your output as HTML. Anyone who then needs a PDF can "print" it from their browser into a PDF file.

Also, you should look carefully at the various HTML templating systems that are available for Python and for other languages. These allow you to describe the basic structure of the resulting page separately from the source-code of your program.

Your program will prepare the various elements that need to be inserted into the template, into program variables, and then invoke the template system ... telling it to "render" a particular template and to use "these variables" as inputs. (Many templating systems are quite sophisticated, containing a sort of "programming language" of their own.)

The key advantage of using a template is "separation of concerns." The template is "concerned" about what the HTML output will look like, and "unconcerned" about exactly what will be included into it. Meanwhile, your program is "concerned" with preparing those insertions, and "unconcerned" about the final appearance of the page. One can be changed without (much) impact to the other ... a "Big Win.™"

Last edited by sundialsvcs; 06-01-2017 at 12:52 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Nagios -report in pdf format arghyadas Linux - Software 2 12-02-2010 01:21 AM
SVN : - some mails are coming in plain format (html coding) & some in html format deepakdeore2004 Linux - General 0 05-06-2010 01:54 AM
Bash: Can we convert/print2pdf a html page to PDF format ? frenchn00b Linux - General 3 03-02-2008 08:02 AM
Convert pdf to html or txt or remaster the pdf? jago25_98 Linux - Software 1 12-13-2005 01:11 AM
print files in PDF or html format from the linux command line IBKnobel Linux - Software 3 07-12-2004 09:29 PM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration