Oct
2010
NessusDB v1.0 Release
NessusDB is a full featured Nessus XML parser and report generator. The report templates are very extendable and generate as PDF’s. Each template is a small ruby script so the report generation possibilities are endless; accessing the database is as simple as using ActiveRecord. There is also added some simple graphing functionality using the Gruff library. The graphs are generated on the fly from the database and can be in-lined into the reports very easily.
Usage: Setup and Parsing
[hammackj@taco:~/random_assessment]$ sudo gem install nessusdb
Updating nessusdb
Successfully installed nessusdb-1.0.0
[hammackj@taco:~/random_assessment]$ nessusdb
[!] Warning database.yml does not exist. Please run nessusdb --create-config to create one.
NessusDB - v1.0
Jacob Hammack
http://hammackj.com
Usage: nessusdb [OPTIONS]
Parsing Options
-c, --create-tables Create database tables
-d, --drop-tables Drop database tables
--create-config Creates an empty database config file
-f, --input-files *FILES Files to be parsed
Reporting Options
-t, --report-template TEMPLATE Template file to use to generate report
--author AUTHOR Author of the report
--title TITLE Title of the Report
--classification CLASS Overall classification of the report, default is Confidential
--company-name COMPANY Name of the company that preformed the assessment
--date DATE Date assessment was preformed, Default is now()
-o, --output-file FILE The Name of output file
Other Options
-h, --help Show this message
-v, --version Show version
[hammackj@taco:~/random_assessment]$ nessusdb --create-config
[hammackj@taco:~/random_assessment]$ vi database.yml
[hammackj@taco:~/random_assessment]$ nessusdb --c
== NessusDB::Schema: migrating ===============================================
-- create_table(:policies)
-> 0.2581s
-- create_table(:server_preferences)
-> 0.0148s
-- create_table(:plugins_preferences)
-> 0.0234s
-- create_table(:family_selections)
-> 0.0274s
-- create_table(:reports)
-> 0.0598s
-- create_table(:hosts)
-> 0.0071s
-- create_table(:items)
-> 0.0054s
-- create_table(:plugins)
-> 0.0053s
-- create_table(:individual_plugin_selections)
-> 0.0063s
-- create_table(:references)
-> 0.0063s
== NessusDB::Schema: migrated (0.4192s) ======================================
[*] Successfully created tables.
[hammackj@taco:~/random_assessment]$ ./nessusdb -f /Users/hammackj/random_assessment.nessus_report_Linux_Boxes.nessus
[*] Parsing /Users/hammackj/random_assessment.nessus_report_Linux_Boxes.nessus...
[*] Finished parsing /Users/hammackj/random_assessment.nessus_report_Linux_Boxes.nessus. Parse took 12.98 seconds
[hammackj@taco:~/random_assessment]$
Usage: Viewing the Data
Viewing the data is as easy as using any standard database client for the database you are using. As seen in these screenshots with Sequel Pro:
Usage: Generating a Report
Generating reports is really simple as shown below and using the --author or other variable you can customize the template some.
[hammackj@taco:~/random_assessment]$ ./nessusdb -t /Library/Ruby/Gems/1.8/gems/nessusdb-1.0.0/lib/nessusdb/templates/technical_findings.rb \
--author "Jacob Hammack, CISSP" \
--title "Hammackj.com Linux Hosts Technical Findings" \
-o sample_tech_findings.pdf
Here is a sample report from my linux test network sample_tech_findings.pdf
Issues / Bug Reports
All of the code has been thoroughly tested and used in production for the last few months. If you find any issues please report them on the GitHub Issue Tracker, I will try to fix all issues as soon as possible.