SlideShare a Scribd company logo

Nessus Reporting and Analysis

n|u - The Open Security Community
n|u - The Open Security Community

This document discusses parsing and customizing Nessus vulnerability scan reports. It provides an overview of different Nessus report formats, demonstrates opening reports in Excel, and shares PHP code for parsing Nessus XML reports and extracting key fields. The document also discusses building a database to store scan results, developing customized reports, and identifying false positives and common vulnerabilities. It aims to provide a framework for integrating Nessus data into existing security tools and inventory systems.

Technology
1 of 32
Download to read offline
Nessus Reporting Karma By Anant Shrivastava http://anantshri.info anant@anantshri.info
Its not a Talk • First thing’s first – This is not a talk. – This should be an interactive session. • I am here presenting what I have worked so far to give back what I learned from community. • Need your opinion / suggestion / comments on how I can improve on it.
Points to Discuss • Nessus Reporting : Various formats • How to customize • Understanding Nessus XML format • PHP code as PoC for parsing logic. • Analysis : the real pain – Reclassification – False positives
Nessus • Do we need an introduction
Nessus Reporting formats • HTML • NBE • Dot nessus v1 • Dot nessus v2
HTML reports
NBE Format
Understanding dot Nessus format • We have two nessus format. • .nessus • .nessus (v2)
Dot Nessus v1 Three basic sections •Target : Containing list of machines to be scanned. •Policies : policy used for scan including plugin preferences. •Reports : Actual scan report. Report Host contains details about each host. Inside Report host we need to look at report item. This section is repeated for each and every problem identified. Data section inside Report item contains multiple fields in one place. •CVSS score •Plugin Output •Solution •Reference etc
Dot nessus v2 http://cgi.tenable.com/nessus_v2_file_format.pdf Two basic section •Policy : global and plugin wise preference listed here. •Report host : detailed report for each host. This Version clearly separates all fields also. • Cvss vector. •Plugin Output etc find separate tags.
Continuous Evolving format (v2) • Recently added tags – exploit_available - boolean – exploit_framework_canvas - boolean – canvas_package - name – exploit_framework_metasploit - boolean – metasploit_name - name
Customized HTML reports • Frankly I am not good at that • However per my basic search its good option for those who don’t want to mess with the output’s too much
Customization
Opening Nessus format in Excel • Open the nessus file in Excel
Opening Nessus format in Excel
Opening Nessus format in Excel
Opening Nessus format in Excel
Opening Nessus format in Excel
Opening Nessus format in Excel
Better Option • Use some parsing logic. • Some existing options – http://seccubus.com/ : very good option • Provides periodic scan option with report comparision. – http://enterprise.bidmc.harvard.edu/pub/nessus- php/ • Good php interface. – Also number of options in Python, perl for the same
If options exist why write again • Custom Parser writing will only be required for – Integrating with existing infra tools. • Inventory management system • Security checking tools. – More level of customization required then provided. – Better control over frequency and scan granularities.
<?php PHP PoC : Shareable function read_max_nessus($file_name) { $xml = simplexml_load_file($file_name); $Policy = $xml->Policy; $report = $xml->Report; echo "Policy Name : " . $Policy->policyName; foreach( $report->ReportHost as $hst){ $ip_address = $hst["name"]; echo "<ol><li>IP ADDRESS : " . $ip_address . "</li>"; $circle=""; $server_type = $hst->HostProperties->tag[1]; $end_date = $hst->HostProperties->tag[0]; echo "<li> Server Type : " . $server_type . "</li><li><ol>"; foreach ($hst->HostProperties->tag as $tg){ echo "<li>". htmlentities($tg["name"]) . " :" . htmlentities($tg[0]) . "</li>"; } echo "</ol></li><li><ol>"; foreach ($hst->ReportItem as $rh){ if ($rh["pluginName"]== ""){ continue; } else{ echo "<li><ul><li>Port : " . htmlentities($rh["port"]) . "</li>"; echo "<li>Protocol : " . htmlentities($rh["protocol"]) . "</li>"; echo "<li>Service Name : " . htmlentities($rh["svc_name"]) . "</li>"; echo "<li>Plugin ID : " . htmlentities($rh["pluginID"]) ."</li>"; echo "<li>Plugin Name : " . htmlentities($rh["pluginName"]) ."</li>"; echo "<li>Plugin Family : " . htmlentities($rh["pluginFamily"]) ."</li>"; echo "<li>Severity : " . htmlentities($rh["severity"]) . "</li>"; echo "<li>Risk Factor : ".nl2br(htmlentities($rh->risk_factor)) . "</li>"; echo "<li>Synopsis : ". nl2br(htmlentities($rh->synopsis)) . "</li>"; echo "<li>Description : ". nl2br(htmlentities($rh->description)) . "</li>"; echo "<li>Solution : ". nl2br(htmlentities($rh->solution)) . "</li>"; echo "<li>Reference CVE : " . htmlentities($rh->cve) . "</li>"; echo "<li>CVSS Base Score : " . htmlentities($rh->cvss_base_score) . "</li>"; echo "<li>CVSS Vector : " . htmlentities($rh->cvss_vector) . "</li>"; echo "<li>X ref : " . htmlentities($rh->xfref) . "</li>"; echo "<li>Bug Track Id : " . htmlentities($rh->bid) . "</li>"; echo "<li>Plugin Output : " . nl2br(htmlentities($rh->plugin_output)) . "</li>"; echo "<li>Exploit Available : " . $rh->exploit_available . "</li>"; echo "<li>Exploit Available in MetaSpolit : " . $rh->exploit_framework_metasploit . "</li>"; echo "<li>MetaExploit Name : " . $rh->metasploit_name . "</li>"; echo "<li>Exploit Available in CANVAS : " . $rh->exploit_framework_canvas . "</li>"; echo "<li>CANVAS Package Name : " . $rh->canvas_package . "</li>"; echo "<li>See Also : " . nl2br(htmlentities($rh->see_also)) . "</li></ul></li>"; } } echo "</ol></li></ol>"; } } ?>
Actual Work • PHP front end for Report uploading to DB • DB used : Oracle • Integration with Inventory Management Tool • Analysis – Known False positive identification by plugin id. – Grouping common vulnerabilities in group – Classification on Network and Server devices • Excel based report extraction
DB view : DATA Dump Disclaimer : I am bad at db design and co-relation
Front End
DB view : Grouping Disclaimer : I am bad at db design and co-relation
DB view : Grouping data Disclaimer : I am bad at db design and co-relation
DB view Grouping Data - 2 Disclaimer : I am bad at db design and co-relation
Reports • Queries for extracting direct report based on Nessus input. • Generate report based on inventory management system. • Auto Remove false positives based on plugin id’s and plugin output parameter’s. • Group vulnerabilities based on common suggestion. • Find missing systems cross referencing system inventory. • Find Change in Device details based on past and current snapshot of inventory. • Find Repeated vulnerabilities over time (based on current scan and previous scan keeping systemid from system inventory as base).
Extract all plugin details • Till Nessus 4.2 version – Nessus –Spq localhost 1241 <user> <pass> • Above 4.2 – XML RPC interface
Road Ahead • This is what I have planned so far – Creating similar interface for OpenVAS. – Use XMLRPC for remote initialization and control. – Keep MySQL as an alternative option
Thanks • Thanks for still being seated.  • I hope this presentation might help you in any way. • Please come forward if you have any comment or suggestion.

Recommended

Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Daniel Bohannon
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0Will Schroeder
 

Recommended

Attacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkAttacking Oracle with the Metasploit Framework
Attacking Oracle with the Metasploit FrameworkChris Gates
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Windows attacks - AT is the new black
Windows attacks - AT is the new blackWindows attacks - AT is the new black
Windows attacks - AT is the new blackChris Gates
 
DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015DevOops & How I hacked you DevopsDays DC June 2015
DevOops & How I hacked you DevopsDays DC June 2015Chris Gates
 
Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Invoke-Obfuscation DerbyCon 2016
Invoke-Obfuscation DerbyCon 2016Daniel Bohannon
 
Open Canary - novahackers
Open Canary - novahackersOpen Canary - novahackers
Open Canary - novahackersChris Gates
 
DevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsDevOOPS: Attacks and Defenses for DevOps Toolchains
DevOOPS: Attacks and Defenses for DevOps ToolchainsChris Gates
 
I hunt sys admins 2.0
I hunt sys admins 2.0I hunt sys admins 2.0
I hunt sys admins 2.0Will Schroeder
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
 
Mitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityMitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityCsaba Fitzl
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...BlueHat Security Conference
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSECVic Hargrave
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP SinghBipin Upadhyay
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanismsCsaba Fitzl
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellEnclaveSecurity
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirusCsaba Fitzl
 
Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Alexander Polce Leary
 
Pwnstaller
PwnstallerPwnstaller
PwnstallerWill Schroeder
 
The Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to CompromiseThe Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to CompromiseWill Schroeder
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 
Nessus Basics
Nessus BasicsNessus Basics
Nessus Basicsamiable_indian
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 

More Related Content

What's hot

Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new blackRob Fuller
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNEDChris Gates
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Chris Gates
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassRob Fuller
 
Mitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityMitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityCsaba Fitzl
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2Chris Gates
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...BlueHat Security Conference
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultJeff Horwitz
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSECVic Hargrave
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP SinghBipin Upadhyay
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Rob Fuller
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsMark Ginnebaugh
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanismsCsaba Fitzl
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellEnclaveSecurity
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirusCsaba Fitzl
 
Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Alexander Polce Leary
 
The Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to CompromiseThe Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to CompromiseWill Schroeder
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016Chris Gates
 

What's hot (20)

Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
Lares from LOW to PWNED
Lares from LOW to PWNEDLares from LOW to PWNED
Lares from LOW to PWNED
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0
 
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
Big Bang Theory: The Evolution of Pentesting High Security Enviroments IT Def...
 
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting ClassThe Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
 
Mitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint SecurityMitigating Exploits Using Apple's Endpoint Security
Mitigating Exploits Using Apple's Endpoint Security
 
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
hackcon2013-Dirty Little Secrets They Didn't Teach You In Pentesting Class v2
 
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S... BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
BlueHat v17 || Scaling Incident Response - 5 Keys to Successful Defense at S...
 
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp VaultChickens & Eggs: Managing secrets in AWS with Hashicorp Vault
Chickens & Eggs: Managing secrets in AWS with Hashicorp Vault
 
Securing Hadoop with OSSEC
Securing Hadoop with OSSECSecuring Hadoop with OSSEC
Securing Hadoop with OSSEC
 
'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh'Malware Analysis' by PP Singh
'Malware Analysis' by PP Singh
 
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
Attacker Ghost Stories (CarolinaCon / Area41 / RVASec)
 
Think Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack VectorsThink Like a Hacker - Database Attack Vectors
Think Like a Hacker - Database Attack Vectors
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
 
Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017Building Better Backdoors with WMI - DerbyCon 2017
Building Better Backdoors with WMI - DerbyCon 2017
 
Pwnstaller
PwnstallerPwnstaller
Pwnstaller
 
The Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to CompromiseThe Travelling Pentester: Diaries of the Shortest Path to Compromise
The Travelling Pentester: Diaries of the Shortest Path to Compromise
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 

Viewers also liked

Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerAjit Dadresa
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Alexander Leonov
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N NessusUtkarsh Verma
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tulisan Komputer
 
Presentación-nessus
Presentación-nessusPresentación-nessus
Presentación-nessusnana nana
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkAnimesh Roy
 
Vulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comVulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comAlexander Leonov
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)SSASIT
 
Nmap basics
Nmap basicsNmap basics
Nmap basicsitmind4u
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)Arun Shukla
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniquesamiable_indian
 
N map presentation
N map presentationN map presentation
N map presentationulirraptor
 

Viewers also liked (20)

Nessus Basics
Nessus BasicsNessus Basics
Nessus Basics
 
Demo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scannerDemo of security tool nessus - Network vulnerablity scanner
Demo of security tool nessus - Network vulnerablity scanner
 
Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16Enterprise Vulnerability Management - ZeroNights16
Enterprise Vulnerability Management - ZeroNights16
 
Network Security Nmap N Nessus
Network Security Nmap N NessusNetwork Security Nmap N Nessus
Network Security Nmap N Nessus
 
Linux dasar
Linux dasarLinux dasar
Linux dasar
 
Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1Tutorial nessus 6.2 versi1
Tutorial nessus 6.2 versi1
 
Presentación-nessus
Presentación-nessusPresentación-nessus
Presentación-nessus
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
 
Network Security Tools
Network Security ToolsNetwork Security Tools
Network Security Tools
 
Vulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.comVulnerability Intelligence and Assessment with vulners.com
Vulnerability Intelligence and Assessment with vulners.com
 
Nmap(network mapping)
Nmap(network mapping)Nmap(network mapping)
Nmap(network mapping)
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
Pentest with Metasploit
Pentest with MetasploitPentest with Metasploit
Pentest with Metasploit
 
Nessus Scanner Vulnerabilidades
Nessus Scanner VulnerabilidadesNessus Scanner Vulnerabilidades
Nessus Scanner Vulnerabilidades
 
Nmap
NmapNmap
Nmap
 
How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF How to Setup A Pen test Lab and How to Play CTF
How to Setup A Pen test Lab and How to Play CTF
 
Hacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning TechniquesHacking With Nmap - Scanning Techniques
Hacking With Nmap - Scanning Techniques
 
N map presentation
N map presentationN map presentation
N map presentation
 

Similar to Nessus Reporting and Analysis

PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckrICh morrow
 
Intro to php
Intro to phpIntro to php
Intro to phpSp Singh
 
Scaling php applications with redis
Scaling php applications with redisScaling php applications with redis
Scaling php applications with redisjimbojsb
 
Beyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehr
Beyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehrBeyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehr
Beyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehrJens-Christian Fischer
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cacheAndré Rømcke
 
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...NETWAYS
 
Scaling Complexity in WordPress Enterprise Apps
Scaling Complexity in WordPress Enterprise AppsScaling Complexity in WordPress Enterprise Apps
Scaling Complexity in WordPress Enterprise AppsMike Schinkel
 
php fundamental
php fundamentalphp fundamental
php fundamentalzalatarunk
 
Php introduction with history of php
Php introduction with history of phpPhp introduction with history of php
Php introduction with history of phppooja bhandari
 
Php course-in-navimumbai
Php course-in-navimumbaiPhp course-in-navimumbai
Php course-in-navimumbaivibrantuser
 
Cli the other sapi pbc11
Cli the other sapi pbc11Cli the other sapi pbc11
Cli the other sapi pbc11Combell NV
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code baseRobert Munteanu
 
Cli the other SAPI confoo11
Cli the other SAPI confoo11Cli the other SAPI confoo11
Cli the other SAPI confoo11Combell NV
 

Similar to Nessus Reporting and Analysis (20)

PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course Deck
 
Intro to php
Intro to phpIntro to php
Intro to php
 
Scaling php applications with redis
Scaling php applications with redisScaling php applications with redis
Scaling php applications with redis
 
Php
PhpPhp
Php
 
Supa fast Ruby + Rails
Supa fast Ruby + RailsSupa fast Ruby + Rails
Supa fast Ruby + Rails
 
Beyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehr
Beyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehrBeyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehr
Beyond HTML - Scriptsprachen, Frameworks, Templatesprachen und vieles mehr
 
PhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cachePhpTour Lyon 2014 - Transparent caching & context aware http cache
PhpTour Lyon 2014 - Transparent caching & context aware http cache
 
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
OSDC 2015: Mitchell Hashimoto | Automating the Modern Datacenter, Development...
 
Tml for Laravel
Tml for LaravelTml for Laravel
Tml for Laravel
 
Training on php by cyber security infotech (csi)
Training on php by cyber security infotech (csi)Training on php by cyber security infotech (csi)
Training on php by cyber security infotech (csi)
 
Scaling Complexity in WordPress Enterprise Apps
Scaling Complexity in WordPress Enterprise AppsScaling Complexity in WordPress Enterprise Apps
Scaling Complexity in WordPress Enterprise Apps
 
php fundamental
php fundamentalphp fundamental
php fundamental
 
Php introduction with history of php
Php introduction with history of phpPhp introduction with history of php
Php introduction with history of php
 
php
phpphp
php
 
Php course-in-navimumbai
Php course-in-navimumbaiPhp course-in-navimumbai
Php course-in-navimumbai
 
Cli the other sapi pbc11
Cli the other sapi pbc11Cli the other sapi pbc11
Cli the other sapi pbc11
 
Scaling up development of a modular code base
Scaling up development of a modular code baseScaling up development of a modular code base
Scaling up development of a modular code base
 
Cli the other SAPI confoo11
Cli the other SAPI confoo11Cli the other SAPI confoo11
Cli the other SAPI confoo11
 
TIAD : Automating the modern datacenter
TIAD : Automating the modern datacenterTIAD : Automating the modern datacenter
TIAD : Automating the modern datacenter
 
Fatc
FatcFatc
Fatc
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 

Recently uploaded (20)

Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 

Nessus Reporting and Analysis

  • 1. Nessus Reporting Karma By Anant Shrivastava http://anantshri.info anant@anantshri.info
  • 2. Its not a Talk • First thing’s first – This is not a talk. – This should be an interactive session. • I am here presenting what I have worked so far to give back what I learned from community. • Need your opinion / suggestion / comments on how I can improve on it.
  • 3. Points to Discuss • Nessus Reporting : Various formats • How to customize • Understanding Nessus XML format • PHP code as PoC for parsing logic. • Analysis : the real pain – Reclassification – False positives
  • 4. Nessus • Do we need an introduction
  • 5. Nessus Reporting formats • HTML • NBE • Dot nessus v1 • Dot nessus v2
  • 8. Understanding dot Nessus format • We have two nessus format. • .nessus • .nessus (v2)
  • 9. Dot Nessus v1 Three basic sections •Target : Containing list of machines to be scanned. •Policies : policy used for scan including plugin preferences. •Reports : Actual scan report. Report Host contains details about each host. Inside Report host we need to look at report item. This section is repeated for each and every problem identified. Data section inside Report item contains multiple fields in one place. •CVSS score •Plugin Output •Solution •Reference etc
  • 10. Dot nessus v2 http://cgi.tenable.com/nessus_v2_file_format.pdf Two basic section •Policy : global and plugin wise preference listed here. •Report host : detailed report for each host. This Version clearly separates all fields also. • Cvss vector. •Plugin Output etc find separate tags.
  • 11. Continuous Evolving format (v2) • Recently added tags – exploit_available - boolean – exploit_framework_canvas - boolean – canvas_package - name – exploit_framework_metasploit - boolean – metasploit_name - name
  • 12. Customized HTML reports • Frankly I am not good at that • However per my basic search its good option for those who don’t want to mess with the output’s too much
  • 14. Opening Nessus format in Excel • Open the nessus file in Excel
  • 20. Better Option • Use some parsing logic. • Some existing options – http://seccubus.com/ : very good option • Provides periodic scan option with report comparision. – http://enterprise.bidmc.harvard.edu/pub/nessus- php/ • Good php interface. – Also number of options in Python, perl for the same
  • 21. If options exist why write again • Custom Parser writing will only be required for – Integrating with existing infra tools. • Inventory management system • Security checking tools. – More level of customization required then provided. – Better control over frequency and scan granularities.
  • 22. <?php PHP PoC : Shareable function read_max_nessus($file_name) { $xml = simplexml_load_file($file_name); $Policy = $xml->Policy; $report = $xml->Report; echo "Policy Name : " . $Policy->policyName; foreach( $report->ReportHost as $hst){ $ip_address = $hst["name"]; echo "<ol><li>IP ADDRESS : " . $ip_address . "</li>"; $circle=""; $server_type = $hst->HostProperties->tag[1]; $end_date = $hst->HostProperties->tag[0]; echo "<li> Server Type : " . $server_type . "</li><li><ol>"; foreach ($hst->HostProperties->tag as $tg){ echo "<li>". htmlentities($tg["name"]) . " :" . htmlentities($tg[0]) . "</li>"; } echo "</ol></li><li><ol>"; foreach ($hst->ReportItem as $rh){ if ($rh["pluginName"]== ""){ continue; } else{ echo "<li><ul><li>Port : " . htmlentities($rh["port"]) . "</li>"; echo "<li>Protocol : " . htmlentities($rh["protocol"]) . "</li>"; echo "<li>Service Name : " . htmlentities($rh["svc_name"]) . "</li>"; echo "<li>Plugin ID : " . htmlentities($rh["pluginID"]) ."</li>"; echo "<li>Plugin Name : " . htmlentities($rh["pluginName"]) ."</li>"; echo "<li>Plugin Family : " . htmlentities($rh["pluginFamily"]) ."</li>"; echo "<li>Severity : " . htmlentities($rh["severity"]) . "</li>"; echo "<li>Risk Factor : ".nl2br(htmlentities($rh->risk_factor)) . "</li>"; echo "<li>Synopsis : ". nl2br(htmlentities($rh->synopsis)) . "</li>"; echo "<li>Description : ". nl2br(htmlentities($rh->description)) . "</li>"; echo "<li>Solution : ". nl2br(htmlentities($rh->solution)) . "</li>"; echo "<li>Reference CVE : " . htmlentities($rh->cve) . "</li>"; echo "<li>CVSS Base Score : " . htmlentities($rh->cvss_base_score) . "</li>"; echo "<li>CVSS Vector : " . htmlentities($rh->cvss_vector) . "</li>"; echo "<li>X ref : " . htmlentities($rh->xfref) . "</li>"; echo "<li>Bug Track Id : " . htmlentities($rh->bid) . "</li>"; echo "<li>Plugin Output : " . nl2br(htmlentities($rh->plugin_output)) . "</li>"; echo "<li>Exploit Available : " . $rh->exploit_available . "</li>"; echo "<li>Exploit Available in MetaSpolit : " . $rh->exploit_framework_metasploit . "</li>"; echo "<li>MetaExploit Name : " . $rh->metasploit_name . "</li>"; echo "<li>Exploit Available in CANVAS : " . $rh->exploit_framework_canvas . "</li>"; echo "<li>CANVAS Package Name : " . $rh->canvas_package . "</li>"; echo "<li>See Also : " . nl2br(htmlentities($rh->see_also)) . "</li></ul></li>"; } } echo "</ol></li></ol>"; } } ?>
  • 23. Actual Work • PHP front end for Report uploading to DB • DB used : Oracle • Integration with Inventory Management Tool • Analysis – Known False positive identification by plugin id. – Grouping common vulnerabilities in group – Classification on Network and Server devices • Excel based report extraction
  • 24. DB view : DATA Dump Disclaimer : I am bad at db design and co-relation
  • 26. DB view : Grouping Disclaimer : I am bad at db design and co-relation
  • 27. DB view : Grouping data Disclaimer : I am bad at db design and co-relation
  • 28. DB view Grouping Data - 2 Disclaimer : I am bad at db design and co-relation
  • 29. Reports • Queries for extracting direct report based on Nessus input. • Generate report based on inventory management system. • Auto Remove false positives based on plugin id’s and plugin output parameter’s. • Group vulnerabilities based on common suggestion. • Find missing systems cross referencing system inventory. • Find Change in Device details based on past and current snapshot of inventory. • Find Repeated vulnerabilities over time (based on current scan and previous scan keeping systemid from system inventory as base).
  • 30. Extract all plugin details • Till Nessus 4.2 version – Nessus –Spq localhost 1241 <user> <pass> • Above 4.2 – XML RPC interface
  • 31. Road Ahead • This is what I have planned so far – Creating similar interface for OpenVAS. – Use XMLRPC for remote initialization and control. – Keep MySQL as an alternative option
  • 32. Thanks • Thanks for still being seated.  • I hope this presentation might help you in any way. • Please come forward if you have any comment or suggestion.