Skip to content

Instantly share code, notes, and snippets.

@byt3bl33d3r
Last active November 4, 2019 19:46
Show Gist options
  • Save byt3bl33d3r/23a4442678a043e53b206dbf4379d0d4 to your computer and use it in GitHub Desktop.
Save byt3bl33d3r/23a4442678a043e53b206dbf4379d0d4 to your computer and use it in GitHub Desktop.
Python context manager that parses .Nessus files for discovered http/https servers using xmltodict
import xmltodict
from contextlib import ContextDecorator
"""
with NessusParser("path/to/dotnessusfile.nessus") as parser:
for url in parser:
print(url)
"""
class NessusParser(ContextDecorator):
def __init__(self, path_to_nessus_file):
self.nessus_file = path_to_nessus_file
self.urls = set()
def parser_callback(self, path, item):
"""
Apperently, Nessus's plugins are far from being consistent when trying to detect http/https pages
https://github.com/FortyNorthSecurity/EyeWitness/blob/master/modules/helpers.py#L100-L106
https://github.com/FortyNorthSecurity/EyeWitness/blob/master/modules/helpers.py#L225-L230
"""
try:
entry = dict(path)
if entry['ReportItem']['svc_name'] == 'https?':
self.urls.add(f"https://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}")
elif entry['ReportItem']['pluginID'] == "22964" and entry['ReportItem']['svc_name'] == 'www':
if "A web server is running on this port through" in dict(item)['plugin_output']:
self.urls.add(f"https://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}")
else:
self.urls.add(f"http://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}")
elif entry['ReportItem']['svc_name'] in ['http?', 'www']:
self.urls.add(f"http://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}")
except KeyError:
pass
return True
def __enter__(self):
with open(self.nessus_file, 'rb') as nessus_file:
xmltodict.parse(
nessus_file,
item_depth=4,
item_callback=self.parser_callback,
process_namespaces=True
)
for url in self.urls:
yield url
def __exit__(self, *exc):
self.urls = set()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment