Last active
November 4, 2019 19:46
-
-
Save byt3bl33d3r/23a4442678a043e53b206dbf4379d0d4 to your computer and use it in GitHub Desktop.
Python context manager that parses .Nessus files for discovered http/https servers using xmltodict
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import xmltodict | |
from contextlib import ContextDecorator | |
""" | |
with NessusParser("path/to/dotnessusfile.nessus") as parser: | |
for url in parser: | |
print(url) | |
""" | |
class NessusParser(ContextDecorator): | |
def __init__(self, path_to_nessus_file): | |
self.nessus_file = path_to_nessus_file | |
self.urls = set() | |
def parser_callback(self, path, item): | |
""" | |
Apperently, Nessus's plugins are far from being consistent when trying to detect http/https pages | |
https://github.com/FortyNorthSecurity/EyeWitness/blob/master/modules/helpers.py#L100-L106 | |
https://github.com/FortyNorthSecurity/EyeWitness/blob/master/modules/helpers.py#L225-L230 | |
""" | |
try: | |
entry = dict(path) | |
if entry['ReportItem']['svc_name'] == 'https?': | |
self.urls.add(f"https://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}") | |
elif entry['ReportItem']['pluginID'] == "22964" and entry['ReportItem']['svc_name'] == 'www': | |
if "A web server is running on this port through" in dict(item)['plugin_output']: | |
self.urls.add(f"https://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}") | |
else: | |
self.urls.add(f"http://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}") | |
elif entry['ReportItem']['svc_name'] in ['http?', 'www']: | |
self.urls.add(f"http://{entry['ReportHost']['name']}:{entry['ReportItem']['port']}") | |
except KeyError: | |
pass | |
return True | |
def __enter__(self): | |
with open(self.nessus_file, 'rb') as nessus_file: | |
xmltodict.parse( | |
nessus_file, | |
item_depth=4, | |
item_callback=self.parser_callback, | |
process_namespaces=True | |
) | |
for url in self.urls: | |
yield url | |
def __exit__(self, *exc): | |
self.urls = set() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment