Last active
March 1, 2022 15:52
-
-
Save jasonadsit/db19229634c788276419c5a4134a1b7e to your computer and use it in GitHub Desktop.
Get-TenablePluginOutput
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-TenablePluginOutput { | |
<# | |
.SYNOPSIS | |
Parses Nessus XML (.nessus) files for a specific PluginID's output | |
.DESCRIPTION | |
Parses Nessus XML (.nessus) files for a specific PluginID's output | |
.EXAMPLE | |
Get-TenablePluginOutput -Path \\path\to\folder -PluginID 92438 | |
Gets PluginOutput for PluginID 92438 from all *.nessus files under \\path\to\folder | |
.PARAMETER PluginID | |
The Tenable PluginID to extract PluginOutput from | |
.PARAMETER Flatten | |
Switch to split the PluginOutput by "`n"/NewLine | |
.PARAMETER IncludeMacAddress | |
Switch to include the MacAddress | |
.PARAMETER Path | |
Paths to operate on. Accepts files as well as folders | |
.INPUTS | |
System.Object | |
.OUTPUTS | |
System.Object | |
.NOTES | |
####################################################################################### | |
Author: State of Oregon, EIS, CSS, Cybersecurity Assessment Team | |
Version: 1.1 | |
####################################################################################### | |
License: https://unlicense.org/UNLICENSE | |
####################################################################################### | |
.LINK | |
https://github.com/orgs/stateoforegon-eis-css/teams/cybersecurity-assessors | |
.FUNCTIONALITY | |
Parses Nessus XML (.nessus) files for a specific PluginID's output | |
#> | |
[CmdletBinding()] | |
param ( | |
[parameter(Position=0)] | |
[string] | |
$PluginID, | |
[parameter(Position=1)] | |
[switch] | |
$Flatten, | |
[parameter(Position=2)] | |
[switch] | |
$IncludeMacAddress, | |
[parameter(Position=3,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)] | |
[Alias('PSPath','FullName')] | |
[string[]] | |
$Path | |
) #param | |
begin { | |
if (-not $PSBoundParameters.ContainsKey('Path')) { | |
$Path = Get-Location | |
} #if | |
} #begin | |
process { | |
$Path | ForEach-Object { | |
$EachPath = $_ | Get-Item | |
if (-not $EachPath.PSIsContainer) { | |
$NessusFile = $EachPath | Where-Object { $_.Name -match '\.nessus$' } | |
} elseif ($EachPath.PSIsContainer) { | |
$NessusFile = $EachPath | Get-ChildItem -Recurse -Filter *.nessus | |
} | |
$NessusFile | ForEach-Object { | |
$ReportXml = New-Object -TypeName Xml | |
$ReportFullName = $_.FullName | |
$ReportXml.Load($ReportFullName) | |
$ReportXml.SelectNodes('//NessusClientData_v2/Report/ReportHost') | | |
Where-Object { $_.ReportItem.GetAttribute('pluginID') -eq $PluginID } | |
Clear-Variable -Name ReportXml | |
[gc]::Collect() | |
} | ForEach-Object { | |
$Tags = $_.HostProperties.tag | Group-Object -Property name -AsHashTable | |
$ReportItems = $_.ReportItem | Group-Object -Property pluginID -AsHashTable | |
$IpAddress = $Tags['host-ip'].'#text' #-split "`n" | Select-Object -First 1 | |
$NetBiosName = $Tags['netbios-name'].'#text' #-split "`n" | Select-Object -First 1 | |
$MacAddress = $Tags['mac-address'].'#text' #-split "`n" | Select-Object -First 1 | |
if (-not $Flatten) { | |
if (-not $IncludeMacAddress) { | |
[pscustomobject][ordered] @{ | |
IpAddress = $IpAddress | |
NetBiosName = $NetBiosName | |
PluginOutput = $ReportItems[$PluginID].plugin_output | |
} | |
} elseif ($IncludeMacAddress) { | |
[pscustomobject][ordered] @{ | |
IpAddress = $IpAddress | |
NetBiosName = $NetBiosName | |
MacAddress = $MacAddress | |
PluginOutput = $ReportItems[$PluginID].plugin_output | |
} | |
} #if $IncludeMacAddress | |
} elseif ($Flatten) { | |
$ReportItems[$PluginID].plugin_output -split "`n" | ForEach-Object { | |
$EachLine = $_.Trim() | |
if (-not $IncludeMacAddress) { | |
[pscustomobject][ordered] @{ | |
IpAddress = $IpAddress | |
NetBiosName = $NetBiosName | |
PluginOutput = $EachLine | |
} | |
} elseif ($IncludeMacAddress) { | |
[pscustomobject][ordered] @{ | |
IpAddress = $IpAddress | |
NetBiosName = $NetBiosName | |
MacAddress = $MacAddress | |
PluginOutput = $EachLine | |
} | |
} #if $IncludeMacAddress | |
} #ForEach-Object $EachLine | |
} #if $Flatten | |
Clear-Variable -Name Tags | |
Clear-Variable -Name ReportItems | |
[gc]::Collect() | |
} #ForEach-Object ReportHost | |
} #ForEach-Object $Path | |
} #process | |
end { | |
} #end | |
} #function Get-TenablePluginOutput |
Author
jasonadsit
commented
Jan 12, 2021
•
Get-TenablePluginOutput -PluginID 10736 | ForEach-Object {
$IpAddress = $_.IpAddress
$NetBiosName = $_.NetBiosName
$_.PluginOutput -split "`n`n" | Where-Object { $_ -cmatch 'UUID' } | ForEach-Object {
$Lines = $_ -split "`n" | ForEach-Object { $_.Trim() }
$EachOne = @{}
$Lines | ForEach-Object {
$Key = ($_ -split '\s:\s')[0].Trim()
$Value = ($_ -split '\s:\s')[-1].Trim()
$EachOne.Add($Key,$Value)
[pscustomobject][ordered]@{
IpAddress = $IpAddress
NetBiosName = $NetBiosName
ObjectUUID = $EachOne['Object UUID']
UUID = $EachOne['UUID']
Description = $EachOne['Description']
WindowsProcess = $EachOne['Windows process']
Type = $EachOne['Type']
TcpPort = $EachOne['TCP Port']
IP = $EachOne['IP']
}
}
}
}
Get-TenablePluginOutput -PluginID 44401 | ForEach-Object {
$IpAddress = $_.IpAddress
$NetBiosName = $_.NetBiosName
$_.PluginOutput -split "`n`n" | Where-Object { $_ -match 'Executable' } | ForEach-Object {
$Lines = $_ -split "`n" | ForEach-Object { $_.Trim() }
$EachOne = @{}
$Lines | ForEach-Object {
$Key = ($_ -split '\s:\s')[0].Trim()
$Value = ($_ -split '\s:\s')[-1].Trim()
$EachOne.Add($Key,$Value)
[pscustomobject][ordered]@{
IpAddress = $IpAddress
NetBiosName = $NetBiosName
DisplayName = $EachOne['Display name']
ServiceName = $EachOne['Service name']
LogOnAs = $EachOne['Log on as']
ExecutablePath = $EachOne['Executable path']
}
}
}
}
Get-TenablePluginOutput -PluginID 58181 -Flatten |
Where-Object { $_.PluginOutput -match 'NameServer:' } |
Select-Object -Property IpAddress,
NetBiosName,
@{
n='DnsServers';
e={
$_.PluginOutput.Split(':')[-1].Trim().Replace(',',' ')
}
}
$PluginID = '21156'
Get-ChildItem -Filter *.nessus |
Select-Xml -XPath //NessusClientData_v2/Report/ReportHost |
Select-Object -ExpandProperty Node |
Where-Object { $_.ReportItem.GetAttribute('pluginID') -eq $PluginID } | ForEach-Object {
$Tags = $_.HostProperties.tag | Group-Object -Property name -AsHashTable
$ReportItems = $_.ReportItem | Group-Object -Property pluginID -AsHashTable
$ReportItems[$PluginID] | ForEach-Object {
$Reference = $(($_.'compliance-reference' -split ',') -join "`r`n")
$Reference = "$Reference`r`n"
[pscustomobject][ordered]@{
IpAddress = $Tags['host-ip'].'#text'
ComputerName = $Tags['host-fqdn'].'#text' -split '\.' | Select-Object -First 1
CheckName = $_.'compliance-check-name'
Result = $_.'compliance-result'
Reference = $Reference
Solution = $_.'compliance-solution'
}
}
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment