namnamir/nessus_plugin_11936_parser.py

## nessus_plugin_11936_parser.py
# Version 1.0
# Copyleft
#
# Ali Nikouei
# July 2020

# this script parses the CSV output of the plugin 11936 of Nessus professional
# https://community.tenable.com/s/article/Operating-System-identification-using-Plugin-11936

## How to use it:
# 1. Filter the report based on "Plugin ID" where it "is equal to" the plugin ID "11936"
# 2. Export the report into a CSV file
# 3. Define the list of your devices in the list 'excluded_hosts'
# 3. Use the script to parse it

#######################################################################################################
# see also the other Gist parses the other format of host enumerations:
# https://gist.github.com/namnamir/485f7d4cc86faeda0e9d1c145d0ade29
#######################################################################################################

import csv, sys, getopt

# list of operating systems and their families
OSes = [('linux', 'Linux'), ('windows', 'Windows'), ('microsoft', 'Windows'), ('win', 'Windows'), ('bsd', 'Linux'), ('unix', 'Linux'), ('iphone', 'iOS'), ('ipad', 'iOS')]

# list of hosts should be excluded; e.g. the probe or the tester machine
excluded_hosts = ['my_device_1', 'my_device_2', 'my_device_3']

# empty array to store list of hosts
hosts = []

# read the arguments
def arg_reader(argv):
    input_file = ''
    output_file = ''
    try:
        options, args = getopt.getopt(argv, "hi:o:", ["input=", "output="])
    except getopt.GetoptError:
        print('nessusParser.py -i <input_file> -o <output_file>')
        sys.exit(2)

    for option, value in options:
        if option == '-h':
            print('nessusParser.py -i <input_file> -o <output_file>')
            sys.exit()
        elif option in ("-i", "--input"):
            if not value:
                sys.exit('ERROR: the input file should be defined')
            input_file = value
        elif option in ("-o", "--output"):
            if not value:
                sys.exit('ERROR: the output file should be defined')
            output_file = value

    return input_file, output_file


if __name__ == "__main__":
    input_file , output_file = arg_reader(sys.argv[1:])

    if not input_file or not output_file:
        sys.exit('ERROR: please follow define the input and output\n\rnessusParser.py -i <input_file> -o <output_file>')

    # open the file
    with open(input_file) as csv_file:
        # open the file as a dict
        dict = csv.DictReader(csv_file)

        # count the number of rows
        line = 0
        for row in dict:
                if line == 0:
                        line += 1

                # if the host is the excluded one, ignore it
                if row["Host"] in excluded_hosts:
                    print(f'The host {row["Host"]} is excluded')
                    continue

                temp = row["Plugin Output"].split('\n')

                # iterate over the output of each host
                for l in temp:
                    # if the line contains "Remote ..."
                    if "Remote operating system :" in l:
                        # get the OS
                        os = l.split(':')[1]

                        category = ''

                        # iterate over the list of defined OSes
                        for o in OSes:
                            if o[0] in os.lower():
                                category = o[1]
                                break

                        # if os is not listed
                        if not category:
                            category = 'Other'

                    # if the line contains "confidence ..."
                    elif "Confidence level :" in l:
                        confidence = l.split(':')[1]

                    # if the line contains "Method ..."
                    elif "Method :" in l:
                        method = l.split(':')[1]

                # create a dictionay of findings
                host = {
                    'Host': row["Host"],
                    'Operating System': os,
                    'Confidence': confidence,
                    'Category': category,
                    'Method': method
                }

                # append to the list of hosts
                hosts.append(host)

                # increase the line number
                line += 1

        # print out the statistics
        print(f'In total {line} host are enumerated.')

    # create the output file
    output = open(output_file, 'w')

    # open the file
    with output:
       writer = csv.DictWriter(output, fieldnames=list(host.keys()))

       # write the header of the file
       writer.writeheader()

       # write all hosts into the file
       for h in hosts:
           writer.writerow(h)
	# Version 1.0
	# Copyleft
	#
	# Ali Nikouei
	# July 2020

	# this script parses the CSV output of the plugin 11936 of Nessus professional
	# https://community.tenable.com/s/article/Operating-System-identification-using-Plugin-11936

	## How to use it:
	# 1. Filter the report based on "Plugin ID" where it "is equal to" the plugin ID "11936"
	# 2. Export the report into a CSV file
	# 3. Define the list of your devices in the list 'excluded_hosts'
	# 3. Use the script to parse it

	#######################################################################################################
	# see also the other Gist parses the other format of host enumerations:
	# https://gist.github.com/namnamir/485f7d4cc86faeda0e9d1c145d0ade29
	#######################################################################################################

	import csv, sys, getopt

	# list of operating systems and their families
	OSes = [('linux', 'Linux'), ('windows', 'Windows'), ('microsoft', 'Windows'), ('win', 'Windows'), ('bsd', 'Linux'), ('unix', 'Linux'), ('iphone', 'iOS'), ('ipad', 'iOS')]

	# list of hosts should be excluded; e.g. the probe or the tester machine
	excluded_hosts = ['my_device_1', 'my_device_2', 'my_device_3']

	# empty array to store list of hosts
	hosts = []

	# read the arguments
	def arg_reader(argv):
	input_file = ''
	output_file = ''
	try:
	options, args = getopt.getopt(argv, "hi:o:", ["input=", "output="])
	except getopt.GetoptError:
	print('nessusParser.py -i <input_file> -o <output_file>')
	sys.exit(2)

	for option, value in options:
	if option == '-h':
	print('nessusParser.py -i <input_file> -o <output_file>')
	sys.exit()
	elif option in ("-i", "--input"):
	if not value:
	sys.exit('ERROR: the input file should be defined')
	input_file = value
	elif option in ("-o", "--output"):
	if not value:
	sys.exit('ERROR: the output file should be defined')
	output_file = value

	return input_file, output_file


	if __name__ == "__main__":
	input_file , output_file = arg_reader(sys.argv[1:])

	if not input_file or not output_file:
	sys.exit('ERROR: please follow define the input and output\n\rnessusParser.py -i <input_file> -o <output_file>')

	# open the file
	with open(input_file) as csv_file:
	# open the file as a dict
	dict = csv.DictReader(csv_file)

	# count the number of rows
	line = 0
	for row in dict:
	if line == 0:
	line += 1

	# if the host is the excluded one, ignore it
	if row["Host"] in excluded_hosts:
	print(f'The host {row["Host"]} is excluded')
	continue

	temp = row["Plugin Output"].split('\n')

	# iterate over the output of each host
	for l in temp:
	# if the line contains "Remote ..."
	if "Remote operating system :" in l:
	# get the OS
	os = l.split(':')[1]

	category = ''

	# iterate over the list of defined OSes
	for o in OSes:
	if o[0] in os.lower():
	category = o[1]
	break

	# if os is not listed
	if not category:
	category = 'Other'

	# if the line contains "confidence ..."
	elif "Confidence level :" in l:
	confidence = l.split(':')[1]

	# if the line contains "Method ..."
	elif "Method :" in l:
	method = l.split(':')[1]

	# create a dictionay of findings
	host = {
	'Host': row["Host"],
	'Operating System': os,
	'Confidence': confidence,
	'Category': category,
	'Method': method
	}

	# append to the list of hosts
	hosts.append(host)

	# increase the line number
	line += 1

	# print out the statistics
	print(f'In total {line} host are enumerated.')

	# create the output file
	output = open(output_file, 'w')

	# open the file
	with output:
	writer = csv.DictWriter(output, fieldnames=list(host.keys()))

	# write the header of the file
	writer.writeheader()

	# write all hosts into the file
	for h in hosts:
	writer.writerow(h)