This script can be used to extract a list of IIS 6.x HTTP servers from .nessus files.

FindIIS6inNessus.ps1

# This script can be used to extract a list of IIS 6.x HTTP servers from .nessus files.
# Author: Scott Sutherland, NetSPI 2017
# Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional.

# Create an output table
$outputtbl =New-Object System.Data.DataTable
$outputtbl.Columns.Add("IpAddress") | Out-Null
$outputtbl.Columns.Add("IISVersion") | Out-Null

# Iterate through each host
Get-ChildItem *.nessus | select fullname -ExpandProperty fullname| % {

    Write-Output "Processing $_";
    [xml]$myfile = gc "$_"
    $myfile.NessusClientData_v2.Report.ReportHost | 
    foreach{
        
        # Grab the IP address and host items
        $IpAddress = $_.name
        $ReportItems = $_.reportitem

        # Filter for the HTTP server list
        $ReportItems | 
        Foreach{
            $MyPlugin = $_.pluginname
            if($MyPlugin -like "HTTP Server Type and Version"){
                
                # Filter for IIS 6
                if($_.plugin_output -like "*IIS/6*"){
                    
                    # Parse out version
                    $pluginoutput = $_.plugin_output
                    $httpver = (($pluginoutput -replace ("The remote web server type is :","")) -replace '\s+\r\n+', "`r`n").trim()                    

                    # Write to data table
                    Write-Output "Found one! - IpAddress ($httpver)"
                    $outputtbl.rows.Add($IpAddress,$httpver) | Out-Null
                }
            }            
        }
    }
}

# Write results to a file
$outputtbl | Export-Csv iis6servers.csv -notypeinformation

# Return output to the pipeline
$outputtbl | Sort-Object IpAddress