tissynbe.py — Insert Nessus results into MySQL, output as a CSV
I mentioned in previous posts that I had been working with Nessus — I used it a lot. At the end of the engagement, we had almost a gigabyte of Nessus data saved in nbe format. So to quickly go through and analyze all the results, inserting it into a database was essential. I was using Nessquick at the time, which was a couple of Perl scripts used for inserting the data into a database and exporting the data. I also had a bunch of sed and awk scripts that would then clean up the results and fix various punctuation and presentation issues I didn’t like. The process became a bit tedious, so I decided to write up a Python script to do all this for me.
Here are some example uses from the usage:
./tissynbe.py -d database -f results.nbe
./tissynbe.py -d database -o output.csv
./tissynbe.py -d database -o output.csv –order scriptid –sort desc
./tissynbe.py -d database -o output.csv –count
./tissynbe.py -f results.nbe -o output.csv
./tissynbe.py -f results.nbe -d database -o output.csv
You can download tissynbe.py from the tissynbe.py project page.
Now here’s where I ask for some help. I’m by no means a programming guru, so to all you Python developers and hackers, if you can take a look at my code and offer any suggestions, I would greatly appreciate it. I think I have a handle on most of the code as it’s fairly straightforward, but I think it could use some tweaking and optimization in the clean_nbe() method.
Comments and suggestions are encouraged!
I wrote something very similar a while back to fit my needs too.
http://garrettgee.com/2006/12/17/nessus-tools/ and http://garrettgee.com/2007/10/21/nessus-tools-html-reports/
One major difference is that I use a localized database via sqlite. Having the requirement of mysql installed/running doesn’t make for a lightweight portable system, which was a requirement for my environment.
@ Garrett: Yes! I saw your stuff before too though it didn’t fit the bill for what I needed at the time. (does it ever? haha). I needed the MySQL database for other reasons as well, since it was being accessed by multiple users at the time.
@Marcin Thats a good reason to have the mysql requirement. What are you doing with the data once inside the db? Any plans on correlating the data with other feeds?
@ Garrett: In one use, we correlated anti-virus data against a known list of hostnames. We identified Windows hosts without AV, out of date signatures, new hostnames, etc. One of our team members in a previous life was a database administrator, so his SQL skills were great at coming up with some interesting reports, and also provided some error-checking against my sed/awk/bash skills.