Skip to content

happyc0ding/vulnscan-parser

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

tests

tests

 
 

vulnscan_parser

vulnscan_parser

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

requirements.txt

requirements.txt

 
 

setup.py

setup.py

 
 

Repository files navigation

vulnscan-parser

Parse scan results into python objects, i.e. Nessus, Nmap, testssl, metasploit, ...

This tool parses verious scan results while trying to map them to a more or less similar structure. All parsers are memory efficient, huge files should not cause any problems.

Currently supported:

  • Nessus (XML, v2)
  • testssl (3.0, Json and Json pretty)
  • Nmap (XML)
  • Sslyze (XML)
  • sslscan (XML from rbsec)
  • Metasploit (Workspace export or Json of the new MSF5 API)
  • Nikto (XML)
  • x509 certificates (files containing a PEM certificate, i.e. generated by openssl)
  • Burp (XML export)

Some values are modified and due to the insanity of the various formats some compromises are necessary between trying to keep the original naming and structure and a sane data model to work with.

Parsing multiple files via the "parse()" method is possible, parsing overlapping files also works. Host objects are only created once per parser instance while findings, services etc. are being added, if they do not exist yet.

I'm pretty sure there are still some bugs left.

Important

This code is under development.

Since extracting data about ip/hostname etc. from x509 certificates is not possible, please use the following pattern to create the files: openssl_ip-TCP-port-hostname.org.pem -> i.e. openssl_1.2.3.4-TCP-443-example.org.pem

Requirements

Python 3, see requirements.txt / setup.py

Usage

Just import the parser and work on the results.

from vulnscan_parser.parser.nessus.xml import NessusParserXML

nessus_parser = NessusParserXML()
nessus_parser.parse('some/file.nessus')
for finding_id, finding in nessus_parser.findings.items():
  print(finding.pluginID)
  print(finding.pluginName)
  print(finding.plugin_output)

for ip, host in nessus_parser.hosts.items():
  print(host.ip)
  print(host.hostnames)

for service_id, service in nessus_parser.services.items():
  print(service.protocol)
  print(service.port)

for plugin_id, plugin in nessus_parser.plugins.items():
  print(plugin.pluginID)
  for finding in plugin.findings:
    print(finding.id)

for cert_id, certificate in nessus_parser.certificates.items():
  print(certificate.subject)
  print(certificate.not_after)
  print(certificate.sha2_fingerprint)
  
for c_id, cipher in nessus_parser.ciphers.items():
  print(cipher.name)
  print(cipher.port)
  print(cipher.host.ip)

The other parsers work in a similar way, although there are, of course, some differences.

About

Parse scan results into python objects, i.e. Nessus, Nmap, testssl, metasploit, ...

Topics

python parser security-scanner metasploit nmap-parser vulnerability-scanner nessus-parser testssl metasploit-parser testssl-parser sslyze-parser nikto-parser

Resources

Readme

License

MIT license
Activity

Stars

22 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages