If you click on the capture above (blogger doesn't handle XML or code that well) you'll see that after parsing the .nessus file and starting with the top node (I'm not sure why I had to call getroot())
I navigated through the different nodes within the .nessus file starting with Report, ReportHost, and ending with ReportItem where I extracted the port, and plugin id so that when you run the script you get this for all the
192.168.20.3
- 22/tcp|0
- 1241/tcp|0
- 111/tcp|0
- 1243/tcp|0
- 111/tcp|10223
- 59370/tcp|11111
- 111/tcp|11111
- 33145/udp|11111
- 111/udp|11111
- 1241/tcp|22964
- 22/tcp|22964
- 1241/tcp|10863
- 1241/tcp|35291
- general/tcp|12634
- general/tcp|22869
- 59370/tcp|25221
This code snippet isn't terribly useful but it illustrates the API and how it is very straightforward to parse .nessus files.
Some Benchmarks
Besides being much cleaner (IMHO) the nice thing about ElementTree is that there is a C implementation. This is a 2.0 MB file that consists of 4 scans and the scans include the results from only a handful of targets.
On Python 2.5 / Cygwin on my Ideapad S10-2 (Windows XP SP3)
Pure Python
real 0m4.250s
user 0m3.155s
sys 0m0.357s
C Version
real 0m1.422s
user 0m0.405s
sys 0m0.374s
I wanted to do a comparison with Win32 on Python 2.6 on the same system but I was unable to get timeit.exe working from the Windows 2003 Resource Kit.
NOTE: ElementTree is available in Python 2.5 and later and you should be ashamed if you are using anything older than that.
I navigated through the different nodes within the .nessus file starting with Report, ReportHost, and ending with ReportItem where I extracted the port, and plugin id so that when you run the script you get this for all the
192.168.20.3
- 22/tcp|0
- 1241/tcp|0
- 111/tcp|0
- 1243/tcp|0
- 111/tcp|10223
- 59370/tcp|11111
- 111/tcp|11111
- 33145/udp|11111
- 111/udp|11111
- 1241/tcp|22964
- 22/tcp|22964
- 1241/tcp|10863
- 1241/tcp|35291
- general/tcp|12634
- general/tcp|22869
- 59370/tcp|25221
This code snippet isn't terribly useful but it illustrates the API and how it is very straightforward to parse .nessus files.
Some Benchmarks
Besides being much cleaner (IMHO) the nice thing about ElementTree is that there is a C implementation. This is a 2.0 MB file that consists of 4 scans and the scans include the results from only a handful of targets.
On Python 2.5 / Cygwin on my Ideapad S10-2 (Windows XP SP3)
Pure Python
real 0m4.250s
user 0m3.155s
sys 0m0.357s
C Version
real 0m1.422s
user 0m0.405s
sys 0m0.374s
I wanted to do a comparison with Win32 on Python 2.6 on the same system but I was unable to get timeit.exe working from the Windows 2003 Resource Kit.
NOTE: ElementTree is available in Python 2.5 and later and you should be ashamed if you are using anything older than that.
2 comments:
too complicated! you can use simple grep and sed on the fly to extract whatever you need from nbt files. otherwise here is a collection of useful oneliners that will do the same job for you:
* http://code.google.com/p/gnucitizen/source/browse/#svn/trunk/jeriko
* http://code.google.com/p/jeriko/source/browse/#svn/trunk
Grep (and any one line shell scripts) are evil and given that NBR/NBE may disappear from Nessus some day any tools should be based on .nessus, especially since not everything gets exported.
Post a Comment