Coder Social home page Coder Social logo

0xn1k5 / nessus_report_downloader Goto Github PK

View Code? Open in Web Editor NEW
23.0 2.0 17.0 24 KB

Python script for automating the download of nessus reports

License: GNU General Public License v3.0

Python 100.00%
nessus nessus-scanner nessus-api nessus-db nessus-report nessus-report-downloader nessus-files report-generator nessus-scan download-nessus-report

nessus_report_downloader's Introduction

nessus_report_downloader

Name : Nessus Report downloader

Author : Nikhil Raj ( Twitter: 0xn1k5 | Mail: nikhilraj149[at]gmail.com )

Version: 1.0

Last Updated : 13 Aug 2017

Description:

A python script for automating the download of nessus reports in multiple formats.

Usage:

  1. Display help

    $ python nessus_report_downloader.py -h

    Output:

    usage: python nessus_report_downloader.py -i <127.0.0.1> -u <nessus_user> -p <nessus_pass> [OPTIONS]... 

A python script for automating the report download from nessus server

optional arguments:
  -h, --help            show this help message and exit
  -i SERVER, --server SERVER
                        IP[:PORT] of nessus server
  -u USER, --user USER  username of nessus server
  -p PASSWD, --passwd PASSWD
                        password of nessus server
  -s SCAN_ID, --scan-id SCAN_ID
                        use comma separated list of scan id(s) or 'all'
  -d FOLDER_ID, --folder-id FOLDER_ID
                        use comma separated list of folder id(s)
  -f FORMAT, --format FORMAT
                        use comma separated list of report format; [0]-nessus
                        (Default), [1]-pdf, [2]-html, [3]-csv, [4]-nessus-db
  -c CHAPTER, --chapter CHAPTER
                        use comma separated list of chapters;
                        [0]-vuln_hosts_summary, [1]-vuln_by_host (Default),
                        [2]-vuln_by_plugin, [3]-compliance_exec,
                        [4]-compliance, [5]-remediations
  --db-pass DB_PASS     password for encrypting nessus-db file(s), if none
                        specified use 'nessus'

Report bugs at [email protected]

  2. Display nessus scan summary table having scan_id, name and folder_id

    $ python nessus_report_downloader.py -i <nessus_server_ip> -u <nessus_user> -p <nessus_passwd>

    $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123

    Output:

    +----+------------------------------+-----------+-----------+---------------------+------------------------+
| id |             name             | folder_id |   status  |    creation_date    | last_modification_date |
+----+------------------------------+-----------+-----------+---------------------+------------------------+
| 12 | P@wn3d!! - Home network scan |     3     | completed | 2017-08-05 22:13:17 |  2017-08-05 22:16:38   |
| 23 |        Metasploitable        |     3     | completed | 2017-08-03 21:45:23 |  2017-08-03 21:53:19   |
| 19 |          Test-win7           |     3     | completed | 2017-07-31 01:13:25 |  2017-07-31 01:13:45   |
| 14 |    Win7 Test -Post Wnycry    |     3     | completed | 2017-07-23 18:40:30 |  2017-07-23 18:40:46   |
| 11 |          Win7 Test           |     3     | completed | 2017-07-23 13:35:18 |  2017-07-23 13:35:36   |
+----+------------------------------+-----------+-----------+---------------------+------------------------+

  3. Download nessus report (Optional parameter description):

    Scan Id (-s):

    - List of comma seperated scan id for download 
$ python nessus_report_downloader.py -i <nessus_server_ip> -u <nessus_user> -p <nessus_passwd> -s <11,12,14>

    Folder ID (-d):

    - List of comma seperated folder id for downloading all the scans inside it
$ python nessus_report_downloader.py -i <nessus_server_ip> -u <nessus_user> -p <nessus_passwd> -d <3>

    Output Format (-f):

    0 -     Nessus XML data (*.nessus) [Default]
1 -     PDF Format 
2 -     HTML Format
3 -     CSV Format
4 -     Nessus encrypted database password

    Chapter (-c) : ( Applicable only when downloading in PDF or HTML format)

    0 -     vuln_hosts_summary 
1 -     vuln_by_host        [Default]
2 -     vuln_by_plugin
3 -     compliance_exec
4 -     compliance
5 -     remediations

    Nessus Database password ( --db-pass)

    - password required for encrypting nessus-db files 
- If not specified, Default password = "nessus"

    Example:

    1. Download nessus report for scan_id 11, 12 and 14 in default *.nessus format

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -s 11,12,14 -f 0

    2. Download nessus report for scan_id 11 in nessus database format using password "secret_pass"

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -s 11 -f 4 --db-pass secret_pass

    3. Download nessus report for scan_id 11 and 12 in pdf and html format and group by host (vuln_by_host)

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -s 11,12,14 -f 1,2 -c 1

    4. Download nessus report for scan_id 11 and 12 in csv and html format and group by vulnerability (vuln_by_plugin)

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -s 11,12 -f 2,3 -c 2

    5. Download all nessus report in default *.nessus format\

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -s all -f 0

    6. Download all nessus report in pdf and html format and group by vulnerability (vuln_by_plugin)

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -s all -f 1,2 -c 2

    7. Download all nessus report in folder_id 3 in default *.nessus format

      $ python nessus_report_downloader.py -i 127.0.0.1 -u nessus -p pass@123 -d 3 -f 0

nessus_report_downloader's People

Contributors

0xn1k5 avatar gitmopp avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

houugen sandromelobrazil chbalabayov gitmopp unstablealpha foresightcyber tobey123 abmuhai blacklanternsecurity trondweiseth oakkaya jg1vxg mindnew soniasibele bettaa

nessus_report_downloader's Issues

Compatibility for Nessus 8 

diff --git a/nessus_report_downloader.py b/nessus_report_downloader.py
index 26fddca..2158234 100755
--- a/nessus_report_downloader.py
+++ b/nessus_report_downloader.py
@@ -227,7 +227,7 @@ def downloadNessusReport(base_url, token, scan_id_list, json_user_data):
             resp2 = sendGetRequest(url, headers=token_header)
 
         # If nessus report is ready for download, then write the response in external file
-        url= base_url + "/scans/exports/{0}/download".format(str(file_token["token"]))
+        url= base_url + "/tokens/{0}/download".format(str(file_token["token"]))
         if json.loads(resp2.text)["status"] == "ready":
             printMessage("Download link is available now", 1)
             resp3 = sendGetRequest(url,headers=token_header)

Thought I'd share :)

customized reports

Hello there!
first of all thank you for sharing this script, is quite useful and clever.
I'm no expert in python but i was trying to modify it to have the option of download a customized report
something like this i was thinking:
if chapter == "6":
data.append({'format': 'html', 'chapters': ('vuln_hosts_summary','vuln_by_host','compliance','remediations','vulnerabilities')})

this didn't work so I was wondering if there was a simple way to do this
Thank you again for this neat code
Regards
Jorge Embid

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.