I’m not sure about you, but I hate how Nessus generates HTML reports. While reviewing the report I find myself having to remember what IP I am looking at, and spend too much time scrolling back up the report because of my short memory. Also, none of the ports identified as having a web server behind it are links.
Leveraging the sqlite database from nbe2sql, I wrote sql2html. Both of the two issues above are implemented, as well as dynamic table sorting via javascript sorttable.
Please let me know if there are any issues, or if you want a feature added. Enjoy.
Code:
- nessus_tools-1.1a-src.zip (Python source code)
- nessus_tools-1.1a.zip (Windows binaries)
Hey Garret,
Not sure if it’s intentional (due to code changes or something) but the “links” above aren’t links to anything.
I just started doing monthly scans and was looking for a better way to present the scan data. Management wants some kind of report. Figured I’d take a look at what you’ve done and see if I could use it.
Wayne
hrmm… I just tested the links and they work on my end. If you send me an email I can upload them to you.
But if you are looking for a management level report, my tool wont help in that. My tool is meant to help an analyst on the technical side. And if you are running monthly scans, http://inprotect.sourceforge.net/ is a neat tool that might help you out.
I recent got an email question about changing the sql format from sqlite to mysql. Back when I originally wrote the scripts, I intended on making it support sqlite and mysql, but I never got around to it. It should be pretty easy to take my code, add in mysql-python (http://sourceforge.net/projects/mysql-python), and point the connection to the mysql database.
Hi Garrett,
I was looking for tools to analyze Nessus HTML reports and found your page! : )
I download, unzipped and then ran your programs, but am not sure how they work. : (
Nothing seems to happen other than a command box (like DOS) window opens then closes.
I’m looking on your page and don’t see any instructions, could you please help?
Thanks!
Reggie
The program is not a GUI, it has to be ran through a command prompt. Running the two utilities with –help will show the options. I hope this helps and the tools are useful for you.
When I run the nbe2sql.py against a nessus4 nbe file I get the following error.
Traceback (most recent call last):
File “./nbe2sql.py”, line 88, in
for row in whole_file:
ValueError: invalid literal for float(): timestamps