On a recent engagement, I noticed that people were wasting time scrolling through nessus reports to find vulnerabilities in which they either need to confirm, or dig into deeper. There were many findings that would automatically be written up because there is nothing to further exploit, and the supporting information in the output was good enough. And of course there is informational things in the report like traceroute output, ping times, mac address, operating system, etc. Good information to have, but not really needed while in vulnerability assessment / penetration testing mode.
I really needed something to just show me the interesting things to focus on. Since I had all the nessus data in a database already via nbe2sql, I quickly wrote some sql statements and parsers to solve my problem and make a pretty report.
The latest release of the nessus tools has two more html reports.
- One script is called report_auto which generates html that contain findings to simply write up. For each vulnerability type there is a table with IP and supporting information columns.
- The other script is called report_manual which generates html that contain findings or information to pursue.
Do note that only a handful of nessus pluginid’s are supported in the script. If you want other checks included please provide me with some sample data and I will get it included.
I do hope that others find these additions useful. I really hate it when testers have to spend time on low level findings. Yes they still need to be looked at and written up, but testers should be focusing on the interesting stuff.