WYAE - VENEv

The Nessus security scanner by http://www.tenablesecurity.com/ is a valuable tool for security consultants performing network audits. Unfortunately it does lack a quick overview over the vulnerabilities (supposedly) found.

This tool will extract such a re-sortable overview as CSV table from a Nessus export.

Requirements

Usage

...see the README

Evaluation

Each finding will be documented twice in the CSV table.

First you will find each single finding for each single IP with a count number of -9999 (versions 9.x and older: 0 = zero). After all single findings are listed, all findings are listed again summed up per finding.

Thus you get a table similar to this (abridged) one:

CountTitleIP(s)
-9999Finding-AAA 10.1.1.2
-9999Finding-AAA 10.1.1.3
-9999Finding-AAA 10.1.1.4
-9999Finding-B 10.1.1.4
-9999Finding-CCCCC 10.1.1.4
-9999Finding-AAA 10.1.1.5
-9999Finding-CCCCC 10.1.1.5
4Finding-AAA 10.1.1.2, 10.1.1.3, 10.1.1.4, 10.1.1.5,
1Finding-B 10.1.1.4,
2Finding-CCCCC 10.1.1.4, 10.1.1.5,

The "-9999" rows are ideal for GREPping out single hosts or findings, while the summary lines are ideal for a fast overview, for example:

  1. Import the CSV into your spreadsheet
  2. Sort by CVSS (this is the severity value set by Nessus)
  3. Set filter: only show rows with count > 0
  4. Done.

Beware:
Nessus results (and thus the ones of this tool) are a to be taken with a serious grain of salt. Don't trust them blindly but verify. Nessus is "only" a tool, a useful one, but not always a reliable one. Use Nessus (like NMAP or other scanners) for the brainless grunt work and start working.

 

If you need a security consultant to check your network, systems or architecture, or to help you with a security problem/incident or (a better approach) check your security architecture and risks, simply contact me.
;-)

Downloads

License

For details on licensing and support please see there.

This software is published under a 3-clause BSD License", an open source license.