VENEv = Volker's & Enno's Nessus Evaluation
The Nessus security scanner by Tenable is a valuable tool for security consultants performing network audits. Unfortunately it does lack a quick overview over the vulnerabilities (supposedly) found.
This tool will extract such a re-sortable overview as CSV table from a Nessus export.
- Nessus .NESSUS file of version 4.2 or newer
- a (Unix) shell
...see the README file.
Each finding will be documented twice in the CSV table.
First you will find each single finding for each single IP with a count number of -9999 (versions 9.x and older: 0 = zero). After all single findings are listed, all findings are listed again summed up per finding.
Thus you get a table similar to this (abridged) one:
Count Title IP(s) -9999 Finding-AAA 10.1.1.2 -9999 Finding-AAA 10.1.1.3 -9999 Finding-AAA 10.1.1.4 -9999 Finding-B 10.1.1.4 -9999 Finding-CCCCC 10.1.1.4 -9999 Finding-AAA 10.1.1.5 -9999 Finding-CCCCC 10.1.1.5 4 Finding-AAA 10.1.1.2, 10.1.1.3, 10.1.1.4, 10.1.1.5, 1 Finding-B 10.1.1.4, 2 Finding-CCCCC 10.1.1.4, 10.1.1.5,
The "-9999" rows are ideal for GREPping out single hosts or findings, while the summary lines are ideal for a fast overview, for example:
- Import the CSV into your spreadsheet
- Sort by CVSS (this is the severity value set by Nessus)
- Set filter: only show rows with count > 0
Beware: Nessus results (and thus the ones of this tool) are a to be taken with a serious grain of salt. Don't trust them blindly but verify. Nessus is "only" a tool, a useful one, but not always a reliable one. Use Nessus (like NMAP or other scanners) for the brainless grunt work and start working.
If you need a security consultant to check your network, systems or architecture, or to help you with a security problem/incident or (a better approach) check your security architecture and risks, simply contact me.