WYAE.de - IT Security, KnowHow & Software

2017-03-08

VENEv = Volker's & Enno's Nessus Evaluation

The Nessus security scanner by Tenable is a valuable tool for security consultants performing network audits. Unfortunately it does lack a quick overview over the vulnerabilities (supposedly) found.

This tool will extract such a re-sortable overview as CSV table from a Nessus export.

Requirements

  • Perl
  • Nessus .NESSUS file of version 4.2 or newer
  • a (Unix) shell

Usage

...see the README file.

Evaluation

Each finding will be documented twice in the CSV table.

First you will find each single finding for each single IP with a count number of -9999 (versions 9.x and older: 0 = zero). After all single findings are listed, all findings are listed again summed up per finding.

Thus you get a table similar to this (abridged) one:

Count	Title		IP(s)
-9999	Finding-AAA	10.1.1.2
-9999	Finding-AAA	10.1.1.3
-9999	Finding-AAA	10.1.1.4
-9999	Finding-B	10.1.1.4
-9999	Finding-CCCCC	10.1.1.4
-9999	Finding-AAA	10.1.1.5
-9999	Finding-CCCCC	10.1.1.5
4	Finding-AAA	10.1.1.2, 10.1.1.3, 10.1.1.4, 10.1.1.5,
1	Finding-B	10.1.1.4,
2	Finding-CCCCC	10.1.1.4, 10.1.1.5,

The "-9999" rows are ideal for GREPping out single hosts or findings, while the summary lines are ideal for a fast overview, for example:

  • Import the CSV into your spreadsheet
  • Sort by CVSS (this is the severity value set by Nessus)
  • Set filter: only show rows with count > 0
  • Done.

Beware: Nessus results (and thus the ones of this tool) are a to be taken with a serious grain of salt. Don't trust them blindly but verify. Nessus is "only" a tool, a useful one, but not always a reliable one. Use Nessus (like NMAP or other scanners) for the brainless grunt work and start working.

If you need a security consultant to check your network, systems or architecture, or to help you with a security problem/incident or (a better approach) check your security architecture and risks, simply contact me.

;-)

Downloads

License

For details on licensing and support please see there.

This software is published under a 3-clause BSD License, an open source license.