Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options
 
PerlMonks  

nessus port reporter

by semio (Friar)
on Jan 25, 2003 at 01:27 UTC ( [id://229778]=sourcecode: print w/replies, xml ) Need Help??
Category: Utility Scripts
Author/Contact Info Dave K davk@comcast.net
Description: I've had the requirement lately to work with a large amount of security data in the NessusWX export file (.enx) format. This script will associate all ports with their respective IP in a ordered, grepable format. Hopefully someone will find it to be useful. Comments are very welcome.
#!perlenv -w

use strict;

my ( $port, $uniqip, $longip );
my ( @nessusdata, @ports,  @ips, @uniqip, @splitip, @rearranged );

my %longips;

my $nessusdata = $ARGV[0];
my $portreport = "portreport";
my $num        = 256;
my $count      = 0;

if ( $#ARGV < 0 ) {
    print "usage: npr.pl <NessusWX Export File>";
    exit;
}

open( NESSUSDATA, "< $nessusdata" ) || die "Could not open file: $! \n
+";
@nessusdata = <NESSUSDATA>;
close(NESSUSDATA);

open( PORTREPORT, "> $portreport" ) || die "Could not open file: $! \n
+";

if ( $nessusdata[0] !~ m/[NessusWX Export File]/ ) {
    print "File $ARGV[0] does not appear to be a valid NessusWX Export
+ File\n";
    exit 0;
}

foreach $nessusdata (@nessusdata) {
    my @result = split ( /\|/, $nessusdata );
    if ( $result[0] =~ /(NessusWX|DATA)/ ) {
        next;
    }
    elsif ( !$result[2] ) {
        push @ports, $nessusdata;
        push @ips, $result[0];
    }
}

@uniqip = keys %{ { @ips, reverse @ips } };

foreach $uniqip (@uniqip) {
    @splitip = split ( /\./, $uniqip );
    $longip =
      ( $splitip[0] * ( $num * $num * $num ) ) +
      ( $splitip[1] * ( $num * $num ) ) + ( $splitip[2] * $num ) +
      ( $splitip[3] );
    $longips{$longip} = $uniqip;
}

@rearranged = sort { $a <=> $b } keys %longips;

foreach (@rearranged) {
    if ( $count == 0 ) {
        print PORTREPORT $longips{$_}, "|";
    }
    else {
        print PORTREPORT "\n", $longips{$_}, "|";
    }
    foreach $port (@ports) {
        my @result = split ( /\|/, $port );
        if ( $result[1] =~ m/general/ ) {
            next;
        }
        elsif ( $longips{$_} =~ m/$result[0]$/ ) {
            $result[1] =~ s/(\(|\))//g;
            chomp $result[1];
            print PORTREPORT $result[1], "|";
        }
    }
    $count = 1;
}

close(PORTREPORT);
Replies are listed 'Best First'.
Re: nessus port reporter
by Aristotle (Chancellor) on Jan 25, 2003 at 23:33 UTC
    m/[NessusWX Export File]/

    Are you sure you want to test whether the file contains any of the characters N, e, s, u, W, X, E, x, p, o, r, t, F, i, or l? If not, you have to backslash the square brackets.

    Also, this is a matter of style, but I suggest you declare your variables when you first use them. That makes it much easier to keep track of what gets used where - esp if the code is longer than this example.

    Untested:

    #!/usr/bin/perl -w use strict; use Socket qw(inet_aton); use constant USAGE => "usage: npr.pl <NessusWX Export File>"; my $infilename = shift || die USAGE; my $outfilename = shift || "portreport"; die USAGE if @ARGV; my @data = do { open my $fh, "<", $infilename or die "Could not open $infilename: $!\n"; <$fh> }; die "$infilename does not appear to be a valid NessusWX Export File\n" unless $nessusdata[0] =~ m/\[NessusWX Export File\]/; my (@port, @ip); for (@data) { my @field = split /\|/; next if $field[2] or $field[0] =~ /(NessusWX|DATA)/; push @port, $_; push @ip, $result[0]; } my @uniqip = do { my %seen; grep !$seen{$_}++, @ip; }; my %longip = map { unpack("N", inet_aton $_), $_ } @uniqip; open my $fh, ">", $outfilename or die "Could not open $outfilename: $!\n"; foreach (sort { $a <=> $b } @uniqip) { my @report; for (@port) { my @field = split /\|/; next if $field[1] =~ m/general/; or not $longips{$_} =~ m/\Q$field[0]\E$/ chomp, tr/()//d for $field[1]; push @report, $field[1]; } print $fh join "|", $longips{$_}, @report; print $fh "\n"; }

    Makeshifts last the longest.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: sourcecode [id://229778]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others perusing the Monastery: (2)
As of 2024-11-03 03:27 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    chatterbot is...






    Results (13 votes). Check out past polls.