Nessie Viewer enables IT Security auditors (blue team, red team and penetration testers) to quickly navigate through scanners outputs like Nessus and Nmap XMLs
The tool is called NessieViewer as it will let you find the real issues hidden deep inside the lake of false positives. https://en.wikipedia.org/wiki/Loch_Ness_Monster
Nessus viewer was originally used to quickly find issues contained in a nessus or nmap report by sorting and filtering each entry. It is able to import entries from a nessus xmlV2 report and nmap xml report (-oA) and filter them by host IP, host name, plugin name, operating system, keywords ... Try to double click on an IP to have a summary view of one host or generate clickable links to begin your tests.
Nessie Viewer-Reborn add several improvements. It is a standalone tool for windows that allows you to quickly sort, group and find flaws based on the output of multiple scanning tools (Nmap xml, Nessus xml, Zap xml, ...).
-
Display all information on a given machine -> Action: Double-click the hostname or IP address in the main list
-
Generate a list of open ports per system -> Action: Click 'Generate' -> 'Generate open ports'
Sample output: 192.168.0.110 (20) - 80,135,137,139,445,1037,1039,1494,1551,2301,2381,2512,2513, 2967,3389,13722,13724,13782,13783,49400 192.168.10.15 (15) - 80,135,137,139,445,1033,1038,1494,1938,2301,2381,2512,2513, 2967,3389 10.10.0.100 (16) - 9,13,17,19,80,135,445,1034,1040,1088,1494,2301,2381,2967,3389
- Generate the list of missing patches on all scanned systems
-> Action: Click 'Generate' -> 'Generate patch list'
Sample output: 192.168.0.110 - MS08-067,MS09-001,MS06-035 192.168.10.15 - MS08-067,MS06-035,MS09-001 10.10.0.100 - MS08-067,MS09-001,MS06-035
- Generate the list of IP addresses matching a given criteria
-> Action: Double-click any entry in the table (port, service, operating system, plugin id, plugin name)
Sample usage:
-
Show all systems running an Oracle listener on port 1521 |-> Double-click 1521 in the Port column of the main table
-
Show all systems running a Web server |-> Double-click "www" in the "Service" column of the main table
-
Show all machines running "Microsoft Windows 2003 Service Pack 2" |-> Double-click any "Microsoft Windows Server 2003 Service Pack 2" in the main table
-
Generate clickable links
-> Action: Click 'Generate' -> 'Generate links' -> Type of link
Sample output:
- http://192.168.0.110:3872
- http://192.168.10.15:1980
- http://10.10.0.100:1080 Those links can be clicked. The corresponding program will be launched, allowing auditors to quickly verify the results. Note that associations are managed in the configuration files (*.np files)
The 'config.np' file, located in the user's Application Data folder or in the same foolder of the standalone executable allows users to customize how links are created and what to do when they are clicked.
The 'config_regexp.np', located in the same folder, shows how plugin outputs are parsed. For instance, tge regular expressions aimed at extracting the list of Windows users from the output of Nessus' SMB enumeration plugins are defined here.
Those configuration files can be customized. Modifications are applied immediatly without having to restart the application.
The filter section allows you to filter specific values in the table. It is possible to filter the following elements:
- PluginID
- PluginName
- Host IP
- Host Name
- OS
- Port
- Service
- Risk
- Plugin Description
- Plugin Output
Multiple filters can be added, comma separated
Minus (-) is used to remove entries
Right click on a line to quickly add a filter
Double click on one cell (but not hostIP) to list all hosts with the same cell value
- Nessus XML v2 (.nessus)
- Nmap xml (.xml generated by -oX or -oA)
- Windows XP SP2 or higher
- .NET Framework 3.5 or higher
Please send us your suggestions or feedback to secviewlab_a-t_gmail