/
parser.py
79 lines (73 loc) · 3.05 KB
/
parser.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
__author__ = 'simonbeattie'
from xml.dom import minidom
import sys, re
#Parse in the XML file as the main object
xmldoc = minidom.parse('nessus2.xml')
#Open output files
vulnFile = open('vulns.csv','w')
portFile = open('ports.csv','w')
#Write column layers
vulnFile.write('IP, Hostname, Severity, Vulnerability, Port\n')
portFile.write('IP, OS, PORT, Service\n')
#Parse through XML object and grab all elements labeled ReportHost
itemlist = xmldoc.getElementsByTagName('ReportHost')
#Loop through the ReportHost elements
for node in itemlist:
#Grab out each report Item
hostItemList = node.getElementsByTagName('ReportItem')
#Loop through each report item
for item in hostItemList:
#Set skip tag to True
skip = True
#Parse tag elements
tags = node.getElementsByTagName('tag')
#Loop through tag elements
for i in tags:
#Grab only tag element that equals host-fqdn
if i.attributes['name'].value == "host-fqdn":
#Assign fqdn variable
fqdn = i.childNodes[0].nodeValue
#Grab only tag element that equals operating-system
if i.attributes['name'].value == "operating-system":
#Assign os variable
os = i.childNodes[0].nodeValue
#Set IP Address and HostName
ip = node.attributes['name'].value
#Find all Nessus TCP port scans
if item.attributes['pluginName'].value == "Nessus TCP scanner":
#If exists, assign ports, and service variable
ports = item.attributes['protocol'].value + "/" + item.attributes['port'].value
service = item.attributes['svc_name'].value
#Write these to file
portFile.write(ip + ', ' + os + ', ' + ports + ', ' + service + '\n')
#Write a star
sys.stdout.write('*')
#Assign variables for each vulnerability
sev = item.attributes['severity'].value
plugin = item.attributes['pluginName'].value
port = item.attributes['protocol'].value + "/" + item.attributes['port'].value
#Parse for cvss score
cvss = item.getElementsByTagName('cvss_base_score')
for a in cvss:
try:
#Attempt to assign cvss score variable
score = a.childNodes[0].nodeValue
#If sucess, check if cvss is over 0.0
if float(score) > 0.0:
#If it is over, then set skip flag to False
skip = False
#If there is no cvss score then set skip flag to true
except:
skip = True
#If there was no CVSS score, or the score was below 0.1 then continue to the next item
if skip:
#Write a dot
sys.stdout.write('.')
continue
#Write an exclamation mark
sys.stdout.write('!')
#Write this vulnerability to the output file
vulnFile.write(ip + ', ' + fqdn + ', ' + sev + ', ' + plugin + ', ' + port + '\n')
print 'Parse Completed!'
#Close open files
vulnFile.close()