1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
|
Parse::Nessus::NBE version 1.1
===============================
DESCRIPTION
This module is designed to extract information from Nessus NBE
files. Functions have been designed to return certain sets of data,
such as service banners and OS versions. Other functions have been
provided that will return more specific information, such as all IPs
listening on a given port or all IPs associated with a specified plugin
id.
To install:
% perl Makefile.PL
% make
% make test
% make install
Examples:
To obtain a list of banners
my @banners = nbanners(@nessusdata);
print @banners;
# returns
IP|service banner
# example
192.168.0.5|CompaqHTTPServer/2.1
192.168.0.11|Apache/1.3.26 (Unix) mod_perl/1.24
192.168.0.30|Microsoft-IIS/5.0
192.168.0.31|220 cpan01 FTP server (SunOS 5.8) ready.
192.168.0.51|NetWare HTTP Stack
192.168.0.99|220 Service ready for new user.
...
To query by port
my $port = 22;
my @ports = nports(@nessusdata,$port);
print @ports;
# returns
IP|specified port
# example
192.168.0.5|ssh (22/tcp)
192.168.0.6|ssh (22/tcp)
192.168.0.8|ssh (22/tcp)
192.168.0.23|ssh (22/tcp)
192.168.0.89|ssh (22/tcp)
...
To obtain a list of web directories
my @webdirs = nwebdirs(@nessusdata);
print @webdirs;
# returns
IP|web port|web dir(s)|web dir(s) requiring authentication
# example
192.168.0.21|http (80/tcp)|/css /design /downloads /images /js
192.168.0.43|http (80/tcp)|/images /public|/console
192.168.0.47|https (443/tcp)|/files /html /images /js /jsp
192.168.0.101|https (443/tcp)|/application /report|/printers
192.168.0.110|http (80/tcp)|/admin
...
To obtain a list of nfs shares
my @nfs = nnfs(@nessusdata);
print @nfs;
# returns
IP|nfs port|nfs share(s)
# example
192.168.0.11|nfs (2049/tcp)|/apps (mountable by everyone)
192.168.0.31|nfs (2049/tcp)|/cdrom (mountable by everyone)
192.168.0.28|nfs (2049/tcp)|/data (mountable by everyone)
192.168.0.45|nfs (2049/tcp)|You are running a superfluous NFS daemon...
192.168.0.108|nfs (2049/tcp)|You are running a superfluous NFS daemon...
...
To obtain a OS listing
my @os = nos(@nessusdata);
print @os;
# returns
IP|OS version
# example
192.168.0.1|IOS 12.1.5-12.2(6a), Cisco IOS 12.1(5)-12.2(7a)
192.168.0.154|Linux 2.1.19 - 2.2.20
192.168.0.111|HP Advancestack Etherswitch 224T or 210
192.168.0.92|AIX 4.2-4.3.3
192.168.0.10|NT Server 4.0 SP4-SP5 running Checkpoint Firewall-1
...
To obtain a listing of SNMP community strings
my @snmp = nsnmp(@nessusdata);
print @snmp;
# returns
IP|SNMP community string(s)
# example
192.168.0.1|private public
192.168.0.111|public
192.168.0.121|private public
192.168.0.128|private public
192.168.0.145|public
...
To query by plugin id
my $plugin = 10667;
my @plugin = nplugin(@nessusdata,$plugin);
print @plugin;
# returns
IP|port|plugin data
# example
192.168.0.202|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
192.168.0.222|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
192.168.0.235|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
192.168.0.236|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
192.168.0.237|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
...
To obtain a OS count, useful for graphing
my @countos = nstatos(@nessusdata);
print @countos;
# returns
OS version|count
# example
Windows NT4 or 95/98/98SE|17
Windows 2000 Advanced Server SP3|14
TOPS-20 Monitor 7(21733),KL-10 (DEC 2065)|11
Cisco router running IOS 12.1.5-12.2.13a|11
PS2 Linux 1.0|9
Linux 2.4.17 on HP 9000 s700|7
Cisco 2620 running IOS 12.1(6)|6
Windows 2000 Server SP3|5
Windows NT4 Workstation SP6a|4
Nortel/Alteon ACE Director 3 Version 6.0.42-B|4
To obtain a service count, useful for graphing
my @countservices = nstatservices(@nessusdata);
print @countservices;
# returns
service port|count
#example
http (80/tcp)|69
telnet (23/tcp)|48
netbios-ssn (139/tcp)|48
https (443/tcp)|46
loc-srv (135/tcp)|42
ftp (21/tcp)|39
smtp (25/tcp)|34
pcanywheredata (5631/tcp)|30
ssh (22/tcp)|25
sun-answerbook (8888/tcp)|22
To obtain a vulnerability count, useful for graphing
# note: options are as follows:
# 1 returns high severity vulnerabilties
# 2 returns medium severity vulnerabilities
# 3 returns low level security notes
my @countvulns = nstatvulns(@nessusdata,1);
print @countvulns;
#returns
plugin id|count
#example
11875|40
11412|17
10116|12
11856|11
10932|10
10937|7
11793|6
For documentation:
% perldoc Parse::Nessus::NBE
If you find this module to be useful, please let me know. All comments
and requests for additions are welcome.
thanks go to dragonchild and hmerrill of Perl Monks for the initial
review of this module.
thanks also to Gwen <gwen@reptiles.org> for the %EXPORT_TAGS patch
David J Kyger <dave@norootsquash.net>
http://www.norootsquash.net
|
