项目地址:https://github.com/mashirohibiki/Nessus_to_csv
这个项目(https://github.com/Bypass007/Nessus_to_report)是5年前的老项目了,因为最近工作有做漏扫的工作,于是就找到了这样的项目,但是由于作者编写时采用python2,如果想在python3上使用得稍作修改,再加上老版本的nessus的html中有些标签有做更改,所以这个项目得稍加维护才能继续使用
使用前提
- 作者测试环境为python3.9,若想开箱即用直接使用python3.9版本
- Nessus导出的报告格式为html格式,可参考如下图
使用方法
单个文件生成
python3 Nessus_report.py 文件名.html运行该命令后会生成一个
文件名.html.csv的格式文件在同文件夹下批量生成
如果出现下图所示的情况,有多个html文件需要进行csv转换,使用以下的bash脚本的可以进行批量html转换成csv
#!/bin/bash# 定义 Python 解释器和脚本路径 PYTHON="/usr/bin/python3" SCRIPT="Nessus_report.py"# 遍历 angle 目录下的所有 .html 文件 for html_file in 替换为自己想要的目录/**/*.html; do# 检查文件是否存在if [ -f "$html_file" ]; thenecho "Processing $html_file..."# 运行 Python 脚本,将当前 HTML 文件作为参数传递"$PYTHON" "$SCRIPT" "$html_file"elseecho "No HTML files found in angle directory."fi donebash run.sh后就能批量生成多个csv文件这里再提一个小tips,在bash环境中使用命令,就可以将多个csv文件合并成一个csv文件
cat *.csv > all-in-one.csvNessus_report.py源码
''' Author: CatalyzeSec LastEditTime: 2024-12-30 16:17:07 ''' #!/usr/bin/python3.9 # -*- coding:utf-8 -*- import sys from lxml import etree import sqlite3 import unicodecsv as ucsvhost='' result_list=[] # 通过颜色判断漏洞等级 def htm_parse(l):html_str = etree.tostring(l).decode('utf-8') #字节解码为字符串 if '#91243E' in html_str:info=u"严重 - "+l.textelif '#DD4B50' in html_str:info=u"高危 - "+l.textelif '#F18C43' in html_str:info=u"中危 - "+l.textelif '#F8C851' in html_str:info=u"低危 - "+l.text elif '#67ACE1' in html_str:info=u'信息泄露 - '+l.textelse:info='Parsing error,Check that the versions are consistent.'return info# 解析html文件 def main(filename):global hosthtml = etree.parse(filename, etree.HTMLParser())ls = html.xpath('/html/body/div[1]/div[3]/div')for i in ls:# 获取主机IP地址if "font-size: 22px; font-weight: 700; padding: 10px 0; overflow-wrap: break-word" in etree.tostring(i).decode('utf-8'):host = i.textelif "this.style.cursor" in etree.tostring(i).decode('utf-8'):result = host + " - " + htm_parse(i)print(result)result_list.append(result)return result_list # 查询数据库 def select(ip,id):conn = sqlite3.connect('vuln.db')conn.text_factory = lambda x: str(x, 'gbk', 'ignore')cursor = conn.cursor()for row in cursor.execute("select * from VULNDB where Plugin_ID=?", (id,)):return [ip, row[1], row[2], row[3], row[4]]conn.close()# 写入csv文件 if __name__ == '__main__':filename = sys.argv[1]list_host = main(filename)#list_host=[u'192.168.98.254 - 高危 - 10203 - rexecd Service Detection',u'192.168.98.254 - 高危 - 11233 - rexecd Service Detection']new_filename = filename + '.csv'with open(new_filename, 'wb') as f:w = ucsv.writer(f, encoding = 'gbk')title=[u'服务器IP',u'漏洞名称',u'风险级别',u'漏洞描述',u'修复建议']w.writerow(title)for i in list_host:info = i.split('-',3)result = select(info[0],info[2])if result is not None:data = resultelse:data = info[0],info[3],info[1]w.writerow(data)https://github.com/mashirohibiki/Nessus_to_csv.git
