We got the data into the database via the nbe parser (which btw I posted a new version which will grab the risk factor from the msg field.)

Taking that data, we want some type of report. Nessus itself gives us a report but it’s kind of a pain in the ass to read, their html report is the nicest one but I keep forgetting where I was. I guess Garrett Gee has a similar problem he put together similar tools for the same reasons. Of course, that doesnt help me take advantage of the kick ass features in ruby (sorry garrett )

Anyway, I’ve posted up three ruby files they are:

 Reportsummary

Topvuln

vulnreport 

The report summary you will need to go in and change a lot of stuff within the text, this is basically the generic text found in every one of my reports. From there on out, I go in and highlight their positives and negatives a little bit more in depth, but that is never generic enough to put into a template.

The topvuln is used to generate a small nessus report of just Critical and High risk factor vulnerabilities,  This allows me to actually print and hand data to a customer that wont kill a small forrest in a third world country. Depending on how many there are it can take up some paper though!

vulnreport – simply takes care of the rest of the data, it will itemize the data from Medium to none and cover the uncategorized items as well (my parser isnt perfect.) Anyhow, heres the code and stuff, you will need ruby-mysql and pdf/writer.

hope this is of help to someone, if you have any suggestions let me know

-Phn1x 

So I’ve been doing a lot of consulting lately on the side and one of
the things that irritates me about nessus is the way in which you get
data. It’s kind of unmanageable, how am I supposed to sort it and
analyize the data? Well, Databases are awesome! I’m currently
undergoing a personal project to create a visual basic front end that
will connect to an MS Access database which in turn will become a
customer database and front end.

As part of the process, I take my nbe file and load it into a parser,
I create tables in mysql and parse the data in. There are currently a
few solutions for this such as Nessquick, php-nessus et cetera, but
who needs those! So I created my own parser! I’m still working on my
front end and MS Access db but that’s another time.

You will need:

ruby
nessus
mysql
ruby-mysql (http://www.tmtm.org/en/mysql/ruby/)
The code can be found at

http://hamsterswheel.com/code/nbeparser.rb

There is a usage statement, but be sure to open it up. In one of the
methods I have hard coded variables you will need to change to reflect
your own nessus server. From here you can go in and create scripts to
query the database, or create your own front end.

The schema consists of 3 tables
plugins
results
timestamps

mysql> desc plugins;
+————-+—————