Need help with vcr?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

Shellntel
135 Stars 49 Forks GNU General Public License v2.0 19 Commits 7 Opened issues

Description

Vulnerability Compliance Report Tool used to parse Nessus files into html reports created by SynerComm, Inc.

Services available

!
?

Need anything else?

Contributors list

No Data

Vulnerability Compliance Report Tool

Vulnerability Compliance Report Tool is used to parse Nessus files into beautiful html reports.

Use Cases:

  • Security organizations looking to present clean looking vulnerability data to clients
  • Auditors who use Nessus to run CIS benchmark scans against their Windows systems
  • Pentesters looking for easier and faster ways to do their reporting
  • Archiving vulnerability scan reports for later viewing

Prerequisites:

  • A .nessus file that has been generated by the Tenable Nessus product (version 6+).
  • The following types of Nessus scans are supported:

    • Basic Network Scan
    • CIS Benchmark Scan for one of the following Windows operating systems:
      • 7/8/8.1/2008/2008R2/2012/2012R2
  • The script and its template directories

  • Chrome, Firefox, or Internet Explorer 11 (in non-compatibility mode)

  • A Windows machine running PowerShell v3 or higher

  • Note Administrator rights are not required to run Parse-Nessus.ps1

Instructions

Save the script and template folder to a destination of your choosing, and ensure you have a valid .nessus file at the ready.

Remember, only “Basic Network Scan” and “CIS Benchmark” scans are supported.

The script receives the following arguments:

-NessusFilePath

REQUIRED. The full path to the actual .nessus file.

-CustomerName

REQUIRED. A company or organization name. Used in the actual HTML.

-TemplatePath

The full path to the HTML template directory. If not specified, then the current working directory will be searched for the appropriate template. This parameter is helpful if you are building your own template.

-CIS

A switch parameter indicating that a CIS benchmark scan was run. If this is not specified, then a Basic Network Scan is assumed.

-OperatingSystem

Must be passed in conjunction with the –CIS parameter. OperatingSystem is a simple string indicating which Operating System the CIS benchmark scan targeted. Run “get-help .\parse-nessus.ps1 –detailed” to see the full list of supported operating systems.

-DebugMode

For the adventurous =). DebugMode is a switch parameter that will print a ton of information to the screen. Generally used for troubleshooting purposes.

Basic Network Scan

The most basic command would be run against a simple exported Basic Network Scan:

PS C:\VCR> .\Parse-Nessus.ps1 -NessusFilePath "C:\vcr\acme.nessus" -CustomerName "Acme Corporation"

Once the script is done running, it will produce a directory in the current working directory with your customer name and the date:

Imgur

Open this directory and double click the index.html file (or open in a browser of your choosing. Chrome or Firefox preferred). You will see a dashboard style report that is the launching point for viewing additional vulnerability on the hosts which were scanned.

Imgur

There are two ways to interact with the vulnerability data: by IP, or by Vulnerability.

By IP: Scoll to the bottom of index.html (also called the Dashboard) to see a list of IPs. The will be sorted by criticality (Red = Critical, Orange = High, etc). They are organized by number of vulnerabilities for a given criticality. In other words, reading left to right and top to bottom, the upper left most entry of any given color contains the most vulnerabilities of that criticality, and none for the category above it.

For example, consider the following image:

Imgur

192.168.1.232 contains the most critical vulnerabilities, and 192.168.1.7 contains the least (but a least one). 192.168.1.170 contains the most high vulnerabilities, and no critical vulnerabilities. 192.168.1.6 contains the most medium vulnerabilities, and no critical or high vulnerabilities.

Click each IP address to see the vulnerabilities associated with that host. You may then click each vulnerability name to see details about that vulnerability, including description, affected port/service, and any available mitigations.

Important The templates use jQuery to properly format that pages, and it can take a while to format larger pages. Be sure to allow the scripts to continue to run (or run at all), or the pages won't look good.

At any time, click “Dashboard” in the upper right navigation menu to get back to the main view.

By Vulnerability: In the upper right corner of index.html, click “Vulnerability Report”. This report can be huge and will take a while to load (jQuery is formatting the data in the background). If you get prompted to continue running scripts on the page, click “Yes”.

Once formatting is complete, you will be presented with a “master list” of all vulnerabilities for that Nessus scan. Similar to the reports by IP, the vulnerability report is presented in a drill-down style. Click each vulnerability to see a list of hosts affected by that vulnerability, as well as details, port/service, mitigations, etc.

At any time, click “Dashboard” in the upper right navigation menu to get back to the main view.

CIS Benchmark Scans

VCR also supports reporting of Nessus CIS Benchmark scans. The biggest difference between reporting on a Basic Network Scan vs a CIS Benchmark scan is that the Basic Network Scan reports show vulnerabilities by host, whereas the CIS Benchmark report shows the checks run against each host and a “Pass/Fail” status:

Imgur

The procedure for generating the reports for a CIS Benchmark .nessus file is the same as a Basic Network Scan with a couple of important additions, specifically you must pass the –CIS switch parameter as well as the –OperatingSystem parameter.

For example:

PS C:\VCR> .\Parse-Nessus.ps1 -NessusFilePath "C:\vcr\acme-cis-win7.nessus" -CustomerName "Acme Corporation" -CIS -OperatingSystem Windows7

Important to note that it’s implied that each .nessus file only targets one versions of Windows at a time. This is generally how the CIS benchmarks are setup by default, but if you combine scans for different versions of Windows into the same .nessus file, then the script will give unpredictable results (if it works at all).

Creating your own template

Though you are certainly free to use the provided templates, many users will want to customize them to their own organization/company. This is perfectly acceptable and can be done so without permission.

There are two included template directories: template-cisbenchmark and template-networkscan. Do not change the template directory names or the script will not work.

If simply modifying the existing templates:

  1. Replace the /images/logo.jpg file with your own
  2. In the template directory, open templateByVuln.html, templateDashboard.html, and templateFindings.html and do a Find/Replace for “SynerComm”, replacing with your own organization name

If creating your own template:

  1. Template directories must be named: template-cisbenchmark & template-networkscan
  2. Preserve the existing template directory structure and naming conventions
  3. Three template files must exist:
    1. templateFindings.html – This is the html page that is displayed per individual IP
    2. templateDashboard.html – The main page that gets transformed to index.html
    3. templateByVuln.html – The Vulnerability Report template page
  4. In each of the template files, you may place the following substitution variables anywhere on the page (note, you must include the pipe character “|” before and after each variable name. Variables are case sensitive)
  5. The below table lists the substitution variables and which template files the script searches for them in In the Template File field:
    1. D = templateDashboard.html
    2. F = templateFindings.html
    3. V = templateByVuln.html
    4. A = All template files

Variable Name

Template File Description
GENERATEDDATE
REPORTINFO
TOTALFINDINGS
TOTALCRITICAL
TOTALHIGH
TOTALMEDIUM
TOTALLOW
TOTALINFORMATIONAL
TOTALCHECKS
TOTALFAILED
TOTALPASSED
TOTALERRORS
OPERATINGSYSTEM
HOST
COMPANYNAME

Download Links & Contact Info

You may download the Parse-Nessus.ps1 script and available templates above. If you have any questions, comments, or issues with the script, or would like to see any feature enhancements, please open an issue here.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.