Parse::Nessus::ENX version 1.1 =============================== DESCRIPTION This module is designed to extract information from Extended NSR (ENX) files. Certain functions have been designed to return certain sets of data, such as service banners and OS versions. Other functions have been provided that will return more specific information, such as all IPs listening on a given port or all IPs associated with a specified plugin id. To install: % perl Makefile.PL % make % make test % make install Examples: To obtain a list of banners my @banners = ebanners(@nessusdata); print @banners; # returns IP|service banner # example 192.168.0.5|CompaqHTTPServer/2.1 192.168.0.11|Apache/1.3.26 (Unix) mod_perl/1.24 192.168.0.30|Microsoft-IIS/5.0 192.168.0.31|220 cpan01 FTP server (SunOS 5.8) ready. 192.168.0.51|NetWare HTTP Stack 192.168.0.99|220 Service ready for new user. ... To query by port my $port = 22; my @ports = eports(@nessusdata,$port); print @ports; # returns IP|specified port # example 192.168.0.5|ssh (22/tcp) 192.168.0.6|ssh (22/tcp) 192.168.0.8|ssh (22/tcp) 192.168.0.23|ssh (22/tcp) 192.168.0.89|ssh (22/tcp) ... To obtain a list of web directories my @webdirs = ewebdirs(@nessusdata); print @webdirs; # returns IP|web port|web dir(s)|web dir(s) requiring authentication # example 192.168.0.21|http (80/tcp)|/css /design /downloads /images /js 192.168.0.43|http (80/tcp)|/images /public|/console 192.168.0.47|https (443/tcp)|/files /html /images /js /jsp 192.168.0.101|https (443/tcp)|/application /report|/printers 192.168.0.110|http (80/tcp)|/admin ... To obtain a list of nfs shares my @nfs = enfs(@nessusdata); print @nfs; # returns IP|nfs port|nfs share(s) # example 192.168.0.11|nfs (2049/tcp)|/apps (mountable by everyone) 192.168.0.31|nfs (2049/tcp)|/cdrom (mountable by everyone) 192.168.0.28|nfs (2049/tcp)|/data (mountable by everyone) 192.168.0.45|nfs (2049/tcp)|You are running a superfluous NFS daemon... 192.168.0.108|nfs (2049/tcp)|You are running a superfluous NFS daemon... ... To obtain a OS listing my @os = eos(@nessusdata); print @os; # returns IP|OS version # example 192.168.0.1|IOS 12.1.5-12.2(6a), Cisco IOS 12.1(5)-12.2(7a) 192.168.0.154|Linux 2.1.19 - 2.2.20 192.168.0.111|HP Advancestack Etherswitch 224T or 210 192.168.0.92|AIX 4.2-4.3.3 192.168.0.10|NT Server 4.0 SP4-SP5 running Checkpoint Firewall-1 ... To obtain a listing of SNMP community strings my @snmp = esnmp(@nessusdata); print @snmp; # returns IP|SNMP community string(s) # example 192.168.0.1|private public 192.168.0.111|public 192.168.0.121|private public 192.168.0.128|private public 192.168.0.145|public ... To query by plugin id my $plugin = 10667; my @plugin = eplugin(@nessusdata,$plugin); print @plugin; # returns IP|port|plugin data # example 192.168.0.202|https (443/tcp)|...OpenSSL which is;older than 0.9.6e... 192.168.0.222|https (443/tcp)|...OpenSSL which is;older than 0.9.6e... 192.168.0.235|https (443/tcp)|...OpenSSL which is;older than 0.9.6e... 192.168.0.236|https (443/tcp)|...OpenSSL which is;older than 0.9.6e... 192.168.0.237|https (443/tcp)|...OpenSSL which is;older than 0.9.6e... ... To obtain a OS count, useful for graphing my @countos = estatos(@nessusdata); print @countos; # returns OS version|count # example Windows NT4 or 95/98/98SE|17 Windows 2000 Advanced Server SP3|14 TOPS-20 Monitor 7(21733),KL-10 (DEC 2065)|11 Cisco router running IOS 12.1.5-12.2.13a|11 PS2 Linux 1.0|9 Linux 2.4.17 on HP 9000 s700|7 Cisco 2620 running IOS 12.1(6)|6 Windows 2000 Server SP3|5 Windows NT4 Workstation SP6a|4 Nortel/Alteon ACE Director 3 Version 6.0.42-B|4 To obtain a service count, useful for graphing my @countservices = estatservices(@nessusdata); print @countservices; # returns service port|count #example http (80/tcp)|69 telnet (23/tcp)|48 netbios-ssn (139/tcp)|48 https (443/tcp)|46 loc-srv (135/tcp)|42 ftp (21/tcp)|39 smtp (25/tcp)|34 pcanywheredata (5631/tcp)|30 ssh (22/tcp)|25 sun-answerbook (8888/tcp)|22 To obtain a vulnerability count, useful for graphing # note: options are as follows: # 1 returns high severity vulnerabilties # 2 returns medium severity vulnerabilities # 3 returns low level security notes my @countvulns = estatvulns(@nessusdata,1); print @countvulns; #returns plugin id|count #example 11875|40 11412|17 10116|12 11856|11 10932|10 10937|7 11793|6 For documentation: % perldoc Parse::Nessus::ENX If you find this module to be useful, please let me know. All comments and requests for additions are welcome. thanks to Gwen for the %EXPORT_TAGS patch David J Kyger http://www.norootsquash.net