Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/purplebaronj/Nessus_Parser
Parse Nessus scans and send data into Splunk, Elastic, Postgres or other
https://github.com/purplebaronj/Nessus_Parser
Last synced: 22 days ago
JSON representation
Parse Nessus scans and send data into Splunk, Elastic, Postgres or other
- Host: GitHub
- URL: https://github.com/purplebaronj/Nessus_Parser
- Owner: purplebaronj
- Created: 2018-04-16T16:40:26.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2022-12-08T10:07:28.000Z (about 2 years ago)
- Last Synced: 2024-08-05T17:44:40.971Z (4 months ago)
- Language: Python
- Homepage:
- Size: 11.7 KB
- Stars: 5
- Watchers: 0
- Forks: 0
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - purplebaronj/Nessus_Parser - Parse Nessus scans and send data into Splunk, Elastic, Postgres or other (Python)
README
## Nessus Parser
This parser is designed to parse Tenable Nessus scans (.nessus format) and send parsed output to an external tool for further analysis.
### Third Party Tools Supported
Currently, the application supports sending data into Postgres, Splunk and ElasticSearch but it has been architected in such a way as to allow adding additional support without requiring major changes to the codebase.### Custom Parsing of Nessus Plugins
In addition to allowing for multiple tools for output and storage of Nessus data, there is also the ability to add or remove custom parsers for specific Nessus plugins. This is necessary since various Nessus plugins do not provide output that allows security practitioners to view each item as its own individual event. For example, software, service, and user centered plugins are a few that can be parsed specifically to provide a cleaner breakdown of individual events.### Usage -
By default, the nessus_parser script will look for a .parser_config file in the source code directory. This file will be used to store any credentials needed to authenticate to the various supported "outputters" or data storage tools. Examples of what this file should look like are as follows;
Setting up for ElasticSearch -
```
[Credentials]
TITLE=Elasticsearch
INDEX=test
USER=admin
PASSWORD=password
HOST=127.0.0.1
PORT=9200
```
Setting up for Postgres -
```
[Credentials]
TITLE=Postgres
DATABASE=test
USER=postgres
PASSWORD=password
HOST=127.0.0.1
PORT=5432
```Setting up for Splunk -
```
[Credentials]
TITLE=Splunk
INDEX=test
USER=admin
PASSWORD=password
HOST=127.0.0.1
PORT=8089
```
If no parser_config is specified, the default is to print all parsed data back to the screen.You can either choose to parse all .nessus files in a folder, or choose to parse an individual file
```
python nessus_parser.py --directory=/Users/julian/Nessus_Scans
```or if you only wish to parse an individual scan
```
python nessus_parser.py --scan=/Users/julian/Nessus_Scans/test.nessus
```