Pulling web hosts from Nessus output

I hacked a python script together to parse out web hosts (and their corresponding URLs) from nessus XML output. I’m using this as part of my pentesting workflow to feed to other web-based tools like, EyeWitness, Nikto, dirb, gobuster, etc.

Feed it a single argument that points at the Nessus output file.

Something like:

./parse_nessus_web.py /path/to/file.nessus

It produces output in the form:

http://192.168.0.221:80
http://192.168.21.21:80
https://192.168.0.221:443
https://192.168.88.1:8443

You can also find this in my Gists at github at https://gist.github.com/ryan-wendel/cc4c0afc62757860bb8fccf47055c358

The entire script:

#!/usr/bin/python

import sys
import os.path
try:
    import xml.etree.cElementTree as ET
except ImportError:
    import xml.etree.ElementTree as ET

file=sys.argv[1]

def usage():
     print "Usage: " + sys.argv[0] + " <input file>\n"

def find(find, list):
    for i, val in enumerate(list):
        if val == find:
            return True

    return False

if not os.path.isfile(file):
     print "Error: Input file does not exist\n"
     usage()
     exit()


doc = ET.parse(file).getroot()
hosts = doc.findall('Report/ReportHost')

http_sockets = []
https_sockets = []

for host in hosts:
    #print "################## host = " + host.get('name')
    items = host.findall('ReportItem')
    for item in items:
        if item.get('pluginName') == 'HTTP Server Type and Version':
            for tag in host.findall('HostProperties/tag'):
                if tag.attrib['name'] == 'host-ip':
                    socket = tag.text + ":" + item.get('port')
                    http_sockets.append(socket)

for host in hosts:
    #print "################## host = " + host.get('name')
    items = host.findall('ReportItem')
    for item in items:
        if item.get('pluginName') == 'SSL / TLS Versions Supported':
            for tag in host.findall('HostProperties/tag'):
                if tag.attrib['name'] == 'host-ip':
                    socket = tag.text + ":" + item.get('port')
                    if find(socket, http_sockets):
                        https_sockets.append(socket)
                            

for socket in http_sockets:
    if not find(socket, https_sockets):
        print "http://" + socket

for socket in https_sockets:
	print "https://" + socket
Tagged , , , ,

Leave a Reply

Your email address will not be published.