shellntel / vcr Goto Github PK

I have run the script as below
.\Parse-Nessus.ps1 -NessusFilePath "C:\Temp\Test_2012_R2_DC_Compliance_fb6h13.nessus" -CustomerName "Windows 2012 - 2" -CIS -OperatingSystem "Windows 2012"

Report does not show the pass fail green red checks. Reports incorrectly where there are 3 failed, 20 errors and 198 passed, it shows 1 failed, 20 errors and 201 passed and the At-A-Glance percentage shows 91% passed, no fails and 9% failed.

Is there anything I should change?

Can't get the FQDN resolution from a Nessus scan report. Individual report shows UKNOWN and we need to change manually. When we browse the nessus file, we find the FQDN names.

I was just wondering if it is possible to change the showed IP under reports by host on the dashboard to show the username or FQDN instead? I've tried to make it so myself by changing the variable, but my Powershell skills aren't very high..

Any plans to provide a report view with DNS names?

Is there a way to disable MaxCharactersInDocument setting or increase the limit? I have a rather large Nessus file with thousands of hosts. When I run the script, I get following error:

Select-Xml : The file 'C:\vcr-master\InternalScan.nessus' cannot be read: The input document has exceeded a limit set by MaxCharactersInDocument.
At C:\vcr-master\Parse-Nessus.ps1:903 char:18
+ ... portitems = Select-Xml -Path $path -XPath "/NessusClientData_v2/Repor ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidArgument: (C:\vcr-master\InternalScan.nessus:String) [Select-Xml], ArgumentException
    + FullyQualifiedErrorId : ProcessingFile,Microsoft.PowerShell.Commands.SelectXmlCommand

Thanks.

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#vcr

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

• Open source: Every information is available and up to date. If an information is missing or deprecated, you are invited to (help us).
• Practical: Content is categorized and table formatted, allowing to search, browse, sort and filter.
• Fast: Using static and client side technologies resulting in fast browsing.
• Rich tables: search, sort, browse, filter, clear
• Fancy informational popups
• Badges / Shields
• Static API
• Twitter bot

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why?

• Specialized websites: Some websites are referencing tools but additional information is not available or browsable. Make additional searches take time.
• Curated lists: Curated lists are not very exhaustive, up to date or browsable and are very topic related.
• Search engines: Search engines sometimes does find nothing, some tools or resources are too unknown or non-referenced. These is where crowdsourcing is better than robots.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool, more and more people are using the Rawsec's CyberSecurity Inventory, this helps them find what they need.

Badges

The badge shows to your community that your are inventoried. This also shows you care about your project and want it growing, that your tool is not an abandonware.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make the project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care.

I do get an end report (very nice btw), however the script errors on each host creating the html report with this:

"At C:\Local\NessusResults\Parse-Nessus.ps1:607 char:10

• $data | Set-Content -Path $findingssavepath
  

•         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : ObjectNotFound: (C:\JohnLocal\Ne...-88-67-109.html:String) [Set-Content], DirectoryNotFoundExce
  • FullyQualifiedErrorId : GetContentWriterDirectoryNotFoundError,Microsoft.PowerShell.Commands.SetContentCommand"

I also get errors creating the ipsbyvuln.txt with this error:

Out-File : Could not find a part of the path 'C:\Local\NessusResults\org
At C:\Local\NessusResults\Parse-Nessus.ps1:1326 char:12

• $output | Out-File "$extraspath\ipsbyvuln.txt"
  

•           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : OpenError: (:) [Out-File], DirectoryNotFoundException
  • FullyQualifiedErrorId : FileOpenFailure,Microsoft.PowerShell.Commands.OutFileCommand

Running in debug, here is the error we get:

PS C:\inetpub\scans> C:\Scripts\Nessus_Schedule.ps1
DEBUG: NessusFilePath: \ZZZ\nessus\6923.nessus
DEBUG: CustomerName: ZZZ
DEBUG: Current Dir: C:\inetpub\scans
DEBUG: TemplatePath: C:\Scripts\vcr-master\template-networkscan
DEBUG: NewFolderPath: C:\inetpub\scans\ZZZ-20191231021514
[] Performing PreReq Checks...
[] Parsing Nessus File (could take a while)...
DEBUG: Parse-NessusFile: Entered Parse-NessusFile
DEBUG: Parse-NessusFile: Successfully loaded xml into memory
Exception calling "ContainsKey" with "1" argument(s): "Key cannot be null.
Parameter name: key"
At C:\Scripts\vcr-master\Parse-Nessus.ps1:935 char:6

• if ($vulnnames.ContainsKey($vulnname) -eq $false)
  

•     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  

  • CategoryInfo : NotSpecified: (:) [], MethodInvocationException
  • FullyQualifiedErrorId : ArgumentNullException

Line 935 of the script:

#region NESSUS FILE PARSING

function Update-UniqueVulns($vulnname, $criticality)
{
if ($vulnnames.ContainsKey($vulnname) -eq $false)
{
$script:vulnnames.Add($vulnname, $criticality)
Write-Debug "Update-UniqueVulns: Added uniqe vulnn to $ vulnnames: $vulnname"
}
}

Something in the format of the Nessus file changed so $vulnname variable is returning null.

Does this support multiple .nessus files and merge into one output?