PowerShell and .Nessus files

Tenable Nessus is a commonly used scanner in the enterprise.  The native (version 2) .nessus files which it creates are XML files which contain information about the scan settings, plus the data collected about the hosts.  Parsing these files is typically done with a Python script — a Google search yields over 140K results.  Looking for something in PowerShell will lead you to the Posh-NVS module written by Carlos Perez, at http://www.darkoperator.com.

You can get the Posh-NVS module from https://github.com/darkoperator/Posh-NVS.  Download the ZIP and extract it.  Rename the folder to Posh-NVS,  Before you copy or move the Posh-NVS under your modules folder., you should remove all streams from the files in the Posh-NVS folder.  I used the command:
gci -Recurse |  Remove-Item -Stream *

If you fail to do this you may get an “Operation is not supported” error importing the module.

There are many interesting cmdlets in the Posh-NVS module, but I was most interested in reading a .nessus file.  The cmdlet for this is Import-NessusV2Report.  When you use this cmdlet, the result is a hash table which needs to be expanded to be in a format we want.  Import-NessusReport.ps1 is an example script which prompts for a .nessus file and then converts the file and exports as CSV.  It could easily be modified to do a bulk insert into SQL.

I corresponded with Mr. Perez several times trying to get this to work.  I hope this helps spread the word and ease installation.

UPDATE:  I have written my own PowerShell .Nessus file converter which does not require a module.
Script Text

About Alan

See http://www.akaplan.com/blog/about/
This entry was posted in PowerShell, Scripting, Security and tagged , . Bookmark the permalink.

Leave a Reply