= Ruby-Nessus == Description Ruby-Nessus is a ruby interface for the popular Nessus vulnerability scanner. Ruby-Nessus aims to deliver an easy yet powerful interface for interacting and manipulating Nessus scan results and configurations. Ruby-Nessus currently supports both version 1.0 and 2.0 of the .nessus file format. Please remember to submit bugs and request features if needed. More Information: * Documentation: http://rdoc.info/projects/mephux/ruby-nessus * More: http://www.packetport.net == Install sudo gem install ruby-nessus == Usage & Examples The below example illustrates how easy it really is to iterate of result data. require 'rubygems' require 'ruby-nessus' Nessus::Parse.new("example_v1.nessus", :version => 1) do |scan| puts scan.title # The Nessus Report Title. puts scan.runtime # The Scan Runtime. #=> 2 hours 23 minutes 12 seconds puts scan.host_count # Host Count. puts scan.unique_ports # All Unique Ports Seen. scan.each_host do |host| next if host.event_count.zero? # Next Host If Event Count Is Zero. puts host.hostname # The HostName For The Current Host. puts host.event_count # The Event Count For The Current Host. host.each_event do |event| next if event.severity.medium? # Next Event Is The Event Severity Is Low. (supports high? medium? low?) puts event.name if event.name # The Event Name If Not Blank. puts event.port # The Event Port. (supports .number, .protocol and .service) puts event.severity.in_words # The Current Event Severity In Words. i.e "High Severity" puts event.plugin_id # The Nessus Plugin ID. puts event.data if event.data # Raw Nessus Plugin Output Data. end end end You also have the ability to search for particular hostnames. In the near future I plan to add the ability to pass the hosts block a hash of options for more complex searches. scan.find_by_hostname("127.0.0.1") do |host| puts host.scan_start_time puts host.scan_stop_time puts host.scan_runtime host.high_severity_events do |event| puts event.severity.in_words puts event.port puts event.data if event.data end end There are a bunch of convenient methods (maybe more then needed) added to make reporting a bit easier to produce quickly from a raw scan file. If you do not pass :version as an option it will default to the 2.0 .nessus schema. Nessus::Parse.new("example_v2.nessus", :version => 2) do |scan| puts scan.event_percentage_for('low', true) #=> 8% puts scan.high_severity_count # High Severity Event Count puts scan.medium_severity_count # Medium Severity Event Count puts scan.low_severity_count # Low Severity Event Count puts scan.open_ports_count # Open Port Count puts scan.total_event_count #=> 3411 # Total Event Count puts scan.hosts.count #=> 12 scan.hosts.first do |host| puts host.hostname puts host.event_percentage_for('low', true) puts host.tcp_count #=> tcp, icmp, udp supported. host.each_event do |event| next if event.informational? puts event.severity.in_words puts event.synopsis puts event.description puts event.solution puts event.output puts event.risk end end end == Requirements * Ruby 1.8 or 1.9 * Nokogiri http://github.com/tenderlove/nokogiri == Todo * Add The Ability to parse the scan configuration and plugin options. * Building XML (.nessus) files configurations * Add Support For NBE File Formats. == Note on Patches & Pull Requests * Fork the project. * Make your feature addition or bug fix. * Add tests for it. This is important so I don't break it in a future version unintentionally. * Commit, do not mess with rakefile, version, or history. (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull) * Send me a pull request. Bonus points for topic branches. == Copyright Copyright (c) 2009 Dustin Willis Webber. See LICENSE for details.