<<

NAME

Parse::Nessus::NBE - use to extract specific data from Nessus NBE files

SYNOPSIS

        use Parse::Nessus::NBE;

        function(@nessusdata);
        
        function(@nessusdata,$query);   

DESCRIPTION

This module is designed to extract information from Nessus NBE files. Functions have been designed to return certain sets of data, such as service banners and OS versions. Other functions have been provided that will return more specific information, such as all IPs listening on a given port or all IPs associated with a specified plugin id.

EXAMPLES

To obtain a list of banners

        my @banners =  nbanners(@nessusdata);
        print @banners;
        
        # returns
        IP|service banner

        # example
        192.168.0.5|CompaqHTTPServer/2.1
        192.168.0.11|Apache/1.3.26 (Unix) mod_perl/1.24
        192.168.0.30|Microsoft-IIS/5.0
        192.168.0.31|220 cpan01 FTP server (SunOS 5.8) ready.
        192.168.0.51|NetWare HTTP Stack
        192.168.0.99|220 Service ready for new user.
        ...

To query by port

        my $port = 80;
        my @ports = nports(@nessusdata,$port);          
        print @ports;
        
        # returns
        IP|specified port
        
        # example
        192.168.0.5|ssh (22/tcp)
        192.168.0.6|ssh (22/tcp)
        192.168.0.8|ssh (22/tcp)
        192.168.0.23|ssh (22/tcp)
        192.168.0.89|ssh (22/tcp)
        ...

To obtain a list of web directories

        my @webdirs = nwebdirs(@nessusdata);            
        print @webdirs;
        
        # returns 
        IP|web port|web dir(s)|web dir(s) requiring authentication

        # example
        192.168.0.21|http (80/tcp)|/css /design /downloads /images /js
        192.168.0.43|http (80/tcp)|/images /public|/console
        192.168.0.47|https (443/tcp)|/files /html /images /js /jsp
        192.168.0.101|https (443/tcp)|/application /common /images /report|/printers
        192.168.0.110|http (80/tcp)|/admin
        ...

To obtain a list of nfs shares

        my @nfs = nnfs(@nessusdata);                            
        print @nfs;
        
        # returns 
        IP|nfs port|nfs share(s)
        
        # example
        192.168.0.11|nfs (2049/tcp)|/apps (mountable by everyone)
        192.168.0.31|nfs (2049/tcp)|/cdrom (mountable by everyone)
        192.168.0.28|nfs (2049/tcp)|/data (mountable by everyone)
        192.168.0.45|nfs (2049/tcp)|You are running a superfluous NFS daemon...
        192.168.0.108|nfs (2049/tcp)|You are running a superfluous NFS daemon...
        ...

To obtain a OS listing

        my @os = nos(@nessusdata);                              
        print @os;
        
        # returns 
        IP|OS version

        # example
        192.168.0.1|IOS 12.1.5-12.2(6a), Cisco IOS 12.1(5)-12.2(7a)
        192.168.0.154|Linux 2.1.19 - 2.2.20
        192.168.0.111|HP Advancestack Etherswitch 224T or 210
        192.168.0.92|AIX 4.2-4.3.3
        192.168.0.10|NT Server 4.0 SP4-SP5 running Checkpoint Firewall-1
        ...

To obtain a listing of SNMP community strings

        my @snmp = nsnmp(@nessusdata);                          
        print @snmp;

        # returns 
        IP|SNMP community string(s)

        # example
        192.168.0.1|private public
        192.168.0.111|public
        192.168.0.121|private public
        192.168.0.128|private public
        192.168.0.145|public
        ...

To query by plugin id

        my $plugin = 10667;
        my @plugin = nplugin(@nessusdata,$plugin);      
        print @plugin;

        # returns
        IP|port|plugin data

        # example
        192.168.0.202|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
        192.168.0.222|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
        192.168.0.235|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
        192.168.0.236|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
        192.168.0.237|https (443/tcp)|...OpenSSL which is;older than 0.9.6e...
        ...

To obtain a OS count, useful for graphing

        my @countos = nstatos(nessusdata);
        print @countos;

        # returns
        OS version|count

        # example
        Windows NT4 or 95/98/98SE|17
        Windows 2000 Advanced Server SP3|14
        TOPS-20 Monitor 7(21733),KL-10 (DEC 2065)|11
        Cisco router running IOS 12.1.5-12.2.13a|11
        PS2 Linux 1.0|9
        Linux 2.4.17 on HP 9000 s700|7
        Cisco 2620 running IOS 12.1(6)|6
        Windows 2000 Server SP3|5
        Windows NT4 Workstation SP6a|4
        Nortel/Alteon ACE Director 3 Version 6.0.42-B|4

To obtain a service count, useful for graphing

        my @countservices = nstatservices(nessusdata);
        print @countservices;

        # returns
        service port|count

        #example
        http (80/tcp)|69
        telnet (23/tcp)|48
        netbios-ssn (139/tcp)|48
        https (443/tcp)|46
        loc-srv (135/tcp)|42
        ftp (21/tcp)|39
        smtp (25/tcp)|34
        pcanywheredata (5631/tcp)|30
        ssh (22/tcp)|25
        sun-answerbook (8888/tcp)|22

To obtain a vulnerability count, useful for graphing

        # note: options are as follows:
        # 1 returns high severity vulnerabilties
        # 2 returns medium severity vulnerabilities
        # 3 returns low level security notes
        
        my @countvulns = nstatvulns(@nessusdata,1);
        print @countvulns;

        #returns
        plugin id|count

        #example
        11875|40
        11412|17
        10116|12
        11856|11        
        10932|10
        10937|7
        11793|6

AUTHOR

David J Kyger <dave@norootsquash.net>

Thanks

Gwendolynn ferch Elydyr <gwen@reptiles.org>

COPYRIGHT

Copyright 2003 David J Kyger. All rights reserved.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

<<