I hacked a python script together to parse out web hosts (and their corresponding URLs) from nessus XML output. I’m using this as part of my pentesting workflow to feed to other web-based tools like, EyeWitness, Nikto, dirb, gobuster, etc.
Feed it a single argument that points at the Nessus output file.
Something like:
./parse_nessus_web.py /path/to/file.nessus
It produces output in the form:
http://192.168.0.221:80 http://192.168.21.21:80 https://192.168.0.221:443 https://192.168.88.1:8443
You can also find this in my Gists at github at https://gist.github.com/ryan-wendel/cc4c0afc62757860bb8fccf47055c358
The entire script:
#!/usr/bin/python
import sys
import os.path
try:
import xml.etree.cElementTree as ET
except ImportError:
import xml.etree.ElementTree as ET
file=sys.argv[1]
def usage():
print "Usage: " + sys.argv[0] + " <input file>\n"
def find(find, list):
for i, val in enumerate(list):
if val == find:
return True
return False
if not os.path.isfile(file):
print "Error: Input file does not exist\n"
usage()
exit()
doc = ET.parse(file).getroot()
hosts = doc.findall('Report/ReportHost')
http_sockets = []
https_sockets = []
for host in hosts:
#print "################## host = " + host.get('name')
items = host.findall('ReportItem')
for item in items:
if item.get('pluginName') == 'HTTP Server Type and Version':
for tag in host.findall('HostProperties/tag'):
if tag.attrib['name'] == 'host-ip':
socket = tag.text + ":" + item.get('port')
http_sockets.append(socket)
for host in hosts:
#print "################## host = " + host.get('name')
items = host.findall('ReportItem')
for item in items:
if item.get('pluginName') == 'SSL / TLS Versions Supported':
for tag in host.findall('HostProperties/tag'):
if tag.attrib['name'] == 'host-ip':
socket = tag.text + ":" + item.get('port')
if find(socket, http_sockets):
https_sockets.append(socket)
for socket in http_sockets:
if not find(socket, https_sockets):
print "http://" + socket
for socket in https_sockets:
print "https://" + socket
