Giter Club home page Giter Club logo

nessustoreport's Introduction

NessusToReport

Github地址:https://github.com/Hypdncy/NessusToReport

不需要KEY也可以自动翻译、并且翻译后自动保存在本地数据库

这是一个nessus自动报告生成工具,可以用来自动生成nessus扫描器的中文报告--NessusToReport,程序有两种报告方式:

  • 漏洞排序:以漏洞为单位一一罗列拥有该漏洞的主机及其信息
  • 主机排序:以主机为单位一一罗列主机所拥有的漏洞及其信息
  • 单个主机:以主机为单位一一罗列每个主机的漏洞报告(一个主机一份报告)

使用说明

数据库

由于github LFS超额,在github上使用原数据库,新的数据库更新链接如下,感谢@MatriX925 的更新 链接: https://pan.baidu.com/s/1a4jcHCY8G-q65nmehlMTfw?pwd=gwtd 提取码: gwtd 下载后将文件放置在cnf目录下替换vuln.db即可,csv文件放置在data/nessus目录下

安装方法

建议在windows下安装python3.8+版本

python3.6及其以下版本可能会出现字典错误

python3.8及其以下版本可能会出现携程错误

root@hypdncy:~# pip install -r requirement.txt

使用方法

  1. 导出nessus的csv,放置到./data/nessus目录下
  2. 更新自己的实施范围./data/systems.csv
  3. 更新自己的配置信息./config.py
  4. 执行命令python main.py
root@hypdncy:~# python main.py # 默认出漏洞排序类型扫描报告
root@hypdncy:~# python main.py -t loops # 指定漏洞排序类型扫描报告
root@hypdncy:~# python main.py -t hosts # 指定主机排序类型扫描报告
root@hypdncy:~# python main.py -t host  # 指定单个主机类型扫描报告

配置说明

本工具具有翻译功能,需要自己申请百度、有道翻译API的key,并将其配置到./cnf/const.py

百度API的Key最好进行个人高级认证,这样翻译的QPS为10,否则翻译时会造成KeyError的情况

有道翻译API是之前的代码未进行验证,欢迎有有道Key的同学push代码

其他翻译渠道需要在./modle/common/translate/添加翻译API的功能,并在./modle/handle.py中调用

修改基本信息

该修改会修改模板中{xxx-xxx}标记的部分,程序运行时会将如下两个配置中的信息对其金星覆盖

  1. 临时修改:修改./config.pyconfig_data
  2. 永久修改:修改./cnf/data.pycnf_data

配置实施范围

  • 配置说明:该配置将会替换文档中的实施范围
  • 直接修改./data/systems.csv

漏洞配置

记得使用完以下功能后将他们注释,防止下次生成报告时,使用该次的配置

配置自定义IP限制

  • 配置说明:该配置在生成报告时会限制与配置范围IP的所有漏洞信息,主要用于段扫描时限制主机范围
  • 配置位置:config.py中config.nessus_only_ips参数

配置自定义IP忽略

  • 配置说明:该配置在生成报告时会忽略与配置相同IP的所有漏洞信息,主要用于段扫描时忽略本机漏洞
  • 配置位置:config.py中config.nessus_ignore_ips参数

配置自定义漏洞忽略

  • 配置说明:该配置在生成报告时会忽略与配置相同plugin_id的漏洞,主要用于大量扫描时的批量删除
  • 配置位置:config.py中config.nessus_ignore_ids参数

配置自定义漏洞等级

  • 该配置在生成报告时会修改与配置plugin_id的漏洞等级,主要用于调整漏洞等级(鸡肋)
  • 配置位置:config.py中config.nessus_risk_self参数

配置自定义漏洞信息

  • 配置说明:该配置将会覆盖其他来源的漏洞信息,主要用于没有翻译API时,人工翻译./logs/loops_error.json,将其配置复制到该参数下
  • 配置位置:config.py中config.nessus_vuln_self参数

更新说明

  1. 项目不定期发布漏洞库vuln.db,在release中可以下载,并替换到./cnf/目录下
  2. 各位可以将./logs/loops_error.json中的信息push到我的github,我将会翻译并将其更新其到数据库中
  3. 在翻译漏洞后可以手动更新vuln.db,cd ./modle/common/update && python updb.py

演示图

演示图漏洞排序

演示图

演示图主机排序

演示图

Copyright (c) 2020 Hypdncy

nessustoreport's People

Contributors

ayshstudio avatar hypdncy avatar tanzhixu avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

nessustoreport's Issues

请教大佬这个报错怎么解?

c:\NessusToReport-master\NessusToReport-master>python main.py -t hosts
2022-01-21 21:30:39,236 - root - INFO - 开始初始化数据
2022-01-21 21:30:39,238 - root - INFO - ---开始读取数据
2022-01-21 21:30:39,292 - root - INFO - ----漏洞种类总数:23
2022-01-21 21:30:39,293 - root - INFO - ----漏洞主机总数:18
2022-01-21 21:30:39,294 - root - INFO - ---开始翻译数据
2022-01-21 21:30:39,299 - root - INFO - ------翻译漏洞总数:4
2022-01-21 21:30:41,647 - root - INFO - ------翻译完成
2022-01-21 21:30:41,649 - root - INFO - 开始生成主机排序报告
2022-01-21 21:30:41,650 - root - INFO - ---开始处理数据
Traceback (most recent call last):
File "main.py", line 46, in
h.run()
File "c:\NessusToReport-master\NessusToReport-master\modle\handle.py", line 103, in run
func_type_runself.docxtype
File "c:\NessusToReport-master\NessusToReport-master\modle\handle.py", line 66
, in run_hosts
DataHosts(self.LOOPHOLES).run()
File "c:\NessusToReport-master\NessusToReport-master\modle\data\hosts.py", lin
e 83, in run
super(DataHosts, self).run()
File "c:\NessusToReport-master\NessusToReport-master\modle\data\base.py", line
93, in run
self._gen_data_systems()
File "c:\NessusToReport-master\NessusToReport-master\modle\data\base.py", line
81, in _gen_data_systems
next(f)
File "C:\Program Files\Python38\lib\codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc4 in position 0: invalid
continuation byte

无法读取到漏洞信息

system.csv文件里配置好了IP地址,nessus导出的默认csv文件也放在同文件夹下了,但是好像没有读取到,漏洞数量显示为0。
nessus版本:10.3.0 (#80) DARWIN
插件库版本:202301231642

截屏2024-01-05 23 14 46 image

ValueError: invalid literal for int() with base 10: 'aiautosumm01'

2021-05-21 17:35:06,100 - root - INFO - ------翻译完成
2021-05-21 17:35:06,106 - root - INFO - 开始生成漏洞排序报告
2021-05-21 17:35:06,106 - root - INFO - ---开始处理数据
Traceback (most recent call last):
File "D:\tools\NessusToReport\main.py", line 46, in
h.run()
File "D:\tools\NessusToReport\modle\handle.py", line 95, in run
func_type_runself.docxtype
File "D:\tools\NessusToReport\modle\handle.py", line 75, in run_loops
DataLoops(self.LOOPHOLES).run()
File "D:\tools\NessusToReport\modle\data\loops.py", line 101, in run
self._sort_and_gen_date()
File "D:\tools\NessusToReport\modle\data\loops.py", line 89, in _sort_and_gen_date
loop_host_ports[plugin_id] = dict(sorted(host_ports.items(), key=key))
File "D:\tools\NessusToReport\modle\data\loops.py", line 76, in
return lambda x: IP(x[0]).int()
File "D:\tools\Python39\lib\site-packages\IPy.py", line 249, in init
(self.ip, parsedVersion) = parseAddress(ip, ipversion)
File "D:\tools\Python39\lib\site-packages\IPy.py", line 1422, in parseAddress
bytes = [int(x) for x in bytes]
File "D:\tools\Python39\lib\site-packages\IPy.py", line 1422, in
bytes = [int(x) for x in bytes]
ValueError: invalid literal for int() with base 10: 'aiautosumm01'

pywintypes.com_error: (-2147221005, '无效的类字符串', None, None)

Traceback (most recent call last):
File "main.py", line 46, in
h.run()
File "C:\Users\Administrator\Desktop\NessusToReport-20210521\modle\handle.py",
line 95, in run
func_type_runself.docxtype
File "C:\Users\Administrator\Desktop\NessusToReport-20210521\modle\handle.py",
line 84, in run_all
self.run_loops()
File "C:\Users\Administrator\Desktop\NessusToReport-20210521\modle\handle.py",
line 78, in run_loops
DocxLoops(self.LOOPHOLES).run()
File "C:\Users\Administrator\Desktop\NessusToReport-20210521\modle\docx\loops.
py", line 101, in run
self.update_doc_toc()
File "C:\Users\Administrator\Desktop\NessusToReport-20210521\modle\docx\base.p
y", line 193, in update_doc_toc
update_toc_win(docx_abs_file)
File "C:\Users\Administrator\Desktop\NessusToReport-20210521\modle\docx\base.p
y", line 181, in update_toc_win
word = win32com.client.DispatchEx("Word.Application")
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python38\lib\site-p
ackages\win32com\client_init_.py", line 113, in DispatchEx
dispatch = pythoncom.CoCreateInstanceEx(clsid, None, clsctx, serverInfo, (py
thoncom.IID_IDispatch,))[0]
pywintypes.com_error: (-2147221005, '无效的类字符串', None, None)

求助报错信息

各位大佬这是个什么情况呀,我用的大佬最新的vuln.db

2024-05-08 15:49:44,230 - root - INFO - 开始初始化数据
2024-05-08 15:49:44,230 - root - INFO - ---开始读取数据
2024-05-08 15:49:44,380 - root - INFO - ----漏洞种类总数:328
2024-05-08 15:49:44,380 - root - INFO - ----漏洞主机总数:1
2024-05-08 15:49:44,380 - root - INFO - ---开始翻译数据
2024-05-08 15:49:44,381 - root - INFO - ------翻译漏洞总数:44
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183232')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183751')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183410')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183384')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183750')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/182843')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/182891')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/182932')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/184161')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/184087')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183834')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/186225')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/185342')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/186209')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/184303')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/186226')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/186711')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/186991')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/186676')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/187680')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/183889')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/187955')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/189915')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/189998')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/190689')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/190713')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/190598')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/190124')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/191663')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/191736')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/192404')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/192577')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/193082')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/193362')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/192219')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/193701')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/193596')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/191794')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/194950')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/194474')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/193905')
0, message='', url=URL('https://www.tenable.com/plugins/nessus/195135')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/190874')
0, message='', url=URL('https://www.tenable.com/plugins/nessus/193872')
Traceback (most recent call last):
File "D:\pt\NessusToReport-1.2\main.py", line 48, in
h = Handle(args.docxtype, args.exceltype)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "D:\pt\NessusToReport-1.2\modle\handle.py", line 65, in init
func_translate_toolstranslate_tool.run()
File "D:\pt\NessusToReport-1.2\modle\common\translate\base.py", line 110, in run
for plugin_id, resinfo in cn_resinfos:
^^^^^^^^^^^^^^^^^^
TypeError: cannot unpack non-iterable NoneType object

一直报这个错误:400, message='Can not decode content-encoding: brotli (br). Please install `Brotli`'

2023-01-16 22:36:33,282 - root - INFO - 开始初始化数据
2023-01-16 22:36:33,282 - root - INFO - ---开始读取数据
2023-01-16 22:36:33,336 - root - INFO - ----漏洞种类总数:76
2023-01-16 22:36:33,336 - root - INFO - ----漏洞主机总数:13
2023-01-16 22:36:33,336 - root - INFO - ---开始翻译数据
2023-01-16 22:36:33,338 - root - INFO - ------翻译漏洞总数:25
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/130092')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/137654')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/117951')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/131325')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/137835')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/130021')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/137407')
400, message='Can not decode content-encoding: brotli (br). Please install Brotli', url=URL('https://zh-cn.tenable.com/plugins/nessus/132048')

Traceback (most recent call last):
TypeError: cannot unpack non-iterable NoneType object

这是咋回事

更新目录失败

WARNING - 更新目录失败,*nix请手动更新目录
请问下这个问题怎么解决

作者大大帮忙看下这个报错是什么原因哈!!!

File "main.py", line 48, in
h = Handle(args.docxtype, args.exceltype)
File "D:\NessusToReport\modle\handle.py", line 57, in init
self.LOOPHOLES.run()
File "D:\NessusToReport\modle\common\loophole\loopholes.py", line 185, in run
self._get_init_nessus()
File "D:\NessusToReport\modle\common\loophole\loopholes.py", line 105, in _get_init_nessus
if IPy.IP(host) in IPy.IP(nessus_ignore_ip, make_net=True):
File "C:\Users\HotSauce\AppData\Local\Programs\Python\Python38-32\lib\site-packages\IPy.py", line 249, in init
(self.ip, parsedVersion) = parseAddress(ip, ipversion)
File "C:\Users\HotSauce\AppData\Local\Programs\Python\Python38-32\lib\site-packages\IPy.py", line 1422, in parseAddress
bytes = [int(x) for x in bytes]
File "C:\Users\HotSauce\AppData\Local\Programs\Python\Python38-32\lib\site-packages\IPy.py", line 1422, in
bytes = [int(x) for x in bytes]
ValueError: invalid literal for int() with base 10: 'www'

使用报错

2024-05-09 12:36:02,101 - root - INFO - 开始初始化数据
2024-05-09 12:36:02,101 - root - INFO - ---开始读取数据
2024-05-09 12:36:02,109 - root - INFO - ----漏洞种类总数:13
2024-05-09 12:36:02,109 - root - INFO - ----漏洞主机总数:1
2024-05-09 12:36:02,109 - root - INFO - ---开始翻译数据
2024-05-09 12:36:02,111 - root - INFO - ------翻译漏洞总数:2
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/192466')
0, message='', url=URL('https://zh-cn.tenable.com/plugins/nessus/192568')
Traceback (most recent call last):
File "D:\XX\NessusToReport\main.py", line 48, in
h = Handle(args.docxtype, args.exceltype)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "D:\XX\NessusToReport\modle\handle.py", line 65, in init
func_translate_toolstranslate_tool.run()
File "D:\XX\NessusToReport\modle\common\translate\base.py", line 110, in run
for plugin_id, resinfo in cn_resinfos:
^^^^^^^^^^^^^^^^^^
TypeError: cannot unpack non-iterable NoneType object

CSV文件是UTF-8的,麻烦看下,谢谢

KeyError: 'trans_result'

2021-05-20 15:34:30,347 - root - INFO - 开始初始化数据
2021-05-20 15:34:30,347 - root - INFO - ---开始读取数据
2021-05-20 15:34:30,355 - root - INFO - ----漏洞种类总数:27
2021-05-20 15:34:30,355 - root - INFO - ----漏洞主机总数:3
2021-05-20 15:34:30,355 - root - INFO - ---开始翻译数据
Traceback (most recent call last):
File "f:/Tools工具/nessus报告生成/main.py", line 45, in
h = Handle(args.docxtype)
File "f:\Tools工具\nessus报告生成\modle\handle.py", line 54, in init
TranBaidu(self.LOOPHOLES).run()
File "f:\Tools工具\nessus报告生成\modle\common\translate\base.py", line 83, in run
self._tran()
File "f:\Tools工具\nessus报告生成\modle\common\translate\baidu.py", line 87, in _tran
self.LOOPHOLES[plugin_id][type_cn] = resinfo["trans_result"][0]["dst"]
KeyError: 'trans_result'

API配置在const.py
translate_baidu_appid = "2021xx"
translate_baidu_secret = "aOuxx"

nessus10.2出现以下报错,麻烦作者大大看看,附带我使用的csv文件

$ python main.py -t host
2023-03-05 22:37:27,748 - root - INFO - 开始初始化数据
2023-03-05 22:37:27,748 - root - INFO - ---开始读取数据
2023-03-05 22:37:27,760 - root - INFO - ----漏洞种类总数:65
2023-03-05 22:37:27,761 - root - INFO - ----漏洞主机总数:3
2023-03-05 22:37:27,761 - root - INFO - ---开始翻译数据
2023-03-05 22:37:27,762 - root - INFO - ------翻译漏洞总数:8
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
'trans_result'
Traceback (most recent call last):
File "main.py", line 45, in
h = Handle(args.docxtype)
File "C:\PMSec\tools\vulnerability-scanner\NessusToReport-1.1.1\modle\handle.py", line 63, in init
func_translate_toolstranslate_tool.run()
File "C:\PMSec\tools\vulnerability-scanner\NessusToReport-1.1.1\modle\common\translate\base.py", line 110, in run
for plugin_id, resinfo in cn_resinfos:
TypeError: cannot unpack non-iterable NoneType object
adv_scan_75e1kc.csv

word 报告中盲水印

使用 mac预览可以看到 生成报告中的 安恒信息的盲水印
使用win 打开是看不到的、mac 打开也看不到,但是分析word 文档是可以看到 盲水印

image

请问以下报错如何解决

Traceback (most recent call last):
File "D:\NessusToReport-master\main.py", line 49, in
h.run()
File "D:\NessusToReport-master\modle\handle.py", line 116, in run
func_type_runself.docxtype
File "D:\NessusToReport-master\modle\handle.py", line 86, in run_loops
DataLoops(self.LOOPHOLES).run()
File "D:\NessusToReport-master\modle\data\loops.py", line 99, in run
super(DataLoops, self).run()
File "D:\NessusToReport-master\modle\data\base.py", line 92, in run
self._gen_data_systems()
File "D:\NessusToReport-master\modle\data\base.py", line 83, in _gen_data_systems
system_host_names[str(row[0])] = str(row[1])
IndexError: list index out of range

读取数据为0

为什么我的读取数据为0,导出的csv文件中是有内容的。
image

执行时出现如下问题,怎么解决?

Traceback (most recent call last):
File "main.py", line 45, in
h = Handle(args.docxtype)
File "C:\Users\Downloads\NessusToReport-20210521\NessusToReport-20210521
modle\handle.py", line 54, in init
TranBaidu(self.LOOPHOLES).run()
File "C:\Users\Downloads\NessusToReport-20210521\NessusToReport-20210521
modle\common\translate\base.py", line 84, in run
self._tran()
File "C:\Users\Downloads\NessusToReport-20210521\NessusToReport-20210521
modle\common\translate\baidu.py", line 87, in _tran
self.LOOPHOLES[plugin_id][type_cn] = resinfo["trans_result"][0]["dst"]
KeyError: 'trans_result'

报告中漏洞详情功能请求

作者大佬可否在项目中针对导出的报告添加一部分描述:
在漏洞描述后增加漏洞详情或漏洞链接,
类似于:
远程 Web 服务器包含 PHP 脚本,该脚本容易遭受信息泄露攻击。

	漏洞描述:
许多PHP安装教程指导用户创建一个PHP文件,该文件调用PHP函数“phpinfo()”进行调试。各种PHP应用程序也可能包含这样的文件。通过访问这样的文件,远程攻击者可以发现关于远程web服务器的大量信息,包括:
--安装PHP的用户名 
—主机的IP地址。
—操作系统版本。
—web服务器版本。
—web服务器的根目录。

—远程安装PHP的配置信息。
	漏洞链接:
http://xxxx/info.php
当前PHP版本厂商已不支持
	漏洞描述:
根据现有版本,远程主机安装的PHP版本不再被厂商支持,意味着不再发布相关的安全补丁包,结果可能存在多个安全漏洞。
	漏洞详情:
  URL               : http://xxxx.xx.com/ (5.4.45 under X-Powered-By: PHP/5.4.45, http://10.10.20.192:801/info.php)
  Installed version : 5.4.45
  Fixed version     : 7.3.24

引用output中的信息
image

执行报错

Traceback (most recent call last):
File "main.py", line 45, in
h = Handle(args.docxtype)
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\handle.py", line 54, in init
TranBaidu(self.LOOPHOLES).run()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\common\translate\base.py", line 84, in run
self._tran()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\common\translate\baidu.py", line 87, in _tran
self.LOOPHOLES[plugin_id][type_cn] = resinfo["trans_result"][0]["dst"]
KeyError: 'trans_result'

默认状态下,示例无法生成标准word文件

环境:
win7
python3.8.10
nessus版本:Version8.2.3 (#186) LINUX Last Updated19-03-08 at 6:42 PM

问题描述:
git下载后按照文档操作,直接运行,word文档无漏洞内容显示。查看运行日志,
显示如下:
D:\02NessusToReport-master
λ python main.py -t loops
2023-02-16 19:55:43,166 - root - INFO - 开始初始化数据
2023-02-16 19:55:43,166 - root - INFO - ---开始读取数据
2023-02-16 19:55:43,173 - root - INFO - ----漏洞种类总数:0
2023-02-16 19:55:43,173 - root - INFO - ----漏洞主机总数:0
2023-02-16 19:55:43,174 - root - INFO - ---开始翻译数据
2023-02-16 19:55:43,176 - root - INFO - ------翻译漏洞总数:0
2023-02-16 19:55:43,185 - root - INFO - ------本地更新漏洞数量:0
2023-02-16 19:55:43,185 - root - INFO - ------翻译完成
2023-02-16 19:55:43,186 - root - INFO - 开始生成漏洞排序报告
2023-02-16 19:55:43,186 - root - INFO - ---开始处理数据
2023-02-16 19:55:43,187 - root - INFO - ---开始处理文档
2023-02-16 19:55:43,253 - root - INFO - ---保存漏洞排序文档:./XX客户主机扫描报告-漏洞排序-2023-02-16.docx
2023-02-16 19:55:43,253 - root - INFO - ---更新文档目录
2023-02-16 19:55:43,269 - root - WARNING - 更新目录失败,windows请安装word或者wps2019
2023-02-16 19:55:43,269 - root - INFO - ---程序结束---

D:\02NessusToReport-master
λ

keyerror 'trans_result'

感觉是翻译漏洞总数,如果为0, 运行就正常,否则报错 keyerror: 'trans_result'

编码报错

请问一下报编码出错,我核实了一下 文档里面没有乱码的东西Traceback (most recent call last):
File "main.py", line 46, in
h.run()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\handle.py", line 95, in run
func_type_runself.docxtype
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\handle.py", line 84, in run_all
self.run_loops()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\handle.py", line 75, in run_loops
DataLoops(self.LOOPHOLES).run()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\data\loops.py", line 100, in run
super(DataLoops, self).run()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\data\base.py", line 93, in run
self._gen_data_systems()
File "D:\Study\study_tools\Misc\NessusToReport-master\modle\data\base.py", line 81, in _gen_data_systems
next(f)
File "D:\Software\python 3.8\lib\codecs.py", line 322, in decode
(result, consumed) = self._buffer_decode(data, self.errors, final)
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xc4 in position 0: invalid continuation byte

数据库问题

原有数据库老旧,导致导出的报告数据有误。
我爬取了官网信息,重建了数据库,漏洞数量为84150,麻烦作者联系我。

报错 大佬求解

2022-01-06 21:51:28,464 - root - INFO - 开始初始化数据
2022-01-06 21:51:28,464 - root - INFO - ---开始读取数据
2022-01-06 21:51:28,478 - root - INFO - ----漏洞种类总数:4
2022-01-06 21:51:28,479 - root - INFO - ----漏洞主机总数:3
2022-01-06 21:51:28,479 - root - INFO - ---开始翻译数据
2022-01-06 21:51:28,483 - root - INFO - ------翻译漏洞总数:1
0, message='Attempt to decode JSON with unexpected mimetype: image/gif', url=URL('http://api.fanyi.baidu.com/api/trans/vip/translate?q=Add+the+attribute+'autocomplete%3Doff'+to+these+fields+to+prevent+browsers+from+caching+credentials.&from=auto&to=zh&salt=54476&sign=bfc8ea7358634cb940b3d53df50xxxx&appid=202201060010xxxxx')
0, message='Attempt to decode JSON with unexpected mimetype: image/gif', url=URL('http://api.fanyi.baidu.com/api/trans/vip/translate?q=Web+Server+Allows+Password+Auto-Completion&from=auto&to=zh&salt=3xxxx3&sign=42ca49b292b3604408a8c2aa2f1xxxxx&appid=20220106001xxxxx‘)
0, message='Attempt to decode JSON with unexpected mimetype: image/gif', url=URL('http://api.fanyi.baidu.com/api/trans/vip/translate?q=The+remote+web+server+contains+at+least+one+HTML+form+field+that+has+an+input+of+type+'password'+where+'autocomplete'+is+not+set+to+'off'.+While+this+does+not+represent+a+risk+to+this+web+server+per+se,+it+does+mean+that+users+who+use+the+affected+forms+may+have+their+credentials+saved+in+their+browsers,+which+could+in+turn+lead+to+a+loss+of+confidentiality+if+any+of+them+use+a+shared+host+or+if+their+machine+is+compromised+at+some+point.&from=auto&to=zh&salt=38xxx&sign=b338b0e604d5c821d06fcd80c74xxxxx&appid=2022010xxxxxxxxx')
Traceback (most recent call last):
File "C:\Users\feel3\Desktop\NessusToReport-master\main.py", line 45, in
h = Handle(args.docxtype)
File "C:\Users\feel3\Desktop\NessusToReport-master\modle\handle.py", line 57, in init
TranBaidu(self.LOOPHOLES).run()
File "C:\Users\feel3\Desktop\NessusToReport-master\modle\common\translate\base.py", line 105, in run
for plugin_id, type_cn, resinfo in cn_resinfos:
TypeError: cannot unpack non-iterable NoneType object

loops_error SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)

{
    "187315": {
        "name_en": "SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)",
        "name_cn": "远程 SSH 服务器容易受到 mitm 前缀截断攻击。",
        "risk_en": "Medium",
        "risk_cn": "中危",
        "describe_en": "The remote SSH server is vulnerable to a man-in-the-middle prefix truncation weakness known as Terrapin. This can allow a remote, man-in-the-middle attacker to bypass integrity checks and downgrade the connection's security. Note that this plugin only checks for remote SSH servers that support either ChaCha20-Poly1305 or CBC with Encrypt-then-MAC and do not support the strict key exchange countermeasures. It does not check for vulnerable software versions.",
        "describe_cn": "远程 SSH 服务器容易受到称为 Terrapin 的中间人前缀截断弱点的攻击。远程中间人攻击者可利用此漏洞,绕过完整性检查并降低连接的安全性。",
        "solution_en": "Contact the vendor for an update with the strict key exchange countermeasures or disable the affected algorithms.",
        "solution_cn": "请注意,此插件仅检查支持 ChaCha20-Poly1305 或使用 Encrypt-then-MAC 的 CBC 的远程 SSH 服务器,且不支持严格的密钥交换对策。此插件不会检查易受攻击的软件版本。",
        "cve": "CVE-2023-48795"
    }
}

百度翻译

百度翻译的api配置示例并没有在config中写出来啊

主机开放端口列表功能请求

作者大佬可否在项目中添加一份功能:
导出漏扫csv文件中的主机开放端口列表,不同的端口用 ,号隔开。
效果如下图所示:
image

添加百度API后报错

Traceback (most recent call last):
File "D:\渗透测试工具\Nessus\main.py", line 34, in
from modle.handle import Handle
File "D:\渗透测试工具\Nessus\modle\handle.py", line 36, in
from modle.data.loops import DataLoops
File "D:\渗透测试工具\Nessus\modle\data\loops.py", line 30, in
from IPy import IP
ModuleNotFoundError: No module named 'IPy'

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.