During a recent pentest I had a need to extract a large number of SSL ports from Nessus, in order to use a different tool (testssl.sh) to test for SSL vulnerabilities as I suspected Nessus had overlooked some.
Fortunately the .nessus file export is simple XML and thus it was possible to extract SSL locations in the host:port
format required by testssl.sh using the below simple Python script.
I also made some changes to make it more dynamic and allow host:port to be extracted from any plugin.
Running nessus-extract.py
The python script takes three options, these can be displayed by running ./nessus-extract.py -h
but I’ve included them below as well.
-i INPUTFILE (defaults to nessus.nessus)
-o OUTPUTFILE (defaults to output.txt)
-p PLUGINID (defaults to 10863, SSL Certificate Information Plugin)
Once the extract has completed, it was then just a simple case of using the correct testssl.sh flags to process the text file (the script will remind you of the correct flags), we can also use the --parallel
flag to run multiple scans at once.