Extracting SSL Ports From Nessus Exports

A simple python script

nessus-extract.py Example Run

During a recent pentest I had a need to extract a large number of SSL ports from Nessus, in order to use a different tool (testssl.sh) to test for SSL vulnerabilities as I suspected Nessus had overlooked some.

Fortunately the .nessus file export is simple XML and thus it was possible to extract SSL locations in the host:port format required by testssl.sh using the below simple Python script.

I also made some changes to make it more dynamic and allow host:port to be extracted from any plugin.

nessus-extract.py

Running nessus-extract.py

The python script takes three options, these can be displayed by running ./nessus-extract.py -h but I’ve included them below as well.

-i INPUTFILE (defaults to nessus.nessus)
-o OUTPUTFILE (defaults to output.txt)
-p PLUGINID (defaults to 10863, SSL Certificate Information Plugin)

Once the extract has completed, it was then just a simple case of using the correct testssl.sh flags to process the text file (the script will remind you of the correct flags), we can also use the --parallel flag to run multiple scans at once.