Mailing List Archive

Depending on the output of your scans, if you do the nbe (I use this
one), you can search through looking for the following:
|192.168.10.1|
That should only find results of that IP address. I'm sure there are
other ways.

Brock

-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Daniel Peck
Sent: Wednesday, November 26, 2008 2:26 PM
To: nessus@list.nessus.org
Subject: Filtering by host/ip

Hi everyone, new to the list but have been a user of nessus for quite
some time.

Recently did some rather large scans and my clients would like to have
reports provided by individual IP or with all IPs in a single report.
This is based on quite a few scans over a few different subnets, and
filtering by IP doesn't do what I need it to since it string matches, so
filtering for "192.168.10.1" also give me .10 and .100 in the results.

Is there a good/quick way to accomplish either of these without doing
some development myself?

Thanks,
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Daniel Peck wrote:
> Hi everyone, new to the list but have been a user of nessus for quite
> some time.
>
> Recently did some rather large scans and my clients would like to have
> reports provided by individual IP or with all IPs in a single report.
> This is based on quite a few scans over a few different subnets, and
> filtering by IP doesn't do what I need it to since it string matches, so
> filtering for "192.168.10.1" also give me .10 and .100 in the results.
>
> Is there a good/quick way to accomplish either of these without doing
> some development myself?
>


Hi Daniel,

The Nessus Client does not aggregate multiple scans into one report nor
does it offer this type of customized reporting.

Offering your customer the raw reports which you performed by subnet,
will list each IP address in order for that subnet.

If your customer has access to the Security Center, you can load .nessus
files into it and generate a report like the one you are asking for.

Ron Gula


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Well thats pretty much what I had gathered, so unix to the rescue.

Exported my scans to nsr format. then

$ for $host in `cat *.nsr | cut -d"|" -f1 | sort | uniq`; do egrep -h
"^$host" *.nsr | sort | uniq > $host.nsr; nessus -i $host.nsr -o
$host.html; done

You could easily modify it to be done by subnet, etc, and build the
reports up however you would like.
Is there a reason why this wouldnt work?

Ron Gula wrote:
> Daniel Peck wrote:
>> Hi everyone, new to the list but have been a user of nessus for quite
>> some time.
>>
>> Recently did some rather large scans and my clients would like to have
>> reports provided by individual IP or with all IPs in a single report.
>> This is based on quite a few scans over a few different subnets, and
>> filtering by IP doesn't do what I need it to since it string matches, so
>> filtering for "192.168.10.1" also give me .10 and .100 in the results.
>>
>> Is there a good/quick way to accomplish either of these without doing
>> some development myself?
>>
>
>
> Hi Daniel,
>
> The Nessus Client does not aggregate multiple scans into one report nor
> does it offer this type of customized reporting.
>
> Offering your customer the raw reports which you performed by subnet,
> will list each IP address in order for that subnet.
>
> If your customer has access to the Security Center, you can load .nessus
> files into it and generate a report like the one you are asking for.
>
> Ron Gula
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

Daniel Peck wrote:
> Well thats pretty much what I had gathered, so unix to the rescue.
>
> Exported my scans to nsr format. then
>
> $ for $host in `cat *.nsr | cut -d"|" -f1 | sort | uniq`; do egrep -h
> "^$host" *.nsr | sort | uniq > $host.nsr; nessus -i $host.nsr -o
> $host.html; done
>
> You could easily modify it to be done by subnet, etc, and build the
> reports up however you would like.
> Is there a reason why this wouldnt work?

If you scanned the same IPs at all, you might get duplicate results
in your final report. If each IP or subnet you scanned was unique,
you should be fine.

Ron
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus