5 Replies Latest reply: Nov 4, 2013 7:11 AM by smithwang RSS

How to generate a HTML/PDF report file from .nessus v2 scan report?

Novice
Visibility: Open to anyone

Hi,

 

I was able to script using Nessus REST API to complete a scan and download a .nessus v2 scan report file. Now I want to get a HTML and PDF format scan report file from my scan results.

I have read many threads on this discussion forums but still have no idea what's the correct way to do so.

 

I tried a couple of ways below, but no has been working so far

1. REST API: /chapter, /file/xslt/download

    I scripted a CLI tool using Python. Looked like /file/xslt/download only returned a HTML file with a download URL. my CLI tool was unable to download the HTML/PDF file directly

 

2. xsltproc

   My questions is, if I have .nessus v2 report file, can I use xsltproc tool to convert to a HTML/PDF file (like export from web GUI)? If so, which XSLT file can I use?

 

Is there any simple way to download or convert a HTML/PDF report file?

 

Thanks,

Peter

  • Re: How to generate a HTML/PDF report file from .nessus v2 scan report?
    Guru

    Peter Wang wrote:

     

    Hi,

     

    I was able to script using Nessus REST API to complete a scan and download a .nessus v2 scan report file. Now I want to get a HTML and PDF format scan report file from my scan results.

    I have read many threads on this discussion forums but still have no idea what's the correct way to do so.

     

    I tried a couple of ways below, but no has been working so far

    1. REST API: /chapter, /file/xslt/download

        I scripted a CLI tool using Python. Looked like /file/xslt/download only returned a HTML file with a download URL. my CLI tool was unable to download the HTML/PDF file directly

     

    2. xsltproc

       My questions is, if I have .nessus v2 report file, can I use xsltproc tool to convert to a HTML/PDF file (like export from web GUI)? If so, which XSLT file can I use?

     

    Is there any simple way to download or convert a HTML/PDF report file?

     

    Thanks,

    Peter

     

    Hey Peter,

     

    Are these posts helpful?:

     

    using api to generate pdf

    what is the correct way to use wget to generate pdf report

     

    Regards,

     

    Dave

    • Re: How to generate a HTML/PDF report file from .nessus v2 scan report?
      Novice

      Hi Dave,

       

      Thank you for kind reply. I tried using wget command to download the report file. Everything seems to be working, however the downloaded file is not report file, it's actually a HTML file with  <title>Formatting the report</title>.

       

      Do you know what could I do wrong there?

       

      Regards,

      Peter

      PS: I use REST API /chapter in the script then call wget command to download the report file.

       

      send: 'POST /chapter HTTP/1.1\r\nHost: seo-test3-2:8834\r\nAccept-Encoding: identity\r\nContent-Length: 162\r\nCookie: token=d4a2436d70cde321a2ebd779c24cf91ca152a6a7ad378ef7\r\nContent-type: application/x-www-form-urlencoded\r\nAccept: text/plain\r\n\r\nreport=a357a27b-eb0c-f152-a25c-4010a9bc356de716ac707466ebae&chapters=compliance%3Bcompliance_exec%3Bvuln_by_host%3Bvuln_by_plugin%3Bvuln_hosts_summary&format=html'

      reply: 'HTTP/1.1 200 OK\r\n'

      header: Date: Thu, 31 Oct 2013 16:04:12 GMT

      header: Server: NessusWWW

      header: Connection: close

      header: Expires: Thu, 31 Oct 2013 16:04:12 GMT

      header: Content-Length: 1764

      header: Content-Type: text/html

      header: X-Frame-Options: DENY

      header: Cache-Control:

      header: Expires: 0

      header: Pragma :

      200 OK

      response <!doctype html>

      <html>

        <head>

          <meta charset="utf-8">

          <title>Formatting the report</title><meta http-equiv="refresh" content="5;url=/file/xslt/download/?fileName=nessus-scan-report-172.18.190.116-311525_uam64i.html">

       

        </head>

        <body bgcolor="#425363">

        <link type="text/css" href="jqueryui18.css" rel="stylesheet" />

                      <script type="text/javascript" src="jqueryui18.js"></script>

      <div id="main"></div>

       

      ....

       

      wget --no-check-certificate --post-data='token=d4a2436d70cde321a2ebd779c24cf91ca152a6a7ad378ef7&step=5&fileName=nessus-scan-report-172.18.190.116-311525_uam64i.html' https://seo-test3-2:8834/file/xslt/download -O nessus-scan-report-172.18.190.116-311525_uam64i.html

      • Re: How to generate a HTML/PDF report file from .nessus v2 scan report?
        Guru

        Hey Peter,

         

        This was something I posted in another discussions thread but I will admit it took me over 30 minutes trying to find it on the discussions forum:

         

        Successful sequence of wget operations:

         

        wget --no-check-certificate --post-data 'login=mylogin&password=mypwd' https://10.0.0.15:8834/login -O -

         

        wget --post-data "token=ca9561201e1f0f2626b8491b4b354932280642e7adc24f42" --no-check-certificate https://10.0.0.15:8834/report/list -O -

         

        wget --no-check-certificate --post-data 'chapters=vuln_hosts_summary&format=pdf&report=fb59e3db-24c6-1186-771e-b59ded3a592154b7a0124e6eebd9&token=ca9561201e1f0f2626b8491b4b354932280642e7adc24f42' https://10.0.0.15:8834/chapter -O -

         

        wget --no-check-certificate --post-data 'token=ca9561201e1f0f2626b8491b4b354932280642e7adc24f42&fileName=10.0.0.200_s9wqyp.pdf&step=2' https://10.0.0.15:8834/file/xslt/download -O testdb.pdf

         

        Note, there's actually two final wget calls that are responsible for building and retrieving the PDF report. Obviously in automating all this you need to be keeping track of token, report reference (got from /report/list) and filename which it looks like you have handled already. Filename being passed between the final two wget calls - the third generating it, the final consuming it.

         

        As a suggestion, try running through the sequence above, the 4 calls, a couple of times and then turning back to your code which is automating it.

         

        API work is complex isn't it - it seems easy when you are focussed on it all the time, like I've been in the past, but when you are working with multiple technologies/platforms and doing programming, security and networking all at a deep technical level its challenging - the number of times now I've come across the same acronyms in different IT areas meaning completely different things is really, really annoying :-)

         

        Regards,

         

        Dave

  • Re: How to generate a HTML/PDF report file from .nessus v2 scan report?
    jedi Expert

    xsltproc /opt/nessus/var/nessus/www/html.xsl myfile.nessus > myfile.html

     

    used to work, not sure it does with 5.x though