Script to enhance Nexpose Simple XML output
I have installed and been playing around with Nexpose on BT recently, and it's quite nice. Also, started utilizing the ability to scan from within msfconsole which is pretty cool too. After messing with it for a while I found myself looking for a report that displayed the results by IP address and not by vulnerability like the canned audit report does. Now, I have the ability to dump the ability to dump the scan results into the Nexpose Simple XML format(this is actually the only output you can get when running it from msfconsole), but as it's name states it's very simple....no real details about the vulnerability past the Nexpose some-what cryptic id for the vulns.
So, I played around with the API they have available and came up with a ruby script that parses the Simple XML format and replaces each vulnerability node with detailed vulnerability information. I then created an xsl style sheet for the new detailed xml format to make it look nice and pretty in a browser (if you click on the vulnerability name it shows the details in a pop-up window) . The code for the APIClient class was taken (for the most part) directly from the API documentation. It handles initialization, login, retrieving the vuln details, and log out. The "MAIN" section does the parsing and replacement with REXML.
Here are the links to the script and the style sheet:
I've also put together a how-to for installing/using Nexpose from BackTrack if you haven't played around with it yet.
to use the script, you have to specify the following options:
-x FILE (original xml file0
-o FILE (output file location/name)
-i IP ADDRESS (IP of the nexpose client, usually 127.0.0.1)
Here's an example:
ruby ns_updatexml.rb -x scanresults.xml -o updatedfile.xml -i 127.0.0.1 -u nxadmin -p mypassword
Just make sure the xml document is in the same directory as the xsl file (or modify the location in the xml file/script) and open the xml file in a web browser. As always, any feedback is welcome.