Dotfiles/bin/.bin/nessusComplianceFilter

#!/usr/bin/env bash

die(){
	echo "$@" > /dev/stderr
	exit 1
}

printhelp(){
	echo "Nessus Compliance Filter"
	echo "This command should be given a nessus xml file on stdin"
	echo "Stdout will contain a tsv file for each compliance issue (not pass)"
	echo "Positional Arguments can be given and each will regex match the Check Name"
	echo ""
	echo "e.g."
	echo "cat example.nessus | nessusComplianceFilter \"^18.\" \"Defender\""
	echo "will output a tsv containing all failures (or warnings) that start with '18.' and contain the word 'Defender'"
	echo ""
	echo "It has been built with extensability in mind. It should work well with other unix-y tools"
	echo ""
	echo "e.g. Only show the name and ip addresses grouped"
	echo "cat example.nessus | nessusComplianceFilter | awk awk -F \$'\t' 'NR>1{arr[\$1] = arr[\$1] \$6 \", \"}END{for (a in arr) print a \"\\t\" arr[a]}'"

	exit 0
}

type -p xq >/dev/null || die -e "You need to install xq\nhttps://github.com/kislyuk/yq"

[ "$1" = "-h" ] && printhelp

filters=""

while [ "$#" -gt 0 ]; do
	filters="$filters | select( .\"cm:compliance-check-name\" | test(\"$1\"))"
	shift
done

echo  "Compliance Check	Compliance Result	Profile	Current	Expected	IP"
cat - | xq -r ".NessusClientData_v2.Report.ReportHost | if (. | type == \"array\") then .[] else . end |
	(.ReportItem[] + {ip:.\"@name\"}) |
	select(.compliance == \"true\") |
	select(.\"cm:compliance-result\" != \"PASSED\") $filters |
	[.\"cm:compliance-check-name\", .\"cm:compliance-result\", ( .\"cm:compliance-audit-file\" | match(\"L(evel_)?[12]\").string | sub(\"_\";\" \") | sub(\"L1\"; \"Level 1\") | sub(\"L2\"; \"Level 2\") ), .\"cm:compliance-actual-value\", .\"cm:compliance-policy-value\", .ip]
	| @tsv" | sort -V
Bin: Adds nessus compliance filter 3 years ago			`#!/usr/bin/env bash`

			`die(){`
			`echo "$@" > /dev/stderr`
			`exit 1`
			`}`

			`printhelp(){`
			`echo "Nessus Compliance Filter"`
			`echo "This command should be given a nessus xml file on stdin"`
			`echo "Stdout will contain a tsv file for each compliance issue (not pass)"`
			`echo "Positional Arguments can be given and each will regex match the Check Name"`
			`echo ""`
			`echo "e.g."`
			`echo "cat example.nessus \| nessusComplianceFilter \"^18.\" \"Defender\""`
			`echo "will output a tsv containing all failures (or warnings) that start with '18.' and contain the word 'Defender'"`
Bin: NessusComplianceFilter: add to help After talking to Scot, I thought it may be helpful to add an example awk command for grouping rows. In the example added, awk will show only the compliance name, along with a comma seperated list of ip addresses 2 years ago			`echo ""`
			`echo "It has been built with extensability in mind. It should work well with other unix-y tools"`
			`echo ""`
			`echo "e.g. Only show the name and ip addresses grouped"`
			`echo "cat example.nessus \| nessusComplianceFilter \| awk awk -F \$'\t' 'NR>1{arr[\$1] = arr[\$1] \$6 \", \"}END{for (a in arr) print a \"\\t\" arr[a]}'"`

Bin: Adds nessus compliance filter 3 years ago			`exit 0`
			`}`

			`type -p xq >/dev/null \|\| die -e "You need to install xq\nhttps://github.com/kislyuk/yq"`

			`[ "$1" = "-h" ] && printhelp`

			`filters=""`

			`while [ "$#" -gt 0 ]; do`
			`filters="$filters \| select( .\"cm:compliance-check-name\" \| test(\"$1\"))"`
			`shift`
			`done`

BIN: nessusComplianceFilter: various improvements 3 years ago			`echo "Compliance Check Compliance Result Profile Current Expected IP"`
			`cat - \| xq -r ".NessusClientData_v2.Report.ReportHost \| if (. \| type == \"array\") then .[] else . end \|`
			`(.ReportItem[] + {ip:.\"@name\"}) \|`
			`select(.compliance == \"true\") \|`
			`select(.\"cm:compliance-result\" != \"PASSED\") $filters \|`
			`[.\"cm:compliance-check-name\", .\"cm:compliance-result\", ( .\"cm:compliance-audit-file\" \| match(\"L(evel_)?[12]\").string \| sub(\"_\";\" \") \| sub(\"L1\"; \"Level 1\") \| sub(\"L2\"; \"Level 2\") ), .\"cm:compliance-actual-value\", .\"cm:compliance-policy-value\", .ip]`
			`\| @tsv" \| sort -V`