Dotfiles/bin/.bin/nessusComplianceFilter

#!/usr/bin/env bash

die(){
	echo "$@" > /dev/stderr
	exit 1
}

printhelp(){
	echo "Nessus Compliance Filter"
	echo "This command should be given a nessus xml file on stdin"
	echo "Stdout will contain a tsv file for each compliance issue (not pass)"
	echo "Positional Arguments can be given and each will regex match the Check Name"
	echo ""
	echo "e.g."
	echo "cat example.nessus | nessusComplianceFilter \"^18.\" \"Defender\""
	echo "will output a tsv containing all failures (or warnings) that start with '18.' and contain the word 'Defender'"
	echo ""
	echo "It has been built with extensability in mind. It should work well with other unix-y tools"
	echo ""
	echo "e.g. Only show the name and ip addresses grouped"
	echo "cat example.nessus | nessusComplianceFilter | awk awk -F \$'\t' 'NR>1{arr[\$1] = arr[\$1] \$6 \", \"}END{for (a in arr) print a \"\\t\" arr[a]}'"

	exit 0
}

type -p xq >/dev/null || die -e "You need to install xq\nhttps://github.com/kislyuk/yq"

[ "$1" = "-h" ] && printhelp

filters=""

while [ "$#" -gt 0 ]; do
	filters="$filters | select( .\"cm:compliance-check-name\" | test(\"$1\"))"
	shift
done

echo  "Compliance Check	Compliance Result	Profile	Current	Expected	IP"
cat - | xq -r ".NessusClientData_v2.Report.ReportHost | if (. | type == \"array\") then .[] else . end |
	(.ReportItem[] + {ip:.\"@name\"}) |
	select(.compliance == \"true\") |
	select(.\"cm:compliance-result\" != \"PASSED\") $filters |
	[.\"cm:compliance-check-name\", .\"cm:compliance-result\", ( .\"cm:compliance-audit-file\" | match(\"L(evel_)?[12]\").string | sub(\"_\";\" \") | sub(\"L1\"; \"Level 1\") | sub(\"L2\"; \"Level 2\") ), .\"cm:compliance-actual-value\", .\"cm:compliance-policy-value\", .ip]
	| @tsv" | sort -V