Dotfiles/bin/.bin/nessusComplianceFilter
Jonathan Hodgson fa8fc5787d Bin: NessusComplianceFilter: add to help
After talking to Scot, I thought it may be helpful to add an example awk
command for grouping rows. In the example added, awk will show only the
compliance name, along with a comma seperated list of ip addresses
2022-07-20 11:11:51 +01:00

43 lines
1.7 KiB
Bash
Executable file

#!/usr/bin/env bash
die(){
echo "$@" > /dev/stderr
exit 1
}
printhelp(){
echo "Nessus Compliance Filter"
echo "This command should be given a nessus xml file on stdin"
echo "Stdout will contain a tsv file for each compliance issue (not pass)"
echo "Positional Arguments can be given and each will regex match the Check Name"
echo ""
echo "e.g."
echo "cat example.nessus | nessusComplianceFilter \"^18.\" \"Defender\""
echo "will output a tsv containing all failures (or warnings) that start with '18.' and contain the word 'Defender'"
echo ""
echo "It has been built with extensability in mind. It should work well with other unix-y tools"
echo ""
echo "e.g. Only show the name and ip addresses grouped"
echo "cat example.nessus | nessusComplianceFilter | awk awk -F \$'\t' 'NR>1{arr[\$1] = arr[\$1] \$6 \", \"}END{for (a in arr) print a \"\\t\" arr[a]}'"
exit 0
}
type -p xq >/dev/null || die -e "You need to install xq\nhttps://github.com/kislyuk/yq"
[ "$1" = "-h" ] && printhelp
filters=""
while [ "$#" -gt 0 ]; do
filters="$filters | select( .\"cm:compliance-check-name\" | test(\"$1\"))"
shift
done
echo "Compliance Check Compliance Result Profile Current Expected IP"
cat - | xq -r ".NessusClientData_v2.Report.ReportHost | if (. | type == \"array\") then .[] else . end |
(.ReportItem[] + {ip:.\"@name\"}) |
select(.compliance == \"true\") |
select(.\"cm:compliance-result\" != \"PASSED\") $filters |
[.\"cm:compliance-check-name\", .\"cm:compliance-result\", ( .\"cm:compliance-audit-file\" | match(\"L(evel_)?[12]\").string | sub(\"_\";\" \") | sub(\"L1\"; \"Level 1\") | sub(\"L2\"; \"Level 2\") ), .\"cm:compliance-actual-value\", .\"cm:compliance-policy-value\", .ip]
| @tsv" | sort -V