How to merge multiple (dot) Nessus 5 XML files into a single report.

0

On a recent engagement I needed to merge several Nessus files into a single main file for easier reporting and data mining. I was able to find a few general instructions on the Tenable site, however none of them worked as stated. I wanted to do a quick write-up on how to perform the merge in case someone else runs into this down the road. I also made this write-up using a simple command to merge the files together. I found it impossible to copy/paste the data from one file to another after about 35000 lines of XML have been reached.

Background:
All Nessus scan files are comprised of XML data. You can open and edit these files easily in just about any text editor. I do not recommend using notepad as it will typically bunch everything together and be hard to work with. I like to use Notepad++. If you do not have it installed already you can find it here: http://notepad-plus-plus.org/

First you need to export your scans to a <scanname>.nessus file. You can easily do this using the “Download” button on the main Nessus panel. When I perform this merge I drop the file temporarily into the root of your drive as you will be performing a command operation later. You should now have three Nessus scan files for example.

Nessus report files in windows explorer

 

Next you will need to open each file to make some changes.

  • First file remove the following XML code at the end of the file:
    • </Report>
    • </NessusClientData_v2>
  • Save and close the file.
  • The second file we will remove two sections of code. The first part will be the first ~900 lines of code.
    • Open the file and perform a search for “<Report name=”
      • Highlight this line and everything above it to the beginning of the document. Delete this content.
    • Move to the end of the document and remove the following lines of code:
      • </Report>
      • </NessusClientData_v2>
    • Save and close this file.
  • On the third file we will be removing the first portion of the XML only.
    • Open the file and perform a search for “<Report name=”
      • Highlight this line and everything above it to the beginning of the document. Delete this content.

Report name section

    • Save and close this file.

You should now have three scan reports. The first has the last two lines of code removed. The second has the first portion and the last two lines of code removed. (Repeat this part if you have more than just three reports) The third with only the first section removed. 

Now to merge the files together. I am performing this in Windows so I will be using a simple one line command. If you are on a different platform you will have to slightly tweak the command to work for your system.

  • Open a command prompt
  • Navigate to the folder you stored the .nessus report files.
  • Execute the following command:
    • copy /b <report1>.nessus+<report2>.nessus+<report3>.nessus nessus_report_merged.nessus
      • The copy command is used to perform the merge
      • The /b means you are merging binary files. I drop this in just in case.
      • The file names are then input with “+” signs to join them in a string. If your file names have spaces you will need to surround them with quote marks followed by the plus symbol. Order the files from first to last as that is how they will be merged together.
      • Finally enter a single space followed by the name of the file you wish to call the output. Note you will need to include the .nessus extension to the file.

Merging Nessus reports using windows command line.

Now that this has completed you can use the “Upload Report” button in Nessus to add the report back onto the Nessus Server. Simply browse to the merged file and follow the prompts to upload it. The report will now be visible on your Nessus server under the “Reports” tab.

Please note that merging several large scans into a single file can create some problems during the upload. I have successfully uploaded >100mb scan files before, however it only seems to succeed on the upload on some machines. You may encounter this and have to either upload the report to a computer with more power, on a different platform (*nix vs. windows), or reduce the file size by merging less reports.

Please feel free to provide any feedback you may have on this. If you have any other recommended methods let me know and I will add them in as well. (First blog post :o)

Leave a comment


Name*

Email(will not be published)*

Website

Your comment*

Submit Comment

 

© Copyright Ryker's Blog - Theme by Pexeto