Updated nessus xml stylesheet

CFW cfw_security at comcast.net
Thu Jan 13 14:55:49 EST 2005 

Good afternoon, all,

    I have attached a zip file containing up an updated .xsl file that 
can be applied to Nessus XML output.  (It is only 6k, so I hope it is 
okay to post to the list).  I have tested it a little here and it seems 
to work okay, but I have not done any extensive testing so I would not 
recommend relying on the output until more validation has been done.  
The major changes are that results are now sorted by IP and by port and 
that there is a listing of machines / ports with each vulnerability at 
the bottom of the output file.  I hope that this is useful to someone.  
I have been applying it with xsltproc.  It gives a couple warnings that 
I don't know how to get rid of, but it works.  Example:

$ xsltproc nessus.xsl outputscan.xml > report.html

    Also, there are a couple things in this stylesheet that I cannot get 
working and I was wondering if anyone else can help.  I don't really 
know much about XSL and all the changes in this file are a result of a 
lot of trial and error over the past couple days.

- I would like the list at the bottom to be sorted Holes first, then 
Warnings, then Info.  Right now, it is sorted alphabetically by 
severity, so you get Holes, then Info, then Warnings.

- I would like to have a link in each issue in the Host listing to the 
bottom listing, basically a "See other hosts with this issue" link.  I 
can't get this to work since I can't find an equivalent to generate-id 
that works with text rather than nodes (basically I need a hash function).

    I am also interested to hear from anyone that has any other 
stylesheets for Nessus output and especially from anyone that knows 
anything about how to integrate Nessus XML output with XML output from 
other tools such as NMap.

    Finally, is there a specification for the Nessus xml output 
anywhere?  I am curious if there is any current (or planned) support for 
comments that can be put in by the person analyzing the results.

    Thanks and have a good day.

Chuck
-------------- next part --------------
A non-text attachment was scrubbed...
Name: updated-nessus-xsl.zip
Type: application/zip
Size: 6176 bytes
Desc: not available
Url : http://mail.nessus.org/pipermail/nessus/attachments/20050113/c4de0df5/attachment.zip

More information about the Nessus mailing list