#!/usr/bin/python import sys, time, telnetlib, string, os #### # PROBLEM: Nessus stores a static list of plugins to use for a particular # scan in the .nessusrc file on the client (one line for every plugin). Since # the plugins on the nessusd server are updated almost daily, a client's # .nessusrc file can become very out-of-date very quickly. Currently, the only # way to re-create an updated .nessusrc file is to run the Nessus GUI client. # This is not good for a number of scenarios, like machines without a GUI # environment or doing unattended scans (i.e., from cron). # # SOLUTION: This script will connect to a nessusd server and dump its plugin # list. We will then enable/disable groups of plugins based on their family # and write an up-to-date .nessusrc file for the plugins currently available # on the nessusd server. This script also supports automatically # enabling/disabling plugins classified as "dangerous." # # This script has been tested on Linux and Mac OS X, using Nessus releases # through 2.0.x. # # *** Thank you to the entire Nessus team for all their hard work! *** # # This script is Copyright (C) 2002, 2003, Jay Jacobson # # # *** Sponsored by Edgeos - http://www.edgeos.com *** # == == == == == == == == == == == == == == == == == == == == == == == == == # # External vulnerability assessments (VAs) are a necessary part of your # business. You need to do them for every customer and every engagement. # However, performing a complete audit, then creating all the documentation # and reports is very time consuming and labor intensive. Use Edgeos' Vendor # Services program to automate all your VA functions, start to finish. # # * Cut costs by 10X and decrease time 500%. # * Zero maintenance - fully managed service. # * Increase customer value with more frequent VAs. # * Detailed 'private-label' and customized reports. # # Please take a look at Edgeos' services: http://www.edgeos.com # # == == == == == == == == == == == == == == == == == == == == == == == == == #### ############################################################################## #### #### # Start the configuration section. Define the variables (defaults) below, or # # specify them on the command-line when you call this script. If you do not # # use any command-line flags, this script will use all the defaults below. # # To see usage information, call this script with the "--help" option. # #### #### ############################################################################## # Name or IP of Nessus server (running nessusd) to get plugins from. #### NessusServer = '10.28.1.141' # The TCP port number that the above nessusd server is listening on. # Probably 1241. #### NessusPort = 1241 # Exact NTP version string, as specified in the NTP docs. Probably stick # with the default. #### NTPversion = '< NTP/1.2 >' # The username that you use to connect to the nessusd server. #### NessusUser = 'pefcu' # The password for the above username to connect to the nessusd server. #### NessusPass = '07069' # The major version number of your nessusd server. This must be *exactly* # one of the following: '1.0' or '1.2' or '2.0'. This will determine how we # write plugins in the .nessusrc file (names or ID#'s) and if we use # plain-text telnet or use the nessus CLI client to connect to the server. #### NessusdVer = '2.0' # Name and path of the .nessusrc file that this script will create and output. #### rcFile = '/root/.nessusrc' # Enable plugins classified dangerous (plugins in the ACT_DESTRUCTIVE_ATTACK, # ACT_KILL_HOST, or ACT_DENIAL categories). This must be either 'yes' or 'no' # (case and syntax must be exact). #### EnableDanger = 'yes' #### # Must be either 'yes' or 'no' -- case and syntax must be exact # # Select which families of plugins to activate in the .nessusrc file. All # plugins from the selected family will be activated. #### FamBackdoor = 'yes' # Backdoors FamCGI = 'yes' # CGI Abuses FamCISCO = 'yes' # CISCO FamDefault = 'yes' # Default Unix Accounts FamDoS = 'yes' # Denial of Service FamFinger = 'yes' # Finger Abuses FamFirewall = 'yes' # Firewalls FamFTP = 'yes' # FTP FamShell = 'yes' # Gain a Shell Remotely FamRoot = 'yes' # Gain Root Remotely FamGeneral = 'yes' # General FamMisc = 'yes' # Misc FamNIS = 'yes' # NIS FamNetware = 'yes' # Netware FamScan = 'yes' # Port Scanners FamFile = 'yes' # Remote File Access FamRPC = 'yes' # RPC FamSettings = 'yes' # Settings FamSMTP = 'yes' # SMTP Problems FamSNMP = 'yes' # SNMP FamUntested = 'yes' # Untested FamUseless = 'yes' # Useless Services FamWindows = 'yes' # Windows FamWinUser = 'yes' # Windows : User management #### # Here we'll gather additional text to be added both before and after the # generated plugin set to the final .nessusrc file. This is necessary because # this script is focused on *only* updating the plugin sets and a complete # .nessusrc file requires other stuff in it too. You can probably just # cut-n-paste the sections of your Nessus-GUI-created .nessusrc file into # the files listed here. #### ## # Stuff to put at the beginning of the generated plugin set. Probably just # cut-n-paste from your Nessus-GUI-created .nessusrc file. The last line of # this section should be: # begin(PLUGIN_SET) HeaderFile = '/path/to/header/text' ## # Stuff to put at the end of the generated plugin set. Probably just # cut-n-paste from your Nessus-GUI-created .nessusrc file. The first line of # this section should be: # end(PLUGIN_SET) FooterFile = '/path/to/footer/text' ############################################################################## #### #### # This is the end of the configuration section. There is nothing good below. # #### #### ############################################################################## if "--help" in sys.argv or "-h" in sys.argv: print """ USAGE: You can either specify all the otpions with many command-line flags or you can edit the update-nessusrc.py script and change the defaults. For any options that you do not specify command-line flags, the default value for that option will be used. For more information and details about any of these flags, check out the script source code. It is heavily commented with explanations of each option. update-nessusrc.py [-h] [-s server] [-p port] [-n ntp_string] [-u username] [-a password] [-v version] [-o filename] [-d yes||no] [-g filename] [-f filename] [-fbdr yes||no] [-fcgi yes||no] [-fsco yes||no] [-fdft yes||no] [-fdos yes||no] [-ffgr yes||no] [-ffrw yes||no] [-fftp yes||no] [-fshl yes||no] [-frot yes||no] [-fgen yes||no] [-fmsc yes||no] [-fnis yes||no] [-fnwr yes||no] [-fscn yes||no] [-ffil yes||no] [-frpc yes||no] [-fset yes||no] [-fstp yes||no] [-fsnp yes||no] [-futs yes||no] [-fusl yes||no] [-fwin yes||no] [-fwum yes||no] CONFIGURATION FLAGS: -h Help. Display this usage information. -s server The nessusd server to connect to -p port The TCP port nessusd is listening on (1241) -n ntp_string The NTP version string to use with the server (< NTP/1.2 >) -u username The username to connect to nessusd -a password The password for the username to connect to nessusd -v version The major version of nessusd. Accepts '1.2' or '2.0' (2.0) -o filename Path and name of the output file to create (/tmp/.nessusrc) -d yes||no Enable dangerous plugins? Accepts 'yes' or 'no' (yes) -g filename Path and name of the .nessusrc header file (see the README) -f filename Path and name of the .nessusrc footer file (see the README) PLUGIN FAMILY FLAGS: -fbdr yes||no Backdoors family of plugins to be enabled? (yes) -fcgi yes||no CGI Abuses family of plugins to be enabled? (yes) -fcso yes||no CISCO family of plugins to be enabled? (yes) -fdft yes||no Default UNIX Accounts family of plugins to be enabled? (yes) -fdos yes||no Denial of Service family of plugins to be enabled? (yes) -ffgr yes||no Finger Abuses family of plugins to be enabled? (yes) -ffrw yes||no Firewalls family of plugins to be enabled? (yes) -fftp yes||no FTP family of plugins to be enabled? (yes) -fshl yes||no Gain a Shell Remotely family of plugins to be enabled? (yes) -frot yes||no Gain Root Remotely family of plugins to be enabled? (yes) -fgen yes||no General family of plugins to be enabled? (yes) -fmsc yes||no Misc. family of plugins to be enabled? (yes) -fnis yes||no NIS family of plugins to be enabled? (yes) -fnwr yes||no Netware family of plugins to be enabled? (yes) -fscn yes||no Port Scanners family of plugins to be enabled? (yes) -ffil yes||no Remote File Access family of plugins to be enabled? (yes) -frpc yes||no RPC family of plugins to be enabled? (yes) -fset yes||no Settings family of plugins to be enabled? (yes) -fstp yes||no SMTP Problems family of plugins to be enabled? (yes) -fsnp yes||no SNMP family of plugins to be enabled? (yes) -futs yes||no Untested family of plugins to be enabled? (yes) -fusl yes||no Useless Services family of plugins to be enabled? (yes) -fwin yes||no Windows family of plugins to be enabled? (yes) -fwum yes||no Windows : User Mgmt family of plugins to be enabled? (yes) """ sys.exit() ## # Check for all the options specified on the command-line. If any were given, # use their values to override the defaults above. # NessusServer Opt_Flag = "-s" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NessusServer = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # NessusPort Opt_Flag = "-p" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NessusPort = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # NTPversion Opt_Flag = "-n" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NTPversion = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # NessusUser Opt_Flag = "-u" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NessusUser = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # NessusPass Opt_Flag = "-a" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NessusPass = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # NessusdVer Opt_Flag = "-v" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NessusdVer = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # rcFile Opt_Flag = "-o" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": rcFile = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # EnableDanger Opt_Flag = "-d" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": EnableDanger = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # NessusServer Opt_Flag = "-s" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": NessusServer = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # HeaderFile Opt_Flag = "-g" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": HeaderFile = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FooterFile Opt_Flag = "-f" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FooterFile = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamBackdoor Opt_Flag = "-fbdr" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamBackdoor = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamCGI Opt_Flag = "-fcgi" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamCGI = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamCISCO Opt_Flag = "-fcso" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamCISCO = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamDefault Opt_Flag = "-fdft" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamDefault = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamDoS Opt_Flag = "-fdos" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamDoS = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamFinger Opt_Flag = "-ffgr" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamFinger = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamFirewall Opt_Flag = "-ffrw" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamFirewall = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamFTP Opt_Flag = "-fftp" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamFTP = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamShell Opt_Flag = "-fshl" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamShell = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamRoot Opt_Flag = "-frot" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamRoot = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamGeneral Opt_Flag = "-fgen" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamGeneral = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamMisc Opt_Flag = "-fmsc" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamMisc = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamNIS Opt_Flag = "-fnis" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamNIS = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamNetware Opt_Flag = "-fnwr" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamNetware = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamScan Opt_Flag = "-fscn" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamScan = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamFile Opt_Flag = "-ffil" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamFile = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamRPC Opt_Flag = "-frpc" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamRPC = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamSettings Opt_Flag = "-fset" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamSettings = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamSMTP Opt_Flag = "-fstp" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamSMTP = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamSNMP Opt_Flag = "-fsnp" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamSNMP = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamUntested Opt_Flag = "-futs" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamUntested = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamUseless Opt_Flag = "-fusl" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamUseless = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamWindows Opt_Flag = "-fwin" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamWindows = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" # FamWinUser Opt_Flag = "-fwum" Got_Opt = "no" if Opt_Flag in sys.argv: for Input_Arg in sys.argv[0:]: if Got_Opt == "yes": FamWinUser = Input_Arg break if cmp(Input_Arg, Opt_Flag) == 0: Got_Opt = "yes" ## # Create the HeaderText array f=open(HeaderFile, 'r') HeaderText = f.readlines() f.close() ## # If EnableDanger is not 'yes', then force safe_checks to be turned on. if EnableDanger != "yes" and HeaderText.count(" safe_checks = no\n") > 0: HeaderText.insert(HeaderText.index(" safe_checks = no\n"), " safe_checks = yes\n") HeaderText.remove(" safe_checks = no\n") ## # Create the FooterText array f=open(FooterFile, 'r') FooterText = f.readlines() f.close() ## # Open the new .nessusrc file and write the HeaderText f=open(rcFile, 'w') for line in HeaderText [0:]: f.write(line) ## # Connect to the nessusd server if NessusdVer == "2.0": client = os.popen("/usr/local/bin/nessus -q -p %s %s %s %s" % (NessusServer, NessusPort, NessusUser, NessusPass)) ServerDump = client.read() client.close() ServerString = string.split(ServerDump, "\n") KillLines = 3 else: tn = telnetlib.Telnet(NessusServer, NessusPort) ## # Send the login information tn.write(NTPversion + "\n") tn.read_until("User : ", 10) tn.write(NessusUser + "\n") tn.read_until("Password : ", 10) tn.write(NessusPass + "\n") ## # Read until end of nessusd plugin list or 300 seconds ServerDump = tn.read_until("<|> SERVER\n", 300) ServerString = string.split(ServerDump, "\n") KillLines = 1 ## # Assign the nessusd version to the array position to use. For version 1.0, # we'll use element [1] in the array, which is the plugin ID#. For all other # versions, we'll use element [0] in the array, which is the plugin name. if NessusdVer == "1.0": PlugName = 1 else: PlugName = 0 ## # Kill the very first and last few lines - they are just statements from # nessusd. Process all the other lines... for line in ServerString [KillLines:-2]: if NessusdVer == "2.0": RawPlugin = string.split(line, "|") LineCat = string.lower(RawPlugin [3]) LineFam = string.lower(RawPlugin [1]) else: RawPlugin = string.split(line, " <|> ") LineCat = string.lower(RawPlugin [2]) LineFam = string.lower(RawPlugin [6]) # If the plugin is categorized as dangerous, and EnableDanger is NOT 'yes', then # disable that plugin... if EnableDanger != "yes" and (LineCat == "destructive_attack" or LineCat == "kill_host" or LineCat == "denial"): f.write(' ' + RawPlugin [PlugName] + ' = no\n') else: if LineFam == "backdoors" and FamBackdoor == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "backdoors": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "cgi abuses" and FamCGI == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "cgi abuses": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "cisco" and FamCISCO == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "cisco": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "default unix accounts" and FamDefault == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "default unix accounts": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "denial of service" and FamDoS == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "denial of service": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "finger abuses" and FamFinger == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "finger abuses": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "firewalls" and FamFirewall == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "firewalls": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "ftp" and FamFTP == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "ftp": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "gain a shell remotely" and FamShell == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "gain a shell remotely": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "gain root remotely" and FamRoot == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "gain root remotely": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "general" and FamGeneral == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "general": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "misc." and FamMisc == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "misc.": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "nis" and FamNIS == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "nis": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "netware" and FamNetware == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "netware": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "port scanners" and FamScan == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "port scanners": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "remote file access" and FamFile == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "remote file access": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "rpc" and FamRPC == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "rpc": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "settings" and FamSettings == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "settings": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "smtp problems" and FamSMTP == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "smtp problems": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "snmp" and FamSNMP == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "snmp": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "untested" and FamUntested == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "untested": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "useless services" and FamUseless == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "useless services": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "windows" and FamWindows == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "windows": f.write(' ' + RawPlugin [PlugName] + ' = no\n') if LineFam == "windows : user management" and FamWinUser == "yes": f.write(' ' + RawPlugin [PlugName] + ' = yes\n') elif LineFam == "windows : user management": f.write(' ' + RawPlugin [PlugName] + ' = no\n') ## # Write the FooterText and close the file for line in FooterText [0:]: f.write(line) f.close() ## # Close the connection to the nessusd server if NessusdVer != "2.0": tn.close() ######### ## EOF ## #########