On Fri, Dec 19, 2003 at 12:34:12PM -0800, [EMAIL PROTECTED] wrote: > The perl script seems to leave out type "HOLE", probably because the > .nsr file doesn't like that "type". I modified the perl script to > include type "HOLE" but then issuing nessus -i session.nsr -o > session.html fails with a "Segmentation Fault (coredump)".
Yes, I see... my script skips over any security holes in session data.
I think the problem arose from the different ways a security hole is
denoted in session data and the NSR format: "HOLE" in the former and
"REPORT" in the latter. Here's a fixed version that should pick up
holes yet avoid segfaulting:
---- snip, snip, snip ----
# Convert from Nessus session data file to NSR output.
#
# updated: 19-Dec-2003, George A. Theall
while (<>) {
chomp;
next unless (/^SERVER <\|> (.+) <\|> SERVER$/);
my @f = split(/ <\|> /, $1);
my $msg;
if ($f[0] eq 'PORT') {
print join("|",
$f[1], # host
$f[2], # port
), "\n";
}
elsif (grep($f[0] eq $_, ('NOTE', 'INFO', 'HOLE'))) {
$f[0] = 'REPORT' if ($f[0] eq 'HOLE');
print join("|",
$f[1], # host
$f[2], # port
$f[4], # plugin id
$f[0], # NOTE|INFO|REPORT
$f[3] # text of report
), "\n";
}
}
---- snip, snip, snip ----
George
--
[EMAIL PROTECTED]
pgp00000.pgp
Description: PGP signature
_______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
