-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathGet-NessusOutdatedSoftware.ps1
More file actions
136 lines (123 loc) · 6.49 KB
/
Get-NessusOutdatedSoftware.ps1
File metadata and controls
136 lines (123 loc) · 6.49 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
Function Get-NessusOutdatedSoftware {
param($NessusFile,$ConsolidateCVEAfter=99999,[switch]$IncludeMSBulletins)
begin
{
$NessusXML = New-Object Xml
$NessusXML.Load((Convert-Path $NessusFile))
#[xml]$NessusXML = [System.IO.File]::ReadAllLines((Resolve-Path $NessusFile).Path)
$NessusSoft = $NessusXML.NessusClientData_v2.Report.ReportHost.ReportItem | ?{ ($_.'plugin_output' -like '*Reported version*' -or $_.'plugin_output' -like '*installed version*') -and [int]$_.severity -gt 0 }
if(-not $IncludeMSBulletins)
{
$NessusSoft = $NessusSoft | ?{ $_.pluginName -notmatch '^MS\d{2}-\d{3}(\s:|:)' }
}
if(-not $NessusSoft)
{
Write-Warning 'No vuln software found within Nessus file.'
return
}
$Consolidate = @(
@{Match='Oracle Java SE*';Name='Oracle Java SE'}
@{Match='Adobe Shockwave Player*';Name='Adobe Shockwave Player'}
@{Match='Google Chrome*';Name='Google Chrome'}
@{Match='Adobe Reader*';Name='Adobe Reader'}
@{Match='Adobe Flash Player*';Name='Adobe Flash Player'}
@{Match='Adobe Acrobat*';Name='Adobe Acrobat'}
@{Match='Citrix XenServer Windows Guest Tools Remote DoS';Name='Citrix XenServer Guest Tools'}
@{Match='Symantec Endpoint Protection Client*';Name='Symantec Endpoint Protection Client'}
@{Match='*Java JDK*/*JRE*';Name='Java JDK/JRE'}
@{Match='Juniper Installer Service*';Name='Juniper Installer Service'}
@{Match='*Microsoft Malware Protection Engine*';Name='Microsoft Malware Protection Engine'}
@{Match='VLC*';Name='VLC Media Player'}
@{Match='VMware Player*';Name='VMware Player'}
@{Match='WinSCP*';Name='WinSCP'}
@{Match='Wireshark*';Name='Wireshark'}
@{Match='Adobe AIR*';Name='Adobe AIR'}
@{Match='Autodesk Design Review*';Name='Autodesk Design Review'}
@{Match='Autodesk DWG TrueView*';Name='Autodesk DWG TrueView'}
@{Match='Cisco Jabber*';Name='Cisco Jabber'}
@{Match='Cisco WebEx*';Name='Cisco WebEx'}
@{Match='*Firefox*';Name='Mozilla Firefox'}
@{Match='Flash Player*';Name='Flash Player'}
@{Match='*Microsoft Silverlight*';Name='Microsoft Silverlight'}
@{Match='*Microsoft Malicious Software Removal Tool*';Name='Microsoft Malicious Software Removal Tool'}
@{Match='*Microsoft Office Web Components*';Name='Microsoft Office Web Components'}
@{Match='*Microsoft Excel*';Name='Microsoft Excel'}
@{Match='*Microsoft Word*';Name='Microsoft Word'}
@{Match='*Microsoft Office*';Name='Microsoft Office'}
@{Match='Oracle VM VirtualBox*';Name='Oracle VM VirtualBox'}
@{Match='*Java JRE*';Name='Java JRE'}
@{Match='Apache Tomcat*';Name='Apache Tomcat'}
@{Match='Apache*';Name='Apache HTTP Server'}
@{Match='CodeMeter*';Name='CodeMeter'}
@{Match='FileZilla Client*';Name='FileZilla Client'}
@{Match='VMware vCenter*';Name='VMware vCenter Server'}
@{Match='HP System Management Homepage*';Name='HP System Management Homepage'}
@{Match='PHP*';Name='PHP'}
@{Match='Veritas Backup Exec Remote Agent*';Name='Veritas Backup Exec Remote Agent'}
@{Match='7-Zip*';Name='7-Zip'}
@{Match='HP Version Control Agent (VCA)*';Name='HP Version Control Agent (VCA)'}
@{Match='Microsoft SQL Server*';Name='Microsoft SQL Server'}
@{Match='*.NET Framework*';Name='Microsoft .NET Framework'}
@{Match='McAfee ePolicy Orchestrator Agent*';Name='McAfee ePolicy Orchestrator Agent'}
@{Match='IBM Domino*';Name='IBM Domino'}
@{Match='IBM BigFix Platform*';Name='IBM BigFix Platform'}
@{Match='IBM WebSphere Application Server*';Name='IBM WebSphere Application Server'}
@{Match='OpenSSL*';Name='OpenSSL'}
)
$CommonRemovals = @(
'Remote Code Execution'
'Code Execution'
'Multiple Vulnerabilities'
'Multiple Buffer Overflows'
'Buffer Overflow'
'Insecure Transport'
'Unsupported Version Detection'
','
)
}
process
{
if($NessusSoft)
{
$Interim = foreach($Finding in $NessusSoft)
{
# regex split on install version and then only ouput if the line starts with a digit (version number)
$Software = $Finding.'plugin_output' -split "Remote\sversion.*?:\s(.*?)`n|installed\sversion.*?:\s(.*?)`n|installed\sversion.*?:\s(.*?)`n`n|Reported\sversion.*?:\s(.*?)`n" | Where-Object { $_ -match "^\d" }
foreach($SofItem in $Software)
{
$Out = '' | Select-Object Host, DNSName, Name, CVE, CVSSBasev3, CVSSBasev2, Installed
$Out.Host = $Finding.ParentNode.name
$hostname = $Finding.ParentNode.HostProperties.SelectSingleNode('tag[@name="host-fqdn"]').'#text'
if([String]::IsNullOrWhitespace($hostname))
{
$Out.DNSName = $hostname
}
else{
$Out.DNSName = '-'
}
$Out.CVSSBasev3 = $Finding.cvss3_base_score
$Out.CVSSBasev2 = $Finding.cvss2_base_score
# remove the annoying java multiple vulnerabilities and others
$Out.Name = $Finding.pluginName
foreach($MatchItem in $Consolidate)
{
if($Finding.pluginName -like $MatchItem.Match)
{
$Out.Name = $MatchItem.Name
}
}
# remove common words to capture everything else
foreach($Phrase in $CommonRemovals)
{
$Out.Name = ($Out.Name -Replace $Phrase).Trim()
}
$Out.CVE = $Finding.cve
$Out.Installed = $SofItem
$Out
}
Remove-Variable Software
}
$Interim | Sort-Object 'Software Name', 'Installed Version', Host
}
}
}