Monday, November 24, 2014

New Scripts and Old Script Changes

I pushed up some scripts I banged out today here: https://github.com/secjohn/nessus-reporting
I'm a blue team guy again and I needed a better way to share Nessus findings both vulnerability scans and compliance audit scans with my admins. The Nessus HTML and CVS exports just don't cut it, and I'm sick of manually editing the CVS exports to be something people want. So I made these scripts to turn .nessus files into spreadsheets my admins want and figured I would share them. They are freshly made and I'm sure some improvements are needed. But so far appear to work fine even on very large .nessus files.

I also commented out the crypter parts of obfy. It hasn't worked for a while now, even since some change to msfpayload. Obfy is still a quick way around McAfee, but that is about it at this point. I think it still works against some others if you manually run ditto on the payloads, but I never got ditto to work correctly with wine so I couldn't script it out. Veil is a better automated option for most things and I use it a lot now. Obfy is still good if you know you are going against McAfee or to edit an asm file you made yourself for a longer term custom payload like a signed payload for phishing, etc. But in general I wouldn't use obfy on a normal pentest if I didn't know the AV product anymore. I would highly recommend using it in AV testing if you are buying one.