读取nessus扫描器csv文件获取url

nessus扫描器

这里我是为了简化工作量，nessus批量扫描全端口，一个一个访问 ip + 端口太慢了，所以写了一个脚本来获取存在的 url

使用条件：nessus扫描结果导出，只保存host和port的内容，如果全部保存，修改代码即可。

python源代码

#!/usr/bin/env python
#-*- coding:utf-8 -*-
import requests
import random
import csv

def get_random_ip():
    ip = ".".join(str(random.randint(0,255)) for _ in range(4))
    return ip

headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36',
    'X-Forwarded-For': get_random_ip()
}

with open('D:\\your_scanner_file.csv', 'r') as file:
    reader = csv.reader(file)
    next(reader)
    for row in reader:
        host = row[0]  
        port = row[1]

        if int(port) <= 60:
            continue

        url = "http://" + host + ':' + port
        try:
            response = requests.get(url, headers=headers, timeout=5)
            status_code = response.status_code
            print("[+]" + "URL: {}, Status Code: {}".format(url, status_code))
            with open('url.txt','w',encoding="utf-8") as f:
                f.write("[+]" + "URL: {}, Status Code: {}".format(url, status_code)+"\n")
        except requests.exceptions.RequestException as e:
            print("[+]" + "URL: {}, Error: {}".format(url, str(e)))

使用效果

如果有什么想法可以多多提意见。。。

注意：此脚本只能检测http协议，如果想根据IP和端口来准确识别HTTP/HTTPS协议，可以前往如下地址下载工具进行检测

httpx工具介绍

httpx：https://github.com/projectdiscovery/httpx

-l  # 要检测的文件
-nf # 检测是HTTP还是HTTPS
-sc # 显示状态码
-o  # 输出

httpx.exe -l host.txt -nf -sc -o hosts.txt

因为这里只能读取txt文件，扫描器导出来的都是csv文件，所以我写了一个简单的脚本来读取csv来生成txt文件

import csv
import sys

if len(sys.argv) == 2:
    csv_file = sys.argv[1]
else:
    print("\033[91m[+]Usage: python %s <csv_filename>\033[0m" % sys.argv[0])
    sys.exit()

with open(csv_file, 'r') as csvfile:
    reader = csv.reader(csvfile)
    with open('output.txt', 'w') as txtfile:
        next(reader)  # 跳过第一行标题
        for row in reader:
            host = row[0]  # ip地址列
            port = row[1]  # 端口列
            txtfile.write(f'{host}:{port}\n')
            print(f'{host}:{port}')

根据自己导出的csv文件修改python代码读取的ip地址列和端口列

这里在实际工作中用了几次，但是总有点瑕疵，然后现在基本是完美了

新增去重功能、新增图形化、有需要的也可以使用exe文件

exe下载地址：https://github.com/Cx330Lm/csv_txt

import csv
import sys
import os
import tkinter as tk
from tkinter import filedialog, messagebox

def process_csv():
    csv_file = filedialog.askopenfilename(title="Select CSV File", filetypes=[("CSV Files", "*.csv")])
    if csv_file:
        try:
            unique_entries = set()  # Set to store unique combinations of IP addresses and ports

            with open(csv_file, 'r') as csvfile:
                reader = csv.reader(csvfile)
                file_name = os.path.splitext(os.path.basename(csv_file))[0]
                output_file = f'{file_name}_output.txt'

                with open(output_file, 'w') as txtfile:
                    next(reader)  # Skip the first row (headers)
                    for row in reader:
                        host = row[0]  # IP address column
                        port = row[1]  # Port column

                        if port != '0':
                            entry = f'{host}:{port}'
                            if entry not in unique_entries:
                                unique_entries.add(entry)
                                txtfile.write(f'{host}:{port}\n')
                                print(f'{host}:{port}')

            messagebox.showinfo("CSV Processing", "CSV file processed successfully.")
        except Exception as e:
            messagebox.showerror("CSV Processing Error", str(e))
    else:
        messagebox.showwarning("CSV Processing", "No CSV file selected.")

if __name__ == "__main__":
    root = tk.Tk()
    root.title("CSV to Text Converter")

    button = tk.Button(root, text="Select CSV File", command=process_csv)
    button.pack(padx=120, pady=60)

    root.mainloop()