It is always been a pain to run Nessus when you have long list of IPs to be scanned within a short period of time. This typically happens when you are engaged in an internal pentest and you have multiple IPs to scan.

To solve this, I have written a Ruby script which enables Nessus to read list of IPs from a text file, perform individual scan, export it to XML format and saves a copy of the scan over Nessus web interface. This script is very similar to my last script with few changes in terms of reading IP from a text file. Please note that you would need to install nessus-xmlrpc gem to get this running.

Here’s a ruby script for running Nessus against multiple IPs:

require 'nessus-xmlrpc'

n=NessusXMLRPC::NessusXMLRPC.new('','admin','admin');

if n.logged_in

id,name = n.policy_get_first

puts "using policy ID: " + id + " with name: " + name

File.open("ip.txt").each_line do |line|

uid=n.scan_new(id,"#{line}","#{line}")

puts "scanning for: " + line

puts "status: " + n.scan_status(uid)

while not n.scan_finished(uid)

sleep 10

end

content=n.report_file_download(uid)

#File.open('report.xml', 'w') {|f| f.write(content) }

#File.open("#{line}_report.xml", 'w') do |f|

f.write(content)

f.close

end

‍

Steps to be followed:

Create a ip.txt file and dump your list of IPs there.
Copy and paste above script in nessus.rb file.
Place both these files under one folder and fire below command from your terminal.

ruby nessus_file.rbThe output will be saved in the same folder and copy of scan will be available on your Nessus web interface.

Happy Automating!!!

Share this post