Here's something I whipped up for FreeBSD, but should work closely with RHEL.
It's fairly well commented, but feel free to ask me if you need help with it.
-Kevin
#!/bin/bash
# 08March2007
# Copyright 2007 Kevin Reiter (kreiter@insidefsi.net)
# Released under the BSD license.
#--------------------------------------------------
# This script performs the following actions:
# 1. Ping scans a subnet to find the alive hosts.
# 2. Outputs the alive hosts to a file as a list.
# 3. Performs an Nmap scan of each host in the results file, and
# writes the output into 3 log files, located in
# /usr/local/www/data/results/nmap/{DATE}/{SUBNET}/{IP}.{nmap|gnmap|xml}
# 4. Writes the open ports (per host) to a file.
# 5. Rewrites the .nessusrc file to include the open ports found
# using sed (in order for Nessus to only scan the open ports)
# 6. Nessus performs a scan of each host on the subnet, writing the output to
# /usr/local/www/data/results/nessus/{DATE}/{SUBNET}.html
# Tested and written on FreeBSD 6.2-RELEASE using Nmap 4.20 and
# Nessus 3.0.5
#--------------------------------------------------
## VARIABLES ##
subnet=$1
dns="--dns-servers 192.168.0.1,192.168.0.2"
date=`date +'%Y-%m-%d'`
nm_logdir=/usr/local/www/data/results/nmap
nessus_logdir=/usr/local/www/data/results/nessus
nessusfile=/root/work/nessusrc
mytemp=/root/work/work_temp
badhosts=/root/work/badhosts.txt
## FUNCTIONS ##
# Log everything!
# Usage: log "Script Started"
function log {
NOW=$(date +'%Y-%m-%d %H:%M:%S')
echo "${NOW} - ${1}" >> $mainlog
}
## START SCRIPT ##
# The $subnet variable is taken from the commandline
if [ -z $1 ]; then
printf '\n'
printf 'Usage: ./master_scan {subnet}\n'
printf 'Example: ./master_scan 172.20.8.0\n'
printf '\n'
printf 'Send any questions to: kreiter@insidefsi.net\n'
printf '\n'
exit 0
else
# Start by deleting/creating the $mainlog. If it exists,
# delete it:
if [ -e /var/log/$1_nmap-nessus.log ]; then
rm /var/log/$1_nmap-nessus.log
fi
# Then create it for this session:
touch /var/log/$1_nmap-nessus.log
# Assign the variable:
mainlog=/var/log/$1_nmap-nessus.log
# Make the directories we need here:
mkdir -p $nm_logdir/$subnet/$date
nmaplog=$nm_logdir/$subnet/$date
mkdir -p $nessus_logdir/$date
nessuslog=$nessus_logdir/$date
## DISCOVERY ##
# Start off with a ping scan to find the alive hosts:
echo "Starting discovery on $1/24.."
log "Starting discovery of $1/24"
nmap -v -v -sP -PR -n --excludefile $badhosts $1/24 | grep up | cut -f2 -d' ' |
sed '$d' > $mytemp/$1_hosts
echo "Discovery on $1 complete."
printf 'Starting individual host scans now.\n'
log "Discovery completed. Starting Nmap host scan."
# Save a copy of $1_hosts so we can refer to it later if needed:
cp $mytemp/$1_hosts $nmaplog/
# Build the Nessus target list:
cat $mytemp/$1_hosts > $mytemp/nessus_targets
## HOST SCAN ##
targets=`cat $mytemp/$1_hosts`
for i in $targets; do
nmap -v -v -P0 -PR -sS $dns -T4 -r -oA $nmaplog/$i -p1-65535 $i
done
log "Host scanning on $subnet/24 complete."
# Send an admin e-mail notification when the Nmap portion is done.
mail -s "The Nmap scan on $1/24 you requested is done." security@insidefsi.net
< nmap.msg
#----------------------------------------------------------------
# NMAP Done - Start Nessus
#----------------------------------------------------------------
# Now that we have a list of alive hosts and the individual scans
# of each host, we can start the Nessus scans against each host.
# We'll need to define some new variables for this, as well as
# use existing variables from above. Are you confused yet?
# Good. So am I :)
# Get a full list of ports in 1 file:
cat $nmaplog/*.nmap | grep "open" | cut -f1 -d\/ | sort -n | uniq | xargs | sed
's/ /,/g' > $mytemp/ports.list
# Copy the list of ports to the $nmaplog so we can reference it later:
cp $mytemp/ports.list $nmaplog/open_ports
ports=`cat $mytemp/ports.list`
temp="port_range = $ports"
# Rewrite the nessusrc with the ports we want to scan:
sed -e "/port_range/s/po.*/google/" $nessusfile > $mytemp/nessus.tmp
sed -e "s/google/$temp/" $mytemp/nessus.tmp > $nessusfile
## START NESSUS SCAN ##
# Syntax: nessus -q [-pPS] <host> <port> <user> <pass> <targets-file>
<result-file>
log "Starting Nessus Scan"
nessus -q -x -V -c $nessusfile -T html localhost 1241 username password
$mytemp/nessus_targets $nessuslog/$1_subnet.html
log "Nessus Scan Complete."
# Send the e-mail notification:
mail -s "Nessus Scan on $1/24 complete." security@insidefsi.net < nessus.msg
# Send the main logfile:
mail -s "Subnet Scan Log for $subnet/24" security@insidefsi.net < $mainlog
fi
# Delete all the temp files:
cd $mytemp && rm -rf ./*
-----Original Message-----
From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org]On Behalf Of John J. Culkin
Sent: Thursday, June 28, 2007 10:01 AM
To: nessus@list.nessus.org
Subject: Scripting Nessus Scan and emailing of output
Hello
Can anyone help me create a script which does a Nessus Scan and then
emails the results.
I am hoping to run this script via cron on RHEL 4 and/or RHEL 5
-- John C.
--
John J. Culkin Systems Administrator
John.Culkin@Scranton.edu The University of Scranton
Phone: (570) 941-7665
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
This message may contain confidential or proprietary information and is
intended solely for the individual(s) to whom it is addressed. If you are not
a named addressee you should not disseminate, distribute or copy this e-mail or
act upon the information contained herein. Please notify the sender
immediately by e-mail if you have received this e-mail by mistake and delete
this e-mail from your system.
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
