项目启动

.gitignore

@@ -1,3 +1,8 @@
+# myself
+.idea/
+database/
+template.company/
+
 # Byte-compiled / optimized / DLL files
 __pycache__/
 *.py[cod]

README.md

@@ -1,2 +1,51 @@
 # NessusToReport
-自动化扫描报告生成工具
+这是一个nessus自动报告生成工具，可以用来自动生成nessus扫描器的中文报告
+
+*版权所有，侵权必究*
+
+*本项目，仅仅代表个人，如有侵权，请通知我删除*
+
+## 配置
+
+1. config.py：用户配置信息的位置  
+
+    1. data.date:配置时间,参见default
+    1. data.monitor:配置监督者,参见default
+    1. data.manager:配置管理者,参见default
+    1. data.work:配置工作者,参见default
+    1. datasystems:配置IP和系统的关系，该项错误可能导致报错
+    1. ignores:报告生成过程中忽略的nessusid
+    1. nessus_vuln_self:自定义的漏洞信息
+
+    *若漏洞不存在数据库中，可以通过配置自定义nessus_vuln_self来添加*
+
+1. cnf/default.py:默认的信息配置，该部分的信息会更新到data中，默认信息
+1. cnf/data.py：全局信息
+
+变量覆盖顺序：config.py > default.py > data.py
+
+## 使用
+
+1. 导入nessus的csv，放置到csv/nessus/目录下
+1. 更新属于自己的模板文档并放置在template目录下
+
+    1. 将modle/docx_draw_host.py中"公司信息"替换为"$自己的公司"
+
+1. 配置default.py、config.py为自己的信息
+1. 执行命令
+
+```shell script
+python main.py -t host # 指定扫描报告类型
+python main.py # 默认主机扫描报告
+```
+
+> 配置出错
+
+出错的时候一般都是漏洞信息不再数据库中也不在config.py中，这时不存在的漏洞信息将会自动dump到errors.json中,各位可以将该信息手动提交到updatedb.txt中，我将更新其到数据库中。非常感谢！
+
+## 演示图
+
+![演示图](演示图.jpg)
+
+## 特别谢鸣
+

cnf/__init__.py

@@ -0,0 +1,29 @@
+#!/usr/bin/env python3
+# -*- coding:utf-8 -*-
+# ------------------------------------------------------------
+# File: __init__.py.py
+# Created Date: 2020/6/24
+# Created Time: 0:12
+# Author: Hypdncy
+# Author Mail: [email protected]
+# Copyright (c) 2020 Hypdncy
+# ------------------------------------------------------------
+#                       .::::.
+#                     .::::::::.
+#                    :::::::::::
+#                 ..:::::::::::'
+#              '::::::::::::'
+#                .::::::::::
+#           '::::::::::::::..
+#                ..::::::::::::.
+#              ``::::::::::::::::
+#               ::::``:::::::::'        .:::.
+#              ::::'   ':::::'       .::::::::.
+#            .::::'      ::::     .:::::::'::::.
+#           .:::'       :::::  .:::::::::' ':::::.
+#          .::'        :::::.:::::::::'      ':::::.
+#         .::'         ::::::::::::::'         ``::::.
+#     ...:::           ::::::::::::'              ``::.
+#    ````':.          ':::::::::'                  ::::..
+#                       '.:::::'                    ':'````..
+# ------------------------------------------------------------

cnf/const.py

@@ -0,0 +1,117 @@
+#!/usr/bin/env python3
+# -*- coding:utf-8 -*-
+# ------------------------------------------------------------
+# File: const.py
+# Created Date: 2020/6/24
+# Created Time: 0:13
+# Author: Hypdncy
+# Author Mail: [email protected]
+# Copyright (c) 2020 Hypdncy
+# ------------------------------------------------------------
+#                       .::::.
+#                     .::::::::.
+#                    :::::::::::
+#                 ..:::::::::::'
+#              '::::::::::::'
+#                .::::::::::
+#           '::::::::::::::..
+#                ..::::::::::::.
+#              ``::::::::::::::::
+#               ::::``:::::::::'        .:::.
+#              ::::'   ':::::'       .::::::::.
+#            .::::'      ::::     .:::::::'::::.
+#           .:::'       :::::  .:::::::::' ':::::.
+#          .::'        :::::.:::::::::'      ':::::.
+#         .::'         ::::::::::::::'         ``::::.
+#     ...:::           ::::::::::::'              ``::.
+#    ````':.          ':::::::::'                  ::::..
+#                       '.:::::'                    ':'````..
+# ------------------------------------------------------------
+
+loops_error_file = './error.json'
+loops_file = './loops.json'
+template_hostscan_file = './template/主机扫描_模板_1.1.docx'
+template_webscan_file = './template/金融巡检_模板_1.1.docx'
+
+vuln_db_file = './cnf/vuln.db'
+vuln_db_info = {
+    "sqlite_code": "utf-8",
+    "vuln_table": "vuln",
+    "order": {
+        "plugin_id": 0,
+        "name_en": 1,
+        "name_cn": 2,
+        "risk_lev": 3,
+        "describe": 4,
+        "solution": 5,
+        "cve": 6
+    }
+}
+vuln_info = {
+    "name_en": "",
+    "name_cn": "",
+    "risk_lev": "",
+    "describe": "",
+    "solution": "",
+    "cve": ""
+}
+
+nessus_csv_dir = "./csv/nessus/"
+nessus_csv_order = {
+    "plugin_id": 0,
+
+    "name_en": 7,
+    "risk_lev": 3,
+    "describe": 9,
+    "solution": 10,
+    "cve": 1,
+
+    "host": 4,
+    "protocol": 5,
+    "port": 6,
+}
+
+# risk
+risk_count = {
+    "紧急": 0,
+    "高危": 0,
+    "中危": 0,
+    "低危": 0,
+}
+
+risk_score = {
+    "紧急": 4,
+    "高危": 3,
+    "中危": 2,
+    "低危": 1,
+}
+
+risk_is_loop_range_cn = ["紧急", "高危", "中危"]
+risk_is_loop_range_en = ["Critical", "High", "Medium"]
+
+risk_describe = {
+    "scanhuman": {
+        "safe": "暂未发现有效漏洞。",
+        "unsafe": "发现如下有效漏洞。",
+    },
+    "scanweb": {
+        "safe": "暂未发现有效漏洞。",
+        "unsafe": "发现如下漏洞，经过筛选误报，有效漏洞已列出。"
+    },
+    "scanhost": {
+        "safe": "暂未发现有效漏洞。",
+        "unsafe": "发现如下漏洞，经过筛选误报，有效漏洞已列出。"
+    },
+    "result": {
+        "safe":
+            "暂未发现有效漏洞。",
+        "unsafe":
+            "共发现安全漏洞{risk_count}个，其中紧急{risk_urgent}个、高危{risk_high}个、中危{risk_medium}个、低危{risk_low}个。存在的安全隐患主要包括{risk_includes}等安全漏洞,可能将导致{risk_harms}等严重危害"
+    },
+    "hostresult": {
+        "safe":
+            "暂未发现有效漏洞。",
+        "unsafe":
+            "共发现安全漏洞{risk_count}个,存在的安全隐患主要包括{risk_includes}等安全漏洞,详情见如下章节。"
+    }
+}

cnf/data.py

@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+# -*- coding:utf-8 -*-
+# ------------------------------------------------------------
+# File: data.py
+# Created Date: 2020/6/24
+# Created Time: 0:13
+# Author: Hypdncy
+# Author Mail: [email protected]
+# Copyright (c) 2020 Hypdncy
+# ------------------------------------------------------------
+#                       .::::.
+#                     .::::::::.
+#                    :::::::::::
+#                 ..:::::::::::'
+#              '::::::::::::'
+#                .::::::::::
+#           '::::::::::::::..
+#                ..::::::::::::.
+#              ``::::::::::::::::
+#               ::::``:::::::::'        .:::.
+#              ::::'   ':::::'       .::::::::.
+#            .::::'      ::::     .:::::::'::::.
+#           .:::'       :::::  .:::::::::' ':::::.
+#          .::'        :::::.:::::::::'      ':::::.
+#         .::'         ::::::::::::::'         ``::::.
+#     ...:::           ::::::::::::'              ``::.
+#    ````':.          ':::::::::'                  ::::..
+#                       '.:::::'                    ':'````..
+# ------------------------------------------------------------
+
+cnf_data = {
+    # 来自于配置文件
+    "user": {
+        # 客户名称
+        "name": "",
+        # 客户名字缩写
+        "acronym": "",
+        # 客户联系人
+        "contacts": "",
+        # 客户联系人手机号
+        "phone": "",
+        # 合同号
+        "contract": "",
+    },
+    "date": {
+        # 年
+        "year": "",
+        # 月
+        "month": "",
+        # 日
+        "day": "",
+        # 起始日期
+        "start": "",
+        # 截止日期
+        "end": "",
+        "prepare": "",
+        "execute": "",
+        "compile": "",
+        "audit": ""
+    },
+    "monitor": {
+        "name": "",
+        "phone": ""
+    },
+    "manager": {
+        "name": "",
+        "phone": ""
+    },
+    "work": {
+        "name": "",
+        "phone": ""
+    },
+    "risk": {
+        "harms": "",
+        "count": 0,
+        "includes": "",
+        "level": "",
+        # 紧急危险总数
+        "urgent": 0,
+        # 高危风险总数
+        "high": 0,
+        # 中危总数
+        "medium": 0,
+        # 低位总数
+        "low": 0,
+    },
+    "describe": {
+        "scanhuman": "",
+        "scanweb": "",
+        "scanhost": "",
+        "result": ""
+    },
+    "systems": {},
+}
+
+hostscan_loops = dict()
+webscan_loops = dict()
+humanscan_loops = dict()
+