The updated .xsl file can be found here (zip archive). The stylesheet was last updated on 9 January 2006.
WARNING - I have tested this style sheet a little and it seems
to
work okay,
but I have not done any extensive testing so I would not recommend
relying on the output until more validation has been done. While I
don't see how using this stylesheet could have any damaging
side-effects, the html output of applying this stylesheet could omit
some results or associate results with the wrong systems. Use
at
your own risk.
The major changes I have made are that results are now sorted
by IP
and by port and that there is a listing of machines / ports with each
vulnerability at the bottom of the output file. I have been
applying it with xsltproc on Linux. It gives a couple warnings, but it
works. Example:
$ xsltproc nessus.xsl outputscan.xml > report.html
You can also use this stylesheet to format the XML data in a web
browser (I have only tried Firefox) by putting the unzipped nessus.xsl
file into the same directory as the nessus output xml file and then
opening the xml output file in the web browser. The output doesn't look
as nice when done this way. Some of the formatting seems to get lost,
so I recommend using xsltproc or another XSL processor.
I am interested in hearing from anyone that has any other stylesheets
for Nessus output and especially from anyone that has done any work
integrating Nessus XML output with output from other vulnerability
scanners or port scanners. Please give me an email at chuck
at
securityfoundry dot com.
This page last modified on