nullbind · December 1, 2018 22:02
diff --git a/FindIIS6inNessus.ps1 b/FindIIS6inNessus.ps1
 # This script can be used to extract a list of IIS 6.x HTTP servers from .nessus files.
 # Author: Scott Sutherland, NetSPI 2017
 # Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional.

 # Create an output table
 $outputtbl =New-Object System.Data.DataTable
 $outputtbl.Columns.Add("IpAddress") | Out-Null
 $outputtbl.Columns.Add("IISVersion") | Out-Null

 # Iterate through each host
 Get-ChildItem *.nessus | select fullname -ExpandProperty fullname| % {

    Write-Output "Processing $_";
    [xml]$myfile = gc "$_"
    $myfile.NessusClientData_v2.Report.ReportHost | 
    foreach{
        
        # Grab the IP address and host items
        $IpAddress = $_.name
        $ReportItems = $_.reportitem

        # Filter for the HTTP server list
        $ReportItems | 
        Foreach{
            $MyPlugin = $_.pluginname
            if($MyPlugin -like "HTTP Server Type and Version"){
                
                # Filter for IIS 6
                if($_.plugin_output -like "*IIS/6*"){
                    
                    # Parse out version
                    $pluginoutput = $_.plugin_output
                    $httpver = (($pluginoutput -replace ("The remote web server type is :","")) -replace '\s+\r\n+', "`r`n").trim()                    

                    # Write to data table
                    Write-Output "Found one! - IpAddress ($httpver)"
                    $outputtbl.rows.Add($IpAddress,$httpver) | Out-Null
                }
            }            
        }
    }
 }

 # Write results to a file
 $outputtbl | Export-Csv iis6servers.csv -notypeinformation

 # Return output to the pipeline
 $outputtbl | Sort-Object IpAddress
	# This script can be used to extract a list of IIS 6.x HTTP servers from .nessus files.
	# Author: Scott Sutherland, NetSPI 2017
	# Instructions: Run the script in a directory containing only .nessus files. Super dirty/slow, but functional.

	# Create an output table
	$outputtbl =New-Object System.Data.DataTable
	$outputtbl.Columns.Add("IpAddress") \| Out-Null
	$outputtbl.Columns.Add("IISVersion") \| Out-Null

	# Iterate through each host
	Get-ChildItem *.nessus \| select fullname -ExpandProperty fullname\| % {

	Write-Output "Processing $_";
	[xml]$myfile = gc "$_"
	$myfile.NessusClientData_v2.Report.ReportHost \|
	foreach{

	# Grab the IP address and host items
	$IpAddress = $_.name
	$ReportItems = $_.reportitem

	# Filter for the HTTP server list
	$ReportItems \|
	Foreach{
	$MyPlugin = $_.pluginname
	if($MyPlugin -like "HTTP Server Type and Version"){

	# Filter for IIS 6
	if($_.plugin_output -like "IIS/6"){

	# Parse out version
	$pluginoutput = $_.plugin_output
	$httpver = (($pluginoutput -replace ("The remote web server type is :","")) -replace '\s+\r\n+', "`r`n").trim()

	# Write to data table
	Write-Output "Found one! - IpAddress ($httpver)"
	$outputtbl.rows.Add($IpAddress,$httpver) \| Out-Null
	}
	}
	}
	}
	}

	# Write results to a file
	$outputtbl \| Export-Csv iis6servers.csv -notypeinformation

	# Return output to the pipeline
	$outputtbl \| Sort-Object IpAddress