Remove IP/hostnames from Nessus report findings

nessus_exclude.py

"""
Remove Nessus findings by hostname or IP address from .nessus files

Example usage:
python nessus_exclude.py –d nessus_files/ -r 10.1.1.1,10.2.2.2,hostname.internal
"""
import os
import xml.dom.minidom
from optparse import OptionParser

def main(dir, exclude):
    blacklist = exclude.split(',')
    dir_nessus = os.path.realpath(dir)
    nessus_files = [os.path.join(dir_nessus, f) for f in os.listdir(dir_nessus) if '.nessus' in f]

    for f in nessus_files:
        # load nessus report into memory
        nessus_xml = open(f, 'r').read()
        dom = xml.dom.minidom.parseString(nessus_xml)
        
        reports = dom.getElementsByTagName('Report')
        for host in dom.getElementsByTagName('ReportHost'):
            if host.getAttribute('name') in blacklist:
                # remove finding
                dom.getElementsByTagName('Report')[0].removeChild(host)

        # save modified xml to file
        write_file(f, dom.toxml(encoding="utf-8"))

def write_file(file_name, contents):
    fh = open(file_name, 'w')
    fh.write(contents)
    fh.close

if __name__ == "__main__":
    parser = OptionParser()
    parser.add_option("-d", "--dir", action="store", type="string", dest="dir", help="Directory containing .nessus files")
    parser.add_option("-r", "--remove", action="store", type="string", dest="exclude", help="IPs or hostnames to remove")
    (menu, args) = parser.parse_args()
    main(dir=menu.dir, exclude=menu.exclude)