#!/usr/bin/perl -w
#
# Do you hate working with nessus on the command-line? Yeah, so do many
# of us. Here is a script to (hopefully) make it easier :-)
# It groups the plugins by category and allows you select which 
# categories you would like to use.
# Not really tested yet :-)... but it does seem to work
# Harry Hoffman <hhoffman@ip-solutions.net>
# Copyright under Gnu Public License
use strict;
use Getopt::Long;
use Term::ReadKey;

my %categories;
my $debug;
my $pass;
my $id;
my $name;
my @nbr_cats;
my $nessus = "/usr/local/bin/nessus";
my $selection;
my $type;
use vars qw($opt_s $opt_p $opt_u $opt_rc $opt_f $opt_safe);

GetOptions("server=s"  => \$opt_s,
           "port=s"    => \$opt_p,
           "user=s"    => \$opt_u,
           "rcfile=s"  => \$opt_rc,
           "outfile=s" => \$opt_f,
           "nocrash=s"   => \$opt_safe
          );

usage() unless ($opt_s && $opt_p && $opt_u && $opt_rc && $opt_f);

ReadMode('noecho');
print "Please enter your nessus password: ";
chomp($pass = <STDIN>);
ReadMode('restore');

if (! defined $opt_safe)
{
  print "Would you like to disable dangerous plugins [y/n]: ";
  chomp ($opt_safe = <STDIN>);
}

print STDOUT $opt_safe if $debug; #DEBUG

open(PLUGINS, "$nessus -q -p $opt_s $opt_p $opt_u $pass |");
while (<PLUGINS>)
{
  if ($_ =~ /Could not connect to nessusd/)
  {
     print "Sorry, could not connect to nessus\n";
     exit 0;
  }
  else
  {
     ($id,$name,$type) = (split /\|/)[0,1,3];
     if ($opt_safe eq "y")
     {
        if ($type !~ /destructive_attack|denial|kill_host/)
        { 
           push @{$categories{$name}}, $id;
        }
     }
     else
     {
        push @{$categories{$name}}, $id;
     }
  }
}
close(PLUGINS);

@nbr_cats = sort(keys %categories);
unshift @nbr_cats, "all";
for (my $i = 0; $i <= $#nbr_cats; $i++)
{
  print "$i => $nbr_cats[$i]\n";
}
print "Please select which plugins to include in your rc file.\n";
print "Select [0] for all or enter a list [1 2 12]: ";

chomp($selection = <STDIN>);

print STDOUT $selection if $debug; #DEBUG

open(RCFILE, "< $opt_rc") or die "Couldn't open $opt_rc: $!\n";
open(NEWRC, "> $opt_f") or die "Couldn't open $opt_f: $!\n";

my $print_flag=1;
while(<RCFILE>)
{
  print NEWRC $_ if ($print_flag);
  if (/^begin\(PLUGIN_SET\)$/)
  {
     listplugins();
     $print_flag=0;
  }
  elsif (/^end\(PLUGIN_SET\)$/)
  {
     print NEWRC $_;
     $print_flag=1;
  } 
}
close(RCFILE);
close(NEWRC);

sub usage
{
my $name = $0;
print << "EOF";
Usage: $name [ -h ] -s [server] -p [port] -u [user]
       --rcfile [~/.nessusrc] --outfile [newrcfile] --nocrash [y/n]
EOF
exit 0;
}

sub listplugins
{
   my @plugins;
   my @sorted;
   my $catgry;
   my $plugin;

   @plugins = split(/\s/, "$selection");
   @sorted = sort {$a <=> $b} @plugins; #Make zero at front of line

   if ($sorted[0] == 0)
   {
     @sorted = (1..$#nbr_cats) #Include first to last of plugins
   }

  foreach $catgry (@sorted)
  {
     foreach $plugin (@{$categories{$nbr_cats[$catgry]}})
     {
        print NEWRC "$plugin = yes\n";
        print STDOUT "$plugin = yes\n" if $debug; #DEBUG
     }
  }
}