NFA v0.8.0 and NFR v0.6.0: Compare plugin severity¶

I’m excited to introduce a powerful new feature in nessus file analyzer (NFA) v0.8.0 and nessus file reader (NFR) v0.6.0. Now you can effortlessly compare severity scores assigned to Nessus plugins, including Severity, Risk Factor, CVSSv2 CVSSv3 CVSSv4, VPR, and EPSS — all in a single view.

What’s New?¶

In nessus file analyzer (NFA) in the vulnerabilities report and in nessus file reader (NFR) with nfr scan --plugin-severity command, you can now:

Compare severity metadata for each plugin across multiple scoring systems.
Easily identify inconsistencies or patterns between CVSSv2, CVSSv3, CVSSv4, VPR, and EPSS values.
In nessus file reader (NFR) you can use powerful JMESPath to filter on specific Plugin IDs or other conditions.

Examples¶

In nessus file analyzer (NFA) in the vulnerabilities report, instead of just a Risk Factor you will see additional 12 columns:

Severity number	Severity	Risk Factor	CVSSv2 Base Score	CVSSv2	CVSSv3 Base Score	CVSSv3	VPR Score	VPR	EPSS	EPSS %
1	Low	Low	2.6	Low	3.7	Low	1.4	Low	0.0307	3.1%
2	Medium	Medium	5.8	Medium	6.5	Medium	4.9	Medium	0.0596	6.0%
1	Low	Low	2.1	Low			2.2	Low	0.0037	0.4%

In nessus file reader (NFR), you will see them as well, run NFR as in below example:

nfr scan --plugin-severity 192_168_1_1_1022nb.nessus

You’ll get a tabular summary like:

File name                  Report host name       PID    S  SL      RF        CVSSv2  CVSSv2L      CVSSv3  CVSSv3L    CVSSv4    CVSSv4L      VPR  VPRL      EPSS  EPSS%
-------------------------  ------------------  ------  ---  ------  ------  --------  ---------  --------  ---------  --------  ---------  -----  ------  ------  -------
192_168_1_1_1022nb.nessus  192.168.1.10         12217    2  Medium  Medium       5    Medium          5.3  Medium
192_168_1_1_1022nb.nessus  192.168.1.10         42263    2  Medium  Medium       5.8  Medium          6.5  Medium
192_168_1_1_1022nb.nessus  192.168.1.10         50686    2  Medium  Medium       5.8  Medium          6.5  Medium                            4.9  Medium  0.0596  6.0%

To see columns descriptions just run:

nfr scan --plugin-severity-legend

It will print a clear legend explaining each column.

Filter with Precision¶

While in the spreadsheet generated by nessus file analyzer (NFA) you can filter pretty easily, it’s not so easy to do in a terminal. In nessus file reader (NFR), thanks to the new --filter option, you can apply custom filters using JMESPath.

Examples:

Show only a specific plugin:

nfr scan --plugin-severity *.nessus -f "[?PID == '50686']"

Show only plugins with VPR scores:

nfr scan --plugin-severity file.nessus -f "[?VPR != null]"

Python Module¶

For those who use nessus file reader (NFR) as a Python module to create their own view there are new functions for plugins:

severity_number_to_label(severity_number) - Convert a numeric severity level to its corresponding string label.
cvssv2_score_to_severity(cvss_score) - Convert a CVSS v2 base score to its corresponding severity label.
cvssv3_score_to_severity(cvss_score) - Convert a CVSS v3 base score to its corresponding severity label.
cvssv4_score_to_severity(cvss_score) - Convert a CVSS v4 base score to its corresponding severity label.
vpr_score_to_severity(vpr_score) - Convert a VPR score to its corresponding severity label.
epss_score_decimal_to_percent(epss_score) - Convert an EPSS score from decimal format to a percentage string.

TLDR¶

Thank to the newest nessus file analyzer (NFA) and nessus file reader (NFR) you can:

Quickly compare how multiple scoring systems rank a plugi’s risk.
Improve prioritization and remediation efforts by analyzing VPR and EPSS alongside CVSS scores.

nessus file analyzer (NFA):

check the vulnerabilities report for new columns.

nessus file reader (NFR) :

run nfr scan --plugin-severity your_file_name.nessus.
Apply flexible filters with JMESPath using -f or --filter.
Use new functions in Python module to analyze plugin severities programmatically.