利用dom4j 对nessus xml文件解析，并存入mysql_hostproperties tag nessus-优快云博客

本文介绍了一个Java程序，该程序用于解析Nessus扫描文件，并将解析后的漏洞信息存入MySQL数据库中。文章详细展示了如何通过DOM4J解析XML文件，以及如何使用JDBC连接数据库并执行SQL命令。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

import java.io.IOException;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Iterator;
import java.util.List;
import org.dom4j.Document;
import org.dom4j.DocumentException;
import org.dom4j.Element;
import org.dom4j.io.SAXReader;

public class PaserNessus {

    public static void main(String[] args) {
        // TODO Auto-generated method stub
        setupDB();
    }

    public static Connection getConnection() throws SQLException, java.lang.ClassNotFoundException, IOException {
        Class.forName("com.mysql.jdbc.Driver");
        String url = "jdbc:mysql://192.168.140.128:3306/nvd";
        String userName = "root";
        String password = "";
        Connection con = DriverManager.getConnection(url, userName, password);
        return con;
    }

    public static void setupDB() {

        try {
            // String filename = "nvdcve-2008.xml";
            Connection con = getConnection();
            Statement sql = con.createStatement();
            sql.execute("drop table if exists nessus"); // ,primary key(id)
            sql.execute(
                    "create table nessus(host_ip varchar(20) not null,operating_system varchar(160) not null default 'undefined',svc_name varchar(100) not null default 'undefined',protocol varchar(100) not null default 'undefind',port varchar(20) not null default 'unefined',cve varchar(20) not null default 'unefined');");
            SAXReader saxReader = new SAXReader();

            String fname = "D:\\JavaProject\\AttacKGraph\\src\\scan.nessus";
            Document document = saxReader.read(fname);
            Element root = document.getRootElement().element("Report");
            List entry = root.selectNodes("ReportHost");
            Iterator ent = entry.iterator();
            while (ent.hasNext()) {
                Element id = (Element) ent.next();
                Element hostProperties = id.element("HostProperties");
                String host_ip = "";
                String operating_system = "";
                List tags = hostProperties.elements();
                Iterator it = tags.iterator();
                while (it.hasNext()) {
                    Element element = (Element) it.next();
                    if ("host-ip".equalsIgnoreCase(element.attributeValue("name"))) {
                        host_ip = element.getText();
                    } else if ("operating-system".equalsIgnoreCase(element.attributeValue("name"))) {
                        operating_system = element.getText();
                    }
                }
                List reportItems = id.elements("ReportItem");
                Iterator iterator = reportItems.iterator();
                while (iterator.hasNext()) {
                    Element reportItem = (Element) iterator.next();
                    String svc_name = reportItem.attributeValue("svc_name");
                    String protocol = reportItem.attributeValue("protocol");
                    String port = reportItem.attributeValue("port");
                    String cve = reportItem.elementText("cve");
                    String insert = "insert nessus values('" + host_ip + "','" + operating_system + "','" + svc_name
                            + "','" + protocol + "','" + port + "','" + cve + "')";
                    sql.execute(insert);
                }
            }
            sql.close();
            con.close();

        } catch (java.lang.ClassNotFoundException e) {
            System.err.println("ClassNotFoundException:" + e.getMessage());
        } catch (SQLException ex) {
            System.err.println("SQLException:" + ex.getMessage());
        } catch (DocumentException e) {
            e.printStackTrace();
        } catch (IOException e) {
            e.printStackTrace();
        }
    }
}