I hope this is the right place to ask this question. So, perhaps some of you have heard of Nessus. It's a (network) vulnerability scanner and i have noticed that it also has a functionality to scan web-applications, thing is, it only focuses on the CGI. However, Tenable, the company behind Nessus also released Tenable WAS (web application scanning) which focuses on modern and traditional web-frameworks. So I've been wondering why they would have two software solutions that can do similar tasks. Are CGI vulnerabilities not the same as web vulnerabilities?
↧
Is there a difference between CGI vulnerabilities and web vulnerabilities?
↧
Is there API or command exist to fetch all servers last patched timestamp from Nessus?
I got a task to generate a report that contains all servers(aws ec2 instances) last patched date & time.
↧
↧
How to use Tenable.io-SDK-for-Java in my java (maven) project?
Here is the Tenable.io-SDK-for-Java available at https://github.com/tenable/Tenable.io-SDK-for-Java But it seems to be a Gradle build. I am totally new to Gradle. I've used maven in all my java projects. How do I get this SDK library as a dependency in maven?
I've checked in maven repository for this group 'com.tenable', artifactId 'tenable-io' which I found in build.gradle file in the git repo. But it's not available in maven repo.
↧
Nessus wont sync on Ubuntu 18.04
# sudo greenbone-nvt-sync
# sudo greenbone-scapdata-sync
# sudo greenbone-certdata-sync
rsync: safe_read failed to read 1 bytes [Receiver]: **Connection timed out** (110)
rsync error: error in rsync protocol data stream (code 12) at io.c(285) [Receiver=3.1.2]
I've ensured that ufw firewall has been disabled (with ufw disable) and have run as both a non-root, and root user.
Neither fixes seem to work.
They both result in the same error.
To my knowledge these commands need to be run to populate the nessus database for use.
What could be occurring here?
↧
Asset Discovery with OS Detection
I have been attempting to run a Nessus scan on my PC to detect OS and not having any luck.
I have used Host Discovery OS detection. I have also tried Advanced Custom Scan using plugin 11936
Neither of these look like they are giving me any estimate on OS at all. I am not sure what I am doing wrong.
I've tried Dynamic Custom Scan using 11936 I've tried Host Discovery with "OS Detection" selected
What I would like is that by the end of the scan I can export a csv where in one column there would be a host and another column would contain information about the OS guessed.
↧
↧
How to fix all critical issues of a server resulted in Nessus vulnerability scan with one click?
I have 500 servers (AWS ec2 instances), in all the servers Nessus agent installed so I want a short cut to fix all the servers critical issues resulted in Nessus scan with one click. How to achieve that? Any feasibility is available from AWS or Nessus side.
If Any API's or any stuff available for this automation, please do help by telling that.
↧
Rest API to get information on Vulnerability Information (Exploit Available) from nessus scan
I am trying to find a REST API in Nessus to find the Vulnerability Information (Exploit Available)
used https://:8834/scans/(INT)/export https://ip:port/tokens/{filetoken}/download the above 2 api's are working but Vulnerability Information (Exploit Available) can't be found.
I tired POST https://:8834/vulns/export but error is displayed "error": "The requested file was not found"
↧
Script to set some enties in browser's session storage
I'm accessing an application through web GUI. Repeating task (100 times a day ore more) is to select the item I want to access in long lists of items, so I have to scroll a lot to find my items. Adequately, the GUI allows to set filters for the lists, and you can filter by name, owner etc. GUI remembers my filters until browser session ends (you can see it being stored in session data via browser developer tools, something like '{id: "name", filterName: "name", operator: "=", isPredefined: true, value: "MyName"}').
A script, hopefully, could save a lot of repeating work:
- Set filter is more work than necessary, because you have to change between mouse and keyboard a bit.
- There are several lists, I have to set filter for each of them.
- When I change item name, set filter for each of them again.
To be specific, this is about admin GUI of tenable.sc (nessus) scanner. It's a closed source product, and I have no means to change any bit of the GUI. I've successfully scripted some simple tasks like changing target hosts, applying new audit files and even starting a scan using python semi-official API pytenable, but in general, admin tasks have to be done using GUI. Pytenable doesn't use or manipulate GUI, so it can't set my GUI filters.
If anybody can't answer the general question, but knows how to do it for tenable.sc, of course it will help, too.
A piece of javascript, added to each and every GUI page, could do the trick, but how to add it to a page I can't change? Does any browser allow to inject it itself? I mean, the browser injects it? Yes, there there extensions for injecting code - for policy reasons I'm not happy to install one.
My favourite would be a [ python | javascript | powershell | ... ] script, that interacts with the browser and makes it behave as if the GUI server had sent the data. Better approaches welcome!
TomTomTom
↧
python 3.7 package for nessus 8.4 with documentation
Trying to create a small python penetration testing toolkit and would like to implement nessus scanner. I don't seem to be able to find a package for the newest nessus 8.4 ( I did find a package for nessus 6 - although not with a python 3.7 support) and cannot seem to be able to figure the tenable io package. Anyone coud help please?
↧
↧
pytenable: myobj = sc.audit_files.export_audit(1, fobj=None) results in "Resource is not supported."
This is about using python to access a Nessus (Tenable) Server via the library pytenable to manage scans, retrieve results etc. Although it was a bit hard to find out how to make it work, after some trial and error I managed to get helpful results like generating assets, audit files, policies and scans, start scans and retrieve results. But retrieving audit files just refuses to work:
myobj = sc.audit_files.export_audit(1, fobj=None)
results in
"Resource is not supported."
while
myobj = sc.audit_files.details(1)
works correct.
I tried to use a file opened for binary write like this:
h=open('test.audit','bw'); myobj = tsc.audit_files.export_audit(1,fobj=h)
same result:
tenable.errors.APIError: None:403 {"type":"regular","response":"","error_code":10,"error_msg":"Resource is not supported.","warnings":[],"timestamp":1569578167}
Using similar mechanics to retrieve scan results like this:
myobj = sc.scan_instances.export_scan(1, fobj=None)
works as expected without any errors.
What nasty details am I missing? Did anyone succeed retrieving audit files?
↧
Shell variables not working in metasploit-framework
I am automating Nessus(vulnerability scanner) scans using metasploit-framework. User enters target(url or ip address), name, description in a file and then executes start.sh.
Start.sh file reads user preferences(name,target,description and then set their values in shell variables) from that file and also contains commands to start msfconsole and then authenticate with nessus and configure a new scan and then waits for scan completion.
start.sh
service nessusd start
msfconsole
#load nessus plugin
load_nessus
#authenticate with nessus
nessus_connect username:password@localhost:8834
#configure new scan
nessus_scan_new UUID $name $description $target
Problem here is that in msfconsole I am unable to catch shell variables and also unable to declare shell variables in msfconsole.
Proof # 1 : setting shell variable in msfconsole
msf5> name="ScanExample.com"
[-] Unknown command: name=ScanExample.com.
Proof # 2 : set shell variable in bash terminal and then access in msfconsole name="ScanExample.com"
msf5> echo $name
(shows nothing)
msf5> nessus_scan_new UUID $name $description $target
(it configures new scan but sets their values as with $ sign. means target=$target that makes no sense)
Proof # 3 :
msf5> set name ScanExample.com
name => ScanExample.com
msf5> get name
name => ScanExample.com
But in this case how to embed this variable with this command nessus_scan_new UUID $name $description $target
Any ideas how to achieve the solution....Thanks in advance
↧
Powershell: extracting a comma-separated list of IPs?
I'm dealing with a .csv export from Nessus, where essentially I have a column of Host IPs and a column with Plugin IDs
My customer wants an output where, for example, Plugin X would be in a column, and then next to it would be a comma separated list of affected Host IPs, and then next to THAT would be a count of the affected Host IPs.
After importing the Nessus CSV with Powershell, I was able to start to get what I needed with this:
$allfiltered | select-object 'Host IP','Plugin ID' | Where-Object 'Plugin ID' -like "57041" | Format-Table -Property 'Plugin ID','Host IP'This gives me an output like this:
57041 10.1.1.1
57041 10.1.1.2
57041 10.1.1.3
57041 10.1.1.4
57041 10.1.1.5
57041 10.1.1.6
57041 10.1.1.7
But as you can see, I have a long way to go to pull this into the output I need (see pic above).
I think I'm eventually going to need a for loop to get all the plugin values assessed, but I need to figure out how to essentially query for "Take all IPs that match plugin X and place them into a comma separated list" and go from there.
Can you help steer me in the right direction?
-B
↧
Remote Desktop SSL Nessus Vulnerability 2008R2
I have TLS 1.0 completely disabled in the Registry. However Nessus still returns an SSL vulnerability for port 3389 which is Remote Desktop. Specifically the certificate.
Why does this come up when TLS 1.0 is turned off? What is the best option to remediate this? - Create my own self signed certificate? - Purchase a certificate
I do realize that 2008 r2 is running out of even extended support. However, it will be a year before we're able to replace the servers. So I'm stuck with patching it the best I can.
I just don't understand why this is an issue with TLS 1.0 turned of.
Thanks in advance for any advice rendered.
↧
↧
How to solve SWEET32 and Logjam vulnerabilities in weblogic nodemanger process
I got below vulnerabilities for NodeManager service in Weblogic version 12.1.3.0.0 and JDK 1.8.0_101-b13
{ "port": 5556, "serviceName": "remotewatch?", "protocol": "tcp", "severity": 2, "pluginID": 42873, "pluginName": "SSL Medium Strength Cipher Suites Supported (SWEET32)", "pluginFamily": "General", "description": "The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.\n\nNote that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.", "fname": "ssl_medium_supported_ciphers.nasl", "pluginModificationDate": "2019/02/28", "pluginType": "remote", "riskFactor": "Medium", "scriptVersion": "1.20", "solution": "Reconfigure the affected application if possible to avoid use of medium strength ciphers.", "synopsis": "The remote service supports the use of medium strength SSL ciphers.", "pluginOutput": "\n Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)\n\n EDH-RSA-DES-CBC3-SHA Kx=DH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 \n ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 \n DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 \n\nThe fields above are :\n\n {OpenSSL ciphername}\n Kx={key exchange}\n Au={authentication}\n Enc={symmetric encryption method}\n Mac={message authentication code}\n {export flag}\n", "cve": "CVE-2016-2183", "complianceCheckName": null, "complianceActualValue": null }
{ "port": 5556, "serviceName": "remotewatch?", "protocol": "tcp", "severity": 1, "pluginID": 83875, "pluginName": "SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)", "pluginFamily": "Misc.", "description": "The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time (depending on modulus size and attacker resources). This may allow an attacker to recover the plaintext or potentially violate the integrity of connections.", "fname": "ssl_logjam.nasl", "pluginModificationDate": "2019/11/27", "pluginType": "remote", "riskFactor": "Low", "scriptVersion": "1.24", "solution": "Reconfigure the service to use a unique Diffie-Hellman moduli of 2048 bits or greater.", "synopsis": "The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits.", "pluginOutput": "\nVulnerable connection combinations :\n\n SSL/TLS version : TLSv1.0\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.0\n Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.0\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.1\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_128_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.1\n Cipher suite : TLS1_CK_DHE_RSA_WITH_3DES_EDE_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n\n SSL/TLS version : TLSv1.1\n Cipher suite : TLS1_CK_DHE_RSA_WITH_AES_256_CBC_SHA\n Diffie-Hellman MODP size (bits) : 1024\n Warning - This is a known static Oakley Group2 modulus. This may make\n the remote host more vulnerable to the Logjam attack.\n Logjam attack difficulty : Hard (would require nation-state resources)\n", "cve": "CVE-2015-4000", "complianceCheckName": null, "complianceActualValue": null }
I have tried to add "-Djdk.tls.ephemeralDHKeySize=2048" in the NodeManager process, but it didn't help.
Any comments/suggestions?
↧
Nessus does not send e-mail after setting up smtp server
I have entered the following settings in the Nessus SMTP area:
Host: smtp.gmail.com
Port: 587
Encryption: Force TLS
Auth Method: Login
username: someuser@gmail.com
password: mypass
I get the following error once I try send a test e-mail:
Error (500): It was not possible to email this scan: SMTP Authentication method 'LOGIN' failed: 534-5.7.14 Please log in via your web browser and 534-5.7.14 then try again.
534-5.7.14 Learn more at 534 5.7.14 https://support.google.com/mail/answer/78754 p187sm2864006pfb.3 - gsmtp
↧
aws inspector vs Nessus which one to chose for aws cloud
So we want to setup a security scanners for a mixed environment of Linux & windows instances on AWS so i came across Inspector and Nessus so i just want to get little more clearity and experts advice on which one to chose
thanks!!
↧
Initializing Nessus stuck on Kali Linux [closed]
I was following the tutorial on how to install Nessus on my Kali Linux and It got stuck on compiling plugins. It reaches like 3/4 of the bar and it just resets and starts again. I looked up at that problem but I found only windows solutions. And yes I tried them all. Please help!
↧
↧
How can i send nessus log over syslog?
I've been ask to send the logs from a Nessus scanner remotely on a syslog server, But I can't find a way to bind it to syslog.
Is there a way to do it ?
↧
Curl and Nessus API (Session Hijacking)
I am currently working with Nessus Automation using API. I prefer to use CURL for the requirement. I see that everytime to get data from Nessus, I need to use token (session id). If I send this token with GET method, won't it lead to Session hijacking? What could be the solution to avoid such a problem and have a proper security?
↧
How to change Policy Scan type using nessus API?
I am following documentation present at https://localhost:8834/api/# fro nessus. I listed policies and created new scan with template uuid as "Host Discovery" uuid fetched from the policies list. Problem is it creates new scan with discovery scan type custom. I am not able to figure out how to change it.
↧