I have list of servers on which I have Nessus agent.I want to pull the report for these servers at a time by creating tag or target group,Can anyone help to create tag/target group to get it done ?Also which is better way to get the reports for the set of servers ?

When exporting PDF & HTML format reports the reports are empty, best I can tell there needs to be a report attribute but after 5 hours of running through the API and searching every which way I can think of I am not finding anything referencing that.

For those interested, this is the starting script before I started optimizing it.

https://github.com/Pwd9000-ML/NessusV7-Report-Export-PowerShell/blob/master/NessusPro_v7_Report_Exporter_Tool.ps1

add-type @"    using System.Net;     using System.Security.Cryptography.X509Certificates;     public class TrustAllCertsPolicy : ICertificatePolicy {         public bool CheckValidationResult(             ServicePoint srvPoint, X509Certificate certificate,             WebRequest request, int certificateProblem) {                 return true;                 }     } "@ [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy[System.Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12$GNR = @{    OutputDir = "$Env:SystemDrive\Nessus\$(([DateTime]::Now).ToString("yyyy-MM-dd"))"    StatusUri = [System.Collections.ArrayList]::new()}#------------------Input Variables----------------------------------------------------------------- $Baseurl = "https://$($env:COMPUTERNAME):8834"$Username = <Removed>$Password = <Removed>$ContentType = "application/json"$POSTMethod = 'POST'$GETMethod = 'GET'#------------------Stage props to obtain session token (Parameters)-------------------------------- $session = @{     Uri         = $Baseurl +"/session"    ContentType = $ContentType     Method      = $POSTMethod     Body        = convertto-json (New-Object PSObject -Property @{username = $Username; password = $Password})} #------------------Commit session props for token header X-cookie---------------------------------- $TokenResponse = Invoke-RestMethod @sessionif ($TokenResponse) {     $Header = @{"X-Cookie" = "token="+ $TokenResponse.token} } else {    Write-nLog -Message "Error occured obtaining session token. Script Terminating... Please ensure Username and Password Correct." -Type Error -TerminatingError} IF (![System.IO.Directory]::Exists($GNR.OutputDir)) {    New-Item -Path $GNR.OutputDir  -ItemType directory -Force |Out-Null}#------------------Output completed scans---------------------------------------------------------- $Scans = (Invoke-RestMethod -Uri "$baseurl/scans" -Headers $Header -Method $GETMethod -ContentType "application/json").scansForEach ($Format in @("nessus","pdf")) {    $StatusURI = [System.Collections.ArrayList]::new()    $StatusArray = [System.Collections.ArrayList]::new()    ForEach ($Scan in $Scans) {        Add-Content -Path "$($GNR.OutputDir)\ScanReport.txt" -Value "$($Scan.Name) ($($Scan.status))"        IF ($Scan.status -eq "Completed") {            $File = (Invoke-RestMethod -URI "$baseurl/scans/$($Scan.ID)/export" -ContentType $ContentType -Headers $Header -Method $POSTMethod -Body $(convertto-json (New-Object PSObject -Property @{format = "$Format"}))).file            [Void]$StatusArray.Add(                [pscustomobject]@{                    ScanName    = $scan.name                    StatusUri   = $baseurl +"/scans"+"/"+ $Scan.id +"/export/"+"$file"+"/status"                    DownloadUri = $baseurl +"/scans"+"/"+ $Scan.id +"/export/"+"$file"+"/download"                }            )        }    }    #------------------Check Status of Export requests-------------------------------------------------     While ($StatusArray.StatusUri.count -GT $StatusURI.Count) {        ForEach ($ScanStatus in $StatusArray.StatusURI) {            IF ((Invoke-RestMethod -Uri $ScanStatus -ContentType $ContentType -Headers $Header -Method $GETMethod).status -EQ "Ready") {                if ($StatusURI -notcontains $ScanStatus) {                    Write-Host "Adding $ScanStatus"                    [void]$StatusURI.Add($ScanStatus)                }            } Else {                Write-nLog -Type "Info" -Message "Not all scans complete. ($($GNR.StatusURI.Count)/$($StatusArray.StatusUri.count)"                Start-Sleep -s 5            }        }    }    #------------------Download the Reports------------------------------------------------------------     $ExportUri = $StatusArray.DownloadUri    $outputs = $StatusArray.ScanName    foreach ($i in 0..($ExportUri.Count - 1)) {        Write-nLog -Type Info -Message "Exporting Report: $($outputs[$i])"        Invoke-WebRequest -Uri $ExportUri[$i] -ContentType $ContentType -Headers $Header -Method $GETMethod -OutFile "$($GNR.OutputDir)\$($outputs[$i]).$Format"    }}#------------------Script END----------------------------------------------------------------------

I am following documentation present at https://localhost:8834/api/# fro nessus. I listed policies and created new scan with template uuid as "Host Discovery" uuid fetched from the policies list. Problem is it creates new scan with discovery scan type custom. I am not able to figure out how to change it.

I am currently working with Nessus Automation using API. I prefer to use CURL for the requirement. I see that everytime to get data from Nessus, I need to use token (session id). If I send this token with GET method, won't it lead to Session hijacking? What could be the solution to avoid such a problem and have a proper security?

https://cloud.tenable.com/api

I was recently asked to share my nessus essentials credentials and activation code with someone, i just want to confirm that its safe to do so and there are no risks in sharing the same.thank you in advance

I am following documentation present at https://localhost:8834/api/# fro nessus. I listed policies and created new scan with template uuid as "Host Discovery" uuid fetched from the policies list. Problem is it creates new scan with discovery scan type custom. I am not able to figure out how to change it.

I am trying to update the nessus scan targets using python script as the ips of the target servers are not fixed.

The documentation of python-nessus-client 0.1.1, does not say anything about updating an existing scan.

Is there any way to do this ?

I'm dealing with a .csv export from Nessus, where essentially I have a column of Host IPs and a column with Plugin IDs

My customer wants an output where, for example, Plugin X would be in a column, and then next to it would be a comma separated list of affected Host IPs, and then next to THAT would be a count of the affected Host IPs.

Pic of what I'm looking for

After importing the Nessus CSV with Powershell, I was able to start to get what I needed with this:

$allfiltered | select-object 'Host IP','Plugin ID' | Where-Object 'Plugin ID' -like "57041" | Format-Table -Property  'Plugin ID','Host IP'

This gives me an output like this:

57041     10.1.1.157041     10.1.1.257041     10.1.1.357041     10.1.1.457041     10.1.1.557041     10.1.1.657041     10.1.1.7

But as you can see, I have a long way to go to pull this into the output I need (see pic above).

I think I'm eventually going to need a for loop to get all the plugin values assessed, but I need to figure out how to essentially query for "Take all IPs that match plugin X and place them into a comma separated list" and go from there.

Can you help steer me in the right direction?

-B

I am having a whale of a time just trying to get a token out of Nessus. I'm not sure what the extra "/#" is at the end of the tenable.sc address, and I have a feeling that might be causing a problem locating the correct /rest/token endpoint, but im not really sure how to get around that.

import requestsimport jsonurl = 'https://theurl.comdata = {'username':'person','password':'password01''releaseSession': False}r = requests.post(url +"/rest/token", data=data, verify=False)print(r)

yes, i have to use the requests module and not the library.

I've been trying to write a python script that does what a powershell script already does to get an API token from Nessus. The powershel script works, and returns a token, but the python script just keeps timing out.

I don't have a lot of experience in python, so any help would really be appreciated.

Here is my powershell script that does work.

$hostname = "https://nessus.scAddress/rest"$username = "person"$password = "password01"$loginData = (ConvertTo-Json -compress @{username=$username; password=$password})#-- Login to SC / Extract the tokentry {    $ret = Invoke-RestMethod -URI $hostname/token -Method POST  -Body $loginData     if (!($ret.error_code)) {        $loginToken = $ret.response.token"Token retrieved successfully."    }    else {"Login to SC Failed"        $ret.error_msg        exit    }}catch {"An error occurred logging in to SC."    $_.Exception | Format-List -Force    exit}

Here is my python script that doesn't work.

import requestsimport jsonurl = 'https://nessus.scAddress.com/restheaders = {'content-type':'application/json'}data = {'username':'person','password':'password01''releaseSession': False}r = requests.post(url +"/token", data=data, headers=headers verify=False)print(r)

I am trying to update the nessus scan targets using python script as the ips of the target servers are not fixed.

The documentation of python-nessus-client 0.1.1, does not say anything about updating an existing scan.

Is there any way to do this ?

I have a perl script using the Net::Nessus::REST module. Currently I'm using:

$nessus->create_session(    username => $NESSUSUSER,    password => $NESSUSPASSWORD);

this bit of code to create a session token. This works great so long as my scans complete within 30 minutes. After 30 minutes the session token expires and I get this error message.

server error: Invalid Credentials at nessus.pl line 68

Unless somebody knows a way to set the timeout to something like 86400 seconds, I would like to use the API Access/Secret Key that I generate. The only problem I have is that I cannot find an example of how to list this with some bit of perl script using the Net::Nessus::REST module. Could somebody help me with the bit API Key of code that I could swap in for the create_session example above?

Thanks,

r = requests.get(url+'/asset/7?fields=name,ipCount', cookies=cookie, headers={"x-SecurityCenter":token,"content-type":"application/json"},verify=False)

(asset 7 is device type routers)

So for this asset I get an ip count of 30, but I'm not sure how to drill down and get a list of the individual hostnames and IPs listed under that asset. I've been trying to navigate it for a couple hours, and even with the documentation am really going nowhere.

My end goal is to get a list of hostnames-IPs and write it to a file.

Routers: hostname1, 123.45.678.1 hostname2  ... hostname3  ...   ...

I've googled and read quite a bit of blogs, posts, etc. on this. I've also been trying them out manually on my EC2 instance. However, I'm still not able to properly configure the systemd service unit to have it run the process in background as I expect. The process I'm running is nessus service. Here's my service unit definition:

$ cat /etc/systemd/system/nessusagent.service[Unit]Description=Nessus[Service]ExecStart=/opt/myorg/bin/init_nessusType=simple[Install]WantedBy=multi-user.target

and here is my script /opt/myorg/bin/init_nessus:

$ cat /opt/apiq/bin/init_nessus#!/usr/bin/env bashset -eNESSUS_MANAGER_HOST=...NESSUS_MANAGER_PORT=...NESSUS_CLIENT_GROUP=...NESSUS_LINKING_KEY=...#-------------------------------------------------------------------------------# link nessus agent with manager host#-------------------------------------------------------------------------------/opt/nessus_agent/sbin/nessuscli agent link --key=${NESSUS_LINKING_KEY} --host=${NESSUS_MANAGER_HOST} --port=${NESSUS_MANAGER_PORT} --groups=${NESSUS_CLIENT_GROUP}if [ $? -ne 0 ]; then    echo "Cannot link the agent to the Nessus manager, quitting."exit 1fi/opt/nessus_agent/sbin/nessus-service -q -D

When I run the service, I always get the following:

$ systemctl status nessusagent.service● nessusagent.service - Nessus  Loaded: loaded (/etc/systemd/system/nessusagent.service; enabled; vendor preset: enabled)  Active: inactive (dead) since Mon 2020-08-24 06:40:40 UTC; 9min agoProcess: 27787 ExecStart=/opt/myorg/bin/init_nessus (code=exited, status=0/SUCCESS)Main PID: 27787 (code=exited, status=0/SUCCESS)...Aug 24 06:40:40 ip-10-27-0-104 init_nessus[27787]: + /opt/nessus_agent/sbin/nessuscli agent link --key=... --host=... --port=8834 --groups=...Aug 24 06:40:40 ip-10-27-0-104 init_nessus[27787]: [info] [agent] HostTag::getUnix: setting TAG value to '8596420322084e3ab97d3c39e5c92e00'Aug 24 06:40:40 ip-10-27-0-104 init_nessus[27787]: [info] [agent] Successfully linked to <myorg.com>:8834Aug 24 06:40:40 ip-10-27-0-104 init_nessus[27787]: +'[' 0 -ne 0 ']'Aug 24 06:40:40 ip-10-27-0-104 init_nessus[28506]: + /opt/nessus_agent/sbin/nessus-service -q -D

However, I can't see the process that I expect to see:

$ ps faux | grep nessusroot   28565 0.0 0.0 12940  936 pts/0  S+  06:54  0:00             \_ grep --color=auto nessus

If I run the last command manually, I can see it:

$ /opt/nessus_agent/sbin/nessus-service -q -D$ ps faux | grep nessusroot   28959 0.0 0.0 12940 1016 pts/0  S+  07:00  0:00             \_ grep --color=auto nessusroot   28952 0.0 0.0  6536  116 ?      S   07:00  0:00 /opt/nessus_agent/sbin/nessus-service -q -Droot   28953 0.2 0.0 69440 9996 pts/0  Sl  07:00  0:00    \_ nessusd -q

What is it that I'm missing here?

I have a Nessus finding that instructs me to turn off TLSv1 and enable TLS 1.2 and 1.3 on basically all Windows devices in my network (finding text: TLSv1 is enabled and the server supports at least one cipher.). I have already set group policy up to disable 1.0 and 1.1, and a cursory examination shows that machines are infact only using TLS 1.2 on my domain. I suspect, but cannot confirm, that the finding is still showing because 1.2 is not 1.2 AND 1.3, because 1.0 and 1.1 definitely appear to be turned off in "Internet Options" (indeed, as a policy has set it the options are not even user-editable anymore).

However, the policy did not have an option for 1.3 at all, offering only "use TLS 1.2" in what is probably the least user-friendly drop-down box I've come across in a policy object. Google searches reveal guidance on how to set TLS via policy (again only showing 1.2, etc) or by reg-key (which would be undesirable in my situation). Is there some secreted-away, updated Policy template that I can leverage to mass-deploy TLS 1.3 support?

I'm dealing with a .csv export from Nessus, where essentially I have a column of Host IPs and a column with Plugin IDs

My customer wants an output where, for example, Plugin X would be in a column, and then next to it would be a comma separated list of affected Host IPs, and then next to THAT would be a count of the affected Host IPs.

Pic of what I'm looking for

After importing the Nessus CSV with Powershell, I was able to start to get what I needed with this:

$allfiltered | select-object 'Host IP','Plugin ID' | Where-Object 'Plugin ID' -like "57041" | Format-Table -Property  'Plugin ID','Host IP'

This gives me an output like this:

57041     10.1.1.157041     10.1.1.257041     10.1.1.357041     10.1.1.457041     10.1.1.557041     10.1.1.657041     10.1.1.7

But as you can see, I have a long way to go to pull this into the output I need (see pic above).

I think I'm eventually going to need a for loop to get all the plugin values assessed, but I need to figure out how to essentially query for "Take all IPs that match plugin X and place them into a comma separated list" and go from there.

Can you help steer me in the right direction?

-B

I am new to Nessus and have no clue as to how I set up the credentials through the password authentication type. I am trying to scan VMs and I put the username and password for the VMs. When I run the scan (it is a WannaCry scan) it doesn't return anything under the vulnerabilities or hosts tabs. I didn't put anything under domain because neither one of the VMs are in a domain. Thank you in advance for your response.

I'm dealing with a .csv export from Nessus, where essentially I have a column of Host IPs and a column with Plugin IDs

My customer wants an output where, for example, Plugin X would be in a column, and then next to it would be a comma separated list of affected Host IPs, and then next to THAT would be a count of the affected Host IPs.

Pic of what I'm looking for

After importing the Nessus CSV with Powershell, I was able to start to get what I needed with this:

$allfiltered | select-object 'Host IP','Plugin ID' | Where-Object 'Plugin ID' -like "57041" | Format-Table -Property  'Plugin ID','Host IP'

This gives me an output like this:

57041     10.1.1.157041     10.1.1.257041     10.1.1.357041     10.1.1.457041     10.1.1.557041     10.1.1.657041     10.1.1.7

But as you can see, I have a long way to go to pull this into the output I need (see pic above).

I think I'm eventually going to need a for loop to get all the plugin values assessed, but I need to figure out how to essentially query for "Take all IPs that match plugin X and place them into a comma separated list" and go from there.

Can you help steer me in the right direction?

-B

i am unable to start nessus from my wsl

command:/bin/systemctl start nessusd.service

errors:System has not been booted with systemd as init system (PID 1). Can't operate.Failed to connect to bus: Host is down

how does Nessus scanner write plugins for the latest CVE’s that don’t have a public exploit? in order to identify the vulnerabilities in the network. does it do banner matching with the available CVE ?