New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NESSUS 7 scan fail #631
Comments
@womanizzzer in their infinite wisdom, Tenable has decided that the APi will only be avialable to customers fo their tenable.io platofrm. But customer who bought Nessus after 12 Dec 2017 will not get API access anymore. I'm afraid that this means the end of the intergration of Nessus with other tools and a major step back. Regrettably there is not much more I can do other then to express my horror at Tennable. I suggest you do the same. |
@seccubus Is support for tenable.io planed? I refrained from updating to Nessus 7 yesterday, after reading the small footnote, stating that the API is disabled. I agree, that Tenable made a big step back with version 7. They made Nessus for bigger infrastructures unuseable imho. |
tenable.io should work as regular Nessus scanner, API was the same |
@seccubus |
I’ve created a tennable.io pr today. It is 90% equal to Nessus with the exception of being able to select a scanner and using API keys to authenticate.
Instill need to look at workaround for Nessus7 as the API is crippled but not fully removed.
Sent with big fingers from a small keyboard, don't blame me for typios please...
…________________________________
From: womanizzzer <notifications@github.com>
Sent: Wednesday, December 27, 2017 9:56:31 PM
To: schubergphilis/Seccubus
Cc: Frank Breedijk; Mention
Subject: Re: [schubergphilis/Seccubus] NESSUS 7 scan fail (#631)
@seccubus<https://github.com/seccubus>
one idea would be to pass the nessus reports manuel to seccubus in order to be able to process the findings dynamically
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#631 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABA5btt2Sok7ujD52QgJFn5FE49fO-orks5tEq7-gaJpZM4RJk1W>.
|
Manual is already possible. But it could use a posher interface.
Sent with big fingers from a small keyboard, don't blame me for typios please...
…________________________________
From: womanizzzer <notifications@github.com>
Sent: Wednesday, December 27, 2017 9:56:31 PM
To: schubergphilis/Seccubus
Cc: Frank Breedijk; Mention
Subject: Re: [schubergphilis/Seccubus] NESSUS 7 scan fail (#631)
@seccubus<https://github.com/seccubus>
one idea would be to pass the nessus reports manuel to seccubus in order to be able to process the findings dynamically
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#631 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABA5btt2Sok7ujD52QgJFn5FE49fO-orks5tEq7-gaJpZM4RJk1W>.
|
@seccubus how I do it manually? |
@womanizzzer When i have to manually import Nessus results into seccubus, i take the following steps: 1.) Export Nessus formatted Results via the Nessus webinterface After the step 4.2 you will see a new run entry in seccubus, without file attachments. The findings are all there. |
@womanizzzer Additionally I just merged tennable.io support for Seccubus, you should be ale to get the package form the latest repo. |
@seccubus |
This was a new install on a fresh vm.
Sent with big fingers from a small keyboard, don't blame me for typios please...
…________________________________
From: womanizzzer <notifications@github.com>
Sent: Thursday, December 28, 2017 12:28:33 PM
To: schubergphilis/Seccubus
Cc: Frank Breedijk; Mention
Subject: Re: [schubergphilis/Seccubus] NESSUS 7 scan fail (#631)
@seccubus<https://github.com/seccubus>
this is only possible if you update nessus 6 to nessus 7.
I had the problem first too, if you reinstall nessus 7, then you really have to delete all nessus6 packages and configs ... otherwise it's just an update again
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#631 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABA5bnVBXsq5J2z9PdlA7nTa3A_ReSMKks5tE3thgaJpZM4RJk1W>.
|
@seccbubus |
still the same problem with nessus scanner... :-\ |
Unfortunately Tenable has decided they don’t want to support this.
Sent with big fingers from a small keyboard, don't blame me for typios please...
…________________________________
From: Andreas Gegenleitner <notifications@github.com>
Sent: Monday, March 12, 2018 4:46:10 PM
To: schubergphilis/Seccubus
Cc: Frank Breedijk; Mention
Subject: Re: [schubergphilis/Seccubus] NESSUS 7 scan fail (#631)
still the same problem with nessus 7... :-\
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#631 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/ABA5btKfPXi6ItTxOtYN2GdvTvtGXfgaks5tdphCgaJpZM4RJk1W>.
|
O.K. did some debugging. The API is full in tact when you use a HOME license, but when you switch to professional, it gets disabled. So automatically creating a scan is disabled as is updating is via the API. |
With nessus pro 7.0.2 they "re-added" much of the functionality but not sure what is still black listed. |
Thanks for letting me know, I’ll ask around.
…
With nessus pro 7.0.2 they "re-added" much of the functionality but not sure what is still black listed
|
@seccubus
In Nessus 7 the API is disable. I geht this message:
GET to https://10.0.2.15:8834/scans?
Server response : {"folders":[{"unread_count":null,"custom":0,"default_tag":0,"type":"trash","name":"Trash","id":2},{"unread_count":null,"custom":0,"default_tag":1,"type":"main","name":"My Scans","id":3}],"scans":[{"folder_id":3,"type":null,"read":true,"last_modification_date":0,"creation_date":0,"status":"empty","uuid":null,"shared":false,"user_permissions":128,"owner":"benjamin","timezone":null,"rrules":null,"starttime":null,"enabled":false,"control":true,"name":"test","id":5}],"timestamp":1513847657}
Scan doesn't exist yet, creating
POST to https://10.0.2.15:8834/scans
Params:
$VAR1 = '{"uuid":"731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65","settings":{"text_targets":"localhost\n","name":"seccubus.test.testneu","launch":"ON_DEMAND","description":"Seccubus automated scan"}}';
Server response : {"error":"API is not available"}
Nessus server returned error code: 412
Message: {"error":"API is not available"}
3 retries left
Sleeping for 30 seconds before retring
POST to https://10.0.2.15:8834/scans
Params:
$VAR1 = '{"uuid":"731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65","settings":{"text_targets":"localhost\n","name":"seccubus.test.testneu","launch":"ON_DEMAND","description":"Seccubus automated scan"}}';
Server response : {"error":"API is not available"}
Nessus server returned error code: 412
Message: {"error":"API is not available"}
2 retries left
Sleeping for 30 seconds before retring
POST to https://10.0.2.15:8834/scans
Params:
$VAR1 = '{"uuid":"731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65","settings":{"text_targets":"localhost\n","name":"seccubus.test.testneu","launch":"ON_DEMAND","description":"Seccubus automated scan"}}';
Server response : {"error":"API is not available"}
Nessus server returned error code: 412
Message: {"error":"API is not available"}
1 retries left
Sleeping for 30 seconds before retring
POST to https://10.0.2.15:8834/scans
Params:
$VAR1 = '{"uuid":"731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65","settings":{"text_targets":"localhost\n","name":"seccubus.test.testneu","launch":"ON_DEMAND","description":"Seccubus automated scan"}}';
Server response : {"error":"API is not available"}
Nessus server returned error code: 412
Message: {"error":"API is not available"}
0 retries left
How you want to fix this problem?
The text was updated successfully, but these errors were encountered: