New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nessus send no data to seccubus #603

Closed
womanizzzer opened this Issue Nov 9, 2017 · 21 comments

Comments

Projects
None yet
3 participants
@womanizzzer

womanizzzer commented Nov 9, 2017

@seccubus Seccubus start scans on nessus, but seccubus receives no results from nessus.
I tried scans internal and external, both variant dont work

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 10, 2017

This is the log output:

Scan export status request returned 404Server returned error: The requested file was not found

$VAR1 = {
'error' => 'The requested file was not found'
};
Scan export status request returned 404Server returned error: The requested file was not found
$VAR1 = {
'error' => 'The requested file was not found'
};
Scan export status request returned 404Server returned error: The requested file was not found
$VAR1 = {
'error' => 'The requested file was not found'
};
Scan export status request returned 404Server returned error: The requested file was not found
$VAR1 = {
Use of uninitialized value in string eq at /opt/seccubus/scanners/Nessus6/scan line 311.
Use of uninitialized value in string eq at /opt/seccubus/scanners/Nessus6/scan line 311.
Use of uninitialized value in string eq at /opt/seccubus/scanners/Nessus6/scan line 311.
Use of uninitialized value in string eq at /opt/seccubus/scanners/Nessus6/scan line 311.

Note: seccubus installed from RPM on Fedora 26

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 10, 2017

Things that might help:

  • Run do scan with -v -v -v to see all the calls that are made to the Nessus box
  • Verify that the scan actually runs and finishes via the Nessus GUI.
@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 10, 2017

note: locally reproducing this error failed on CentOS7; everything works here despite the fight of installing Mojolicious on CentOS7.

I'll get their output soon and see what their issue is.

@womanizzzer

This comment has been minimized.

womanizzzer commented Nov 11, 2017

a scan run an finished via nessus without problmes .. after the scan is finish i get the error like @Ar0xA

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 11, 2017

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 11, 2017

Would it be possible to contact me directly so I can look at things on your system? @Ar0xA has my details.

@womanizzzer

This comment has been minimized.

womanizzzer commented Nov 12, 2017

The Scan doesnt return findings and doesnt created in runs tab.
Yes It Is possible to contact you ...

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 13, 2017

I should be available all day Wednesday.

Seccubus is designed not to import a scan when it contains no fidnigns at all, because it assumes that this is due to a scanner failure. So if yuor Nessus job does not have any findings at all it will not be imported.

We are running a setup here that launches about 40 nessus jobs each month. I'm having a hard time replicating your issue so would like to look into your system a bit to see if we can find a root cause.

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 13, 2017

I will have a look at it soon at one of my colleague's systems, but thats unlikely today due to other work.

I have more information though: it seems everything goes fine, until the scan is finished and Seccubus tries to retrieve the data itself (-v -v -v output)

Report downloaded, saving 832785089 to /tmp/seccubus.walter.walter1.5870.html
Exporting report in pdf format
POST to https://192.168.56.103:8834/scans/10/export?history_id=12
Params:
$VAR1 = '{"chapters":"vuln_hosts_summary;vuln_by_host;compliance_exec;remediations;vuln_by_plugin;compliance","format":"pdf"}';
Server response : {"token":"2563e86bb27e0b9e520e6ffa2a92bf53cff551926120e1e71f6c6811f265a4eb","file":387711400}
Initiated scan export to file 387711400
GET to https://192.168.56.103:8834/scans/10/export/387711400/status?
Server response : {"status":"error"}
Nessus server returned error code: 500
Message: {"status":"error"}

Note the Nessus 500 error
Also note: womanizzzer is not my colleague :)

@womanizzzer

This comment has been minimized.

womanizzzer commented Nov 13, 2017

My Nessus Scanner list me a lot of findings ...

@womanizzzer

This comment has been minimized.

womanizzzer commented Nov 13, 2017

in attachment my seccubus output with -v -v -v and two pictures from my nessus scanner as proof
seccubus.txt
nessus_seccubus_test
nessus_seccubus_test_findings

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 14, 2017

@womanizzzer unfortunately, you text gto truncated, but here's what I've been able to find out.

  • The scan is started correctly
  • If finishes and has findings
  • Nessus is able to download the scan report in .nessus and .html format

The text stops in the middle of the HTML report.

Couple of things to try:

  • If you start the scan with the --nodelete parameter, what files are left in /tmp ?
  • Add --export nessus --export html parameters the scan. This should skip the export of a pdf report which sometimes fail
  • Can you tell me which version of Nessus you are using?
  • Are you using a professional or home version of Nessus?
@womanizzzer

This comment has been minimized.

womanizzzer commented Nov 14, 2017

@seccubus first time information about nessus version.
-at work i use the Nessus Manager
-private i use Nessus Home
at both i get this error massage

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 14, 2017

In my (successful) test I used the trial Pro version. One colleague also used Home and the other tried the trial of Pro. I have a session in a few minutes in which I'll spend some time seeing if I can debug this, on their systems. Will update once I have more information.

@womanizzzer

This comment has been minimized.

womanizzzer commented Nov 14, 2017

now i add parameters --export nessus --export html to scan and it works.
i did two test ... i tried more

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 14, 2017

I verified with my colleague, from the Nessus webinterface, he also has no "Export" to PDF option. Which would explain why this fails. I will check to see if i can find out why Nessus cant export to PDF

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 14, 2017

Ok, RTFM. for PDF exports in Nessus, oracle java needs to be installed. This is not the case with both my colleagues systems.

image

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 14, 2017

@seccubus suggested fix from my side would be to have Seccubus by default export to .nessus or .html format instead of pdf

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 14, 2017

The PDF is important to some users dropping it by default seems to be a bad idea (tm).

I need to find out if I can find out if a pdf report is available. Also I should fail gently in stead of critically.

@Ar0xA

This comment has been minimized.

Ar0xA commented Nov 14, 2017

ah ok, yeah. Since Nessus gives a 500 error when the export fails, how about after an error 500 then automatically try .html instead?

And indeed, some kind of logging "export to [format] failed" in -v -v -v format would help debugging this in the future.

edit: checking the Nessus 6 API, I do not see a call to check what export formats Nessus supports :(

@seccubus

This comment has been minimized.

Member

seccubus commented Nov 15, 2017

Currently the rest_call function on line 483 of scanners/Nessus6/scanner dies when the number of retries is expired.
If it is modified to hard fail if that counter reaches 0, but soft fail if the couter is set to a negative number then in code around line 315 we could ignore download errors.
If a critical report cannot be downloaded (the nessus format e.g.) we could trap it later.

@seccubus seccubus closed this in 4ca3b00 Dec 6, 2017

seccubus added a commit that referenced this issue Dec 6, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment