def status():
res = {'page': 'status', "scans": this.scans}
if table.count(Query().status == 'SCANNING') == APP_MAXSCANS:
this.scanner['status'] = "BUSY"
res.update({
"status": "BUSY",
"reason": "Max concurrent active scans reached ({})".format(APP_MAXSCANS)
})
return jsonify(res)
# Check if the remote service is available
try:
scan = {}
if 'access_key' in this.scanner.keys() and 'secret_key' in this.scanner.keys():
scan = ness6rest.Scanner(
url="https://{}:{}".format(this.scanner['server_host'], this.scanner['server_port']),
api_akey=this.scanner['access_key'],
api_skey=this.scanner['secret_key'],
insecure=True)
elif 'server_username' in this.scanner.keys() and 'server_password' in this.scanner.keys():
scan = ness6rest.Scanner(
url="https://{}:{}".format(this.scanner['server_host'], this.scanner['server_port']),
login=this.scanner['server_username'],
password=this.scanner['server_password'],
insecure=True)
if 'status' in scan.res.keys():
this.scanner['status'] = "READY"
res.update({
'status': 'READY',
'details': {
'server_host': this.scanner['server_host'],
'server_port': this.scanner['server_port'],
'status': scan.res['status']
}
})
elif scan.res['scanners'][0]['status'] == "on":
this.scanner['status'] = "READY"
res.update({
'status': 'READY',
'details': {
'server_host': this.scanner['server_host'],
'server_port': this.scanner['server_port'],
'engine_version': scan.res['scanners'][0]['engine_version'],
'engine_build': scan.res['scanners'][0]['engine_build'],
'scan_count': scan.res['scanners'][0]['scan_count']
}
})
else:
this.scanner['status'] = "ERROR"
res.update({'status': 'ERROR', 'details': {'reason': 'Nessus engine not available'}})
except Exception:
this.scanner['status'] = "ERROR"
res.update({'status': 'ERROR', 'details': {'reason': 'Nessus engine not available'}})
return jsonify(res)
def _loadconfig():
conf_file = BASE_DIR + '/nessus.json'
if os.path.exists(conf_file):
json_data = open(conf_file)
this.scanner = json.load(json_data)
os.environ['NO_PROXY'] = this.scanner["server_host"]
else:
app.logger.debug("Error: config file '{}' not found".format(conf_file))
return {
"status": "error",
"details": {
"reason": "config file not found"
}
}
try:
# Check authentication methods (login/pass vs. api)
if 'access_key' in this.scanner.keys(
) and 'secret_key' in this.scanner.keys():
this.nessscan = ness6rest.Scanner(
url="https://{}:{}".format(this.scanner['server_host'],
this.scanner['server_port']),
api_akey=this.scanner['access_key'],
api_skey=this.scanner['secret_key'],
insecure=True)
elif 'server_username' in this.scanner.keys(
) and 'server_password' in this.scanner.keys():
this.nessscan = ness6rest.Scanner(
url="https://{}:{}".format(this.scanner['server_host'],
this.scanner['server_port']),
login=this.scanner['server_username'],
password=this.scanner['server_password'],
insecure=True)
if this.nessscan.res['scanners'][0]['status'] == "on":
return {"status": "success"}
else:
return {
"status": "error",
"details": {
"reason":
"connection error to Nessus instance (bad credz? not available ?)"
}
}
except Exception:
return {
"status": "error",
"details": {
"reason":
"connection error to Nessus instance (bad credz? not available ?)"
}
}
def _loadconfig():
conf_file = BASE_DIR + '/nessus.json'
if os.path.exists(conf_file):
json_data = open(conf_file)
this.scanner = json.load(json_data)
os.environ['NO_PROXY'] = this.scanner["server_host"]
else:
print("Error: config file '{}' not found".format(conf_file))
return {"status": "error", "reason": "config file not found"}
try:
this.nessscan = ness6rest.Scanner(
url="https://{}:{}".format(this.scanner['server_host'],
this.scanner['server_port']),
login=this.scanner['server_username'],
password=this.scanner['server_password'],
insecure=True)
if this.nessscan.res['scanners'][0]['status'] == "on":
return {"status": "success"}
else:
return {
"status":
"error",
"reason":
"connection error to Nessus instance (bad credz? not available ?)"
}
except:
return {
"status":
"error",
"reason":
"connection error to Nessus instance (bad credz? not available ?)"
}
def download_nessus_report(args, keys):
nessus_url = "https://" + args.nessusserver + ":" + str(args.nessusport)
scanner = None
scanner = ness6rest.Scanner(url=nessus_url, api_akey=keys['accessKey'], api_skey=keys['secretKey'], insecure=args.nessusinsecure)
if scanner:
print "API login succeeded"
scanner.action(action='scans', method='get')
if not len( scanner.res['scans']) > 0:
print "Did not find any available scans!"
sys.exit(1)
scans = scanner.res['scans']
folders = scanner.res['folders']
#we dont want scans from trash folder
for f in folders:
if f['type'] == 'trash':
trash_id=f['id']
#iterate through scans, drop crap from the trash folder
found_scan = False
for s in scans:
if s['folder_id'] != trash_id:
scanner.scan_name = s['name']
scanner.scan_id = s['id']
#only export if the scan is completed and if it's the correct scan
if (s['status'] == 'completed') and (scanner.scan_name == args.nessusscanname):
found_scan = True
with io.open(args.nessustmp + '/' + args.nessusscanname, 'wb') as fp:
print "Found valid scan, Writing output file to tmp directory"
fp.write(scanner.download_scan(export_format='nessus'))
fp.close()
if not found_scan:
print "Did not find any scan to export. Maybe it wasn\'t done yet or be sure to check the scanname or API file and try again."
sys.exit(1)
def __init__(self, cfg):
self._url = cfg.nessusurl
self._akey = cfg.nessusakey
self._skey = cfg.nessusskey
self._enrich = ScanAPIEnrich(cfg.rpm2cve, cfg.exemptplugins)
insecure = False
if not cfg.nessusverifycert:
insecure = True
self._scanner = ness6rest.Scanner(url=self._url, api_akey=self._akey, api_skey=self._skey,
insecure=insecure)
def __init__(self):
self.anessus = ness6rest.Scanner(url='https://127.0.0.1:8834',
login='******',
password='******',
insecure=True)
self.policy = False
self.username = ''
self.pw = ''
self.scanning_queue = Queue.Queue()
self.targets = []
def nessus_intagrator(hosts):
scan = ness6rest.Scanner(url="https://192.168.25.125:8834",
login="******",
password="******",
insecure=True)
for h in range(len(hosts)):
scan.scan_add(targets=hosts[i])
scan.scan_run()
def __init__(self, cfg):
self._url = cfg.nessusurl
self._akey = cfg.nessusakey
self._skey = cfg.nessusskey
self._enrich = ScanAPIEnrich(cfg.rpm2cve, cfg.exemptplugins)
caoption = ''
insecure = True
if cfg.nessuscacert != None:
caoption = cfg.nessuscacert
insecure = False
self._scanner = ness6rest.Scanner(url=self._url,
api_akey=self._akey,
api_skey=self._skey,
insecure=insecure,
ca_bundle=caoption)
def status():
res = {'page': 'status', "scans": this.scans}
if len(this.scans) == APP_MAXSCANS:
this.scanner['status'] = "BUSY"
res.update({
"status":
"BUSY",
"reason":
"Max concurrent active scans reached ({})".format(APP_MAXSCANS)
})
return jsonify(res)
# check if the remote service is available
try:
scan = ness6rest.Scanner(url="https://{}:{}".format(
this.scanner['server_host'], this.scanner['server_port']),
login=this.scanner['server_username'],
password=this.scanner['server_password'],
insecure=True)
if scan.res['scanners'][0]['status'] == "on":
this.scanner['status'] = "READY"
res.update({
'status': 'READY',
'details': {
'server_host': this.scanner['server_host'],
'server_port': this.scanner['server_port'],
'server_username': this.scanner['server_username'],
'engine_version':
scan.res['scanners'][0]['engine_version'],
'engine_build': scan.res['scanners'][0]['engine_build'],
'scan_count': scan.res['scanners'][0]['scan_count']
}
})
else:
this.scanner['status'] = "ERROR"
res.update({
'status': 'ERROR',
'reason': 'Nessus engine not available'
})
except:
this.scanner['status'] = "ERROR"
res.update({
'status': 'ERROR',
'reason': 'Nessus engine not available'
})
return jsonify(res)
def run_nessus_scan(args):
log.info("Initiating nessus scan using the ips in {}".format(args.input_file))
targets = []
with open(args.input_file, 'r') as fp:
for line in fp:
line = line.strip(' \t\n\r')
targets.append(line)
nessus_targets = ','.join(targets)
log.debug("Nessus will scan these ips: {}".format(nessus_targets))
scan = ness6rest.Scanner(
url=config.NESSUS_URL,
api_akey=config.NESSUS_ACCESS_KEY,
api_skey=config.NESSUS_SECRET_KEY,
insecure=True)
scan.scan_add(nessus_targets, template='basic', name=args.scan_name)
res = scan.scan_run()
log.info(res)
def download_files(profile, dl_id, user_format, dbpasswd=""):
# Downloader, props to Nessrest :)
nessus_url = "https://" + profile["url"] + ":" + profile["port"]
insecure = True
scanner = ness6rest.Scanner(url=nessus_url,
api_akey=profile["akey"],
api_skey=profile["skey"],
insecure=insecure,
ca_bundle=None)
if scanner:
scanner.action(action='scans', method='get')
folders = scanner.res['folders']
scans = scanner.res['scans']
folders_id = []
for i in folders:
if str(i['id']) == str(dl_id):
folders_id.append(i)
for f in folders_id:
if not os.path.exists(f['name']):
os.mkdir(f['name'])
for i in folders_id:
for s in scans:
if s['folder_id'] == i['id']:
scanner.scan_name = s['name']
scanner.scan_id = s['id']
folder_name = i['name']
folder_type = i['type']
if folder_type == 'trash':
continue
if s['status'] == 'completed':
file_name = '%s_%s.%s' % (scanner.scan_name,
scanner.scan_id, user_format)
file_name = file_name.replace('\\', '_')
file_name = file_name.replace('/', '_')
file_name = file_name.strip()
relative_path_name = folder_name + '/' + file_name
# PDF not yet supported
with io.open(relative_path_name, 'wt') as fp:
fp.write(
str(
scanner.download_scan(
export_format=user_format,
dbpasswd=dbpasswd)))
def run(self):
Analyzer.run(self)
data = self.get_param('data', None, 'Data is missing')
if self.data_type != 'fqdn' and self.data_type != 'ip':
self.error('Invalid data type')
if self.allowed_networks is not None:
if self.data_type == 'fqdn':
address = IPAddress(socket.gethostbyname(data))
else:
try:
address = IPAddress(data)
except Exception as e:
self.error("{}".format(e))
if not any(address in IPNetwork(network)
for network in self.allowed_networks):
self.error('Invalid target: not in any allowed network')
scanner_args = {
'url': self.url,
'login': self.login,
'password': self.password
}
if self.ca_bundle is not None:
scanner_args.update({'ca_bundle': self.ca_bundle})
else:
scanner_args.update({'insecure': True})
try:
scanner = ness6rest.Scanner(**scanner_args)
scanner.policy_set(name=self.policy)
scanner.scan_add(targets=data, name="cortex scan for " + data)
self._run_scan(scanner)
results = self._get_scan_results(scanner)
self._delete_scan(scanner)
except Exception as ex:
self.error('Scanner error: %s' % ex)
self.report(results)
def startscan(args):
scan = ness6rest.Scanner(url=args['hosturl'],
login=args['user'],
password=args['password'],
insecure=True)
targets = parse_nmapxml(args['filename'])
scan.upload(args['filename'])
filename = scan.res[u'fileuploaded']
scan.policy_exists(args['policy'])
scan.policy_set(args['policy'])
settings = {"settings": {}}
settings["settings"].update({"import_nmap_xml": "yes"})
settings["settings"].update({"import_nmap_xml_file": filename})
scan.action(action="policies/" + str(scan.policy_id),
method="put",
extra=settings)
scan.policy_set(args['policy'])
t = ','
targets = t.join(parse_nmapxml(args['filename']))
print targets
scan.scan_add(targets=targets, name=args['scanname'])
scan.scan_run()
def main():
""" main function """
with RedirectOutput():
scanner = ness6rest.Scanner(url=NESSUS_URL,
login=NESSUS_USERNAME,
password=NESSUS_PASSWORD,
insecure=True)
scantemplate = os.getenv("NESSUS_SCANTEMPLATE", "basic")
scanner.scan_add(targets=NESSUS_SCANTARGET,
template=scantemplate,
name="Faraday Agent Scan")
print("Starting scan")
scanner.scan_run()
#This blocks execution until the scan stops running
scanner._scan_status()
plugin = PluginsManager().get_plugin("nessus")
plugin.parseOutputString(scanner.download_scan(export_format="nessus"))
print(plugin.get_json())
# The purpose of this script is to take a set of text files
# Read each one, pull out all of the ip addresses, store them in a variable and start a scan for that specific text file IP addresses
from nessrest import ness6rest
batch_start_number = 0
batch_end_number = 80
nessus_policy_name = "Device Discovery Test"
while batch_start_number <= batch_end_number:
o = open("Batch Number {0}.txt".format(batch_start_number), 'r')
targets_list = o.read()
print ("Processing Batch Number" , '%s' % batch_start_number)
o.close()
# connect to Nessus
# scan = ness6rest.Scanner(url="https://localhost:8834", login="******", password="******", insecure=True)
scan = ness6rest.Scanner(url="https://52.36.138.116:8834", login="******", password="******", insecure=True)
# Specify a scan
scan.policy_set(name=nessus_policy_name)
scan.scan_add(targets=targets_list)
scan.scan_run()
batch_start_number +=1
4] == '127.' or args.server == '::1'
# allow localhost connections to proceed without warning, but warn otherwise if CA not set
if not args.capath:
if localhost:
insecure = True
elif not insecure:
# warn if user hasn't supplied a CA Path, but might expect security or bump into TLS errors later
print('WARNING: No CA path explicitly set. Connection to ' +
nessus_url + ' could fail due to TLS/SSL server authentication')
scanner = None
if keys:
scanner = ness6rest.Scanner(url=nessus_url,
api_akey=keys['accessKey'],
api_skey=keys['secretKey'],
insecure=insecure,
ca_bundle=args.capath)
elif password:
scanner = ness6rest.Scanner(url=nessus_url,
login=args.user,
password=password,
insecure=insecure,
ca_bundle=args.capath)
else:
print_err(
'Failed to understand API key or password (this is probably a script BUG)',
True)
# Get all reports
if scanner:
from nessrest import ness6rest
# connect to Nessus
scan = ness6rest.Scanner(url="https://localhost:8834",
login="******",
password="******",
insecure=True)
# Specify a scan
scan.policy_set(name="sample_template")
scan.scan_add(targets="190.249.221.139, ")
scan.scan_run()
#!/usr/bin/python
import sys
sys.path.append('../')
from nessrest import ness6rest
import getpass
user = getpass._raw_input('User: '******'scans']:
scan.scan_name = s['name']
scan.scan_id = s['id']
xml_nessus = scan.download_scan(export_format='nessus')
fp = open('%s_%s.nessus'%(scan.scan_name,scan.scan_id),"w")
fp.write(xml_nessus)
fp.close()
import os from nessrest import ness6rest scan = ness6rest.Scanner(url="https://ohcinnessusscan:8834", login=os.environ['username'], password=os.environ['password'], insecure=True)
def main():
try:
args = parse_args()
logging.addLevelName(RESULT, "RESULT")
logging.basicConfig(format="%(levelname)-8s %(message)s",
handlers=[logging.StreamHandler(sys.stdout)],
level=args.loglevel)
# disable the logging for the 'urllib3' lib
logging.getLogger("urllib3").setLevel(logging.CRITICAL)
# help required to:
# tidy-up this piece of code
if args.subcommand == "nessus":
if args.output_file and not args.list:
output_file = "{}.xlsx".format(args.output_file)
elif not args.output_file and not args.list:
output_file = "nessus-results_{}".format(
time.strftime("%Y%m%d-%H%M%S"))
else:
output_file = "N/A"
elif args.subcommand == "nmap":
if args.output_file:
output_file = "{}".format(args.output_file)
else:
output_file = "nmap-results_{}".format(
time.strftime("%Y%m%d-%H%M%S"))
if args.subcommand == "nessus":
# variables summary
logging.info("Nessus login: {}".format(args.login))
logging.info("Nessus password: {}".format(args.password))
if args.folders:
logging.info("Nessus folder(s): {}".format(";".join(
sorted(args.folders))))
if args.scans:
logging.info("Nessus scan(s): {}".format(";".join(
sorted(args.scans))))
logging.info("Nessus URL: https://{}:{}".format(
args.host, args.port))
if args.config_file:
logging.info(
"Configuration file for Nessus vulnerabilities: {}".format(
args.config_file.name))
logging.info(
"XLSX results output_file: {}.xlsx".format(output_file))
scanner = ness6rest.Scanner(insecure=True,
login=args.login,
password=args.password,
url="https://{}:{}".format(
args.host, args.port))
if args.list:
if args.list == "folders":
if args.folders:
results = nessus.get_folders(scanner, args.folders)
else:
results = nessus.get_all_folders(scanner)
elif args.list == "scans":
if args.folders:
results = nessus.fetch_scans(scanner, args.folders)
elif args.scans:
results = nessus.get_scans(scanner, args.scans)
else:
results = nessus.get_all_scans(scanner)
for result in results:
logging.log(RESULT, "{}".format(result["name"]))
elif args.folders or args.scans:
if args.folders:
scans = nessus.fetch_scans(scanner, args.folders)
elif args.scans:
scans = nessus.get_scans(scanner, args.scans)
if scans:
workbook = xlsxwriter.Workbook(
"{}.xlsx".format(output_file))
logging.log(
RESULT,
"generating 'Host vs Vulnerabilities' worksheet...")
parse_ness_host_vulns(workbook,
scanner,
scans,
config_file=args.config_file)
logging.log(
RESULT,
"generating 'Vulnerability vs Hosts' worksheet...")
parse_ness_vuln_hosts(workbook,
scanner,
scans,
config_file=args.config_file)
logging.log(RESULT,
"generating 'Host vs OSs' worksheet...")
parse_ness_host_oss(workbook, scanner, scans)
logging.log(RESULT,
"generating 'OS vs Hosts' worksheet...")
parse_ness_os_hosts(workbook, scanner, scans)
workbook.close()
elif args.subcommand == "nmap":
# variables summary
# help required to:
# add regex support
input_files = []
for input_file in args.input_files:
input_files.append(input_file.name)
logging.info("Nmap XML results file(s): {}".format(";".join(
sorted(input_files))))
logging.info("XLSX results file: {}.xlsx".format(output_file))
workbook = xlsxwriter.Workbook("{}.xlsx".format(output_file))
logging.log(RESULT, "generating 'Host vs Services' worksheet...")
parse_nmap_host_services(workbook, input_files)
logging.log(RESULT, "generating 'Host vs OSs' worksheet...")
parse_nmap_host_oss(workbook, input_files)
logging.log(RESULT, "generating 'OS vs Hosts' worksheet...")
parse_nmap_os_hosts(workbook, input_files)
workbook.close()
except KeyboardInterrupt:
logging.exception("'CTRL+C' pressed, exiting...")
# scan
# Scan Settings
# nessus_url = "https://nessus.example.com:8834"
nessus_url = "https://192.168.111.10:8834"
scan_policy = "Basic Network Scan"
scan_name = "My Scan"
# Scanner Credentials
user = getpass._raw_input('User: '******','.join(temp_hosts)
# Set target and scan name
scan.scan_add(targets=hosts, name=scan_name)
# scan.scan_exists(targets=hosts, name=scan_name)
# Run Scan
scan.scan_run()
# Download results
#!/usr/bin/env python
from nessrest import ness6rest
import os, sys, io
from pprint import pprint as pp
import csv
import time
username = os.environ.get('nessus_user')
password = os.environ.get('nessus_pass')
scanner = ness6rest.Scanner(url="https://nessus-manager.prod.sec.msap.io:8834",
login=username,
password=password)
target_scan = sys.argv[1]
target_scan = 'manual dynamic - devx'
print target_scan
spin_hosts = open('spin-hosts.list').read().rstrip().split("\n")
plugins_ignore = ['Network daemons not managed by the package system']
agents = {}
plugins = {}
def get_agents():
scanner.action('agents', method='get')
for agent in scanner.res['agents']:
agent_uuid = agent['uuid']
def doScanByNessus(login,
password,
targets,
customPolicy,
policy="",
customScanName="",
url="https://127.0.0.1:8834",
plugins="",
insecure=True):
"""
Scan by nessus API given results
:param login: (string)
:param password: (string)
:param targets: (string) targets separate by ','
:param customPolicy: (string) name of policies to use, if don't exist, will be created with this name
:param policy: (string) if customPolicy don't exist, it will create using this template (discovery, basic or advanced)
:param customScanName: (string) you can specify a custom scan name, else it will be same that customPolicy
:param url: (string)
:param plugins: (string) plugins to use in "advanced" scans
:param insecure: (boolean) true to disable ssl
:return: None
"""
scan = ness6rest.Scanner(url=url,
login=login,
password=password,
insecure=insecure)
scan.action(action="policies/110", method="GET")
if not customPolicy or not scan.policy_exists(customPolicy):
print("Custom policy don't found, try to create new one")
if policy == "discovery" or policy == "basic" or (policy == "advanced"
and plugins):
try:
scan.action(action="editor/policy/templates", method="GET")
template_uuid = ""
for template in scan.res["templates"]:
if template["name"] == policy:
template_uuid = template["uuid"]
break
if not template_uuid:
print("Policy template {} not found".format(policy))
return
configuration = {"settings": {}}
configuration.update({"uuid": template_uuid})
configuration["settings"].update({"name": customPolicy})
configuration["settings"].update({"safe_checks": "yes"})
configuration["settings"].update({"scan_webapps": "no"})
configuration["settings"].update({"report_paranoia": "Normal"})
configuration["settings"].update({"provided_creds_only": "no"})
configuration["settings"].update({"thorough_tests": "no"})
configuration["settings"].update(
{"report_verbosity": "Normal"})
configuration["settings"].update(
{"silent_dependencies": "yes"})
configuration["settings"].update({"cisco_offline_configs": ""})
configuration["settings"].update(
{"network_receive_timeout": "5"})
configuration["settings"].update({"max_checks_per_host": "5"})
if policy == "discovery":
configuration["settings"].update(
{"discovery_mode": "Host enumeration"})
if policy == "basic":
configuration["settings"].update(
{"discovery_mode": "Port scan (all ports)"})
scan.action(action="policies",
method="POST",
extra=configuration)
scan.policy_id = scan.res["policy_id"]
if policy == "advanced":
scan.plugins_info(plugins)
scan._enable_plugins()
except KeyError:
print("policy id was not returned")
except requests.exceptions.ConnectionError:
raise Exception(
"Problem during connection with Nessus: {}".format(url))
except:
print("Unexpected error: {}".format(sys.exc_info()[1]))
else:
print(
"Policy template not available, please choose between discovery, basic and advanced"
)
print("If you choose advanced, please specify plugins to use")
else:
scan.policy_set(customPolicy)
scan.scan_add(targets, name=customScanName)
scan.scan_run()
scan.scan_results()
kbs = scan.download_kbs()
for hostname in kbs.keys():
f = open(hostname, "w")
f.write(kbs[hostname])
f.close()
# The purpose of this script is to download all of the Nessus CSV files to the local disk.
# Later, this script will be extended to parse the files into the database
# The acceptable file outputs for this script are CSV, DB, HTML, and XML (Nessus)
import nessrest
from nessrest import ness6rest
import sys
sys.path.append('../')
import getpass
user = "******"
password = "******"
scan = ness6rest.Scanner(url="https://52.36.138.116:8834",
login=user,
password=password,
insecure=True)
scan.action(action="scans", method="get")
scan_number = 0
for s in scan.res['scans']:
scan.scan_name = s['name']
scan.scan_id = s['id']
csv_nessus = scan.download_scan(export_format='csv')
fp = open('Results_set_%s.csv' % (scan_number), "w")
fp.write(csv_nessus)
fp.close()
scan_number += 1
