def __init__(self, configfile, scans):
super(NessusRunner, self).__init__(configfile)
self.scans_running = [] # Scans currently running.
self.scans_complete = [] # Scans that have completed.
self.scans = scans # Scans that remain to be started.
self.started = False # Flag for telling when scanning has started.
# Parse the configuration file to set everything up
self.config = ConfigParser.ConfigParser()
self.config.readfp(open(configfile))
self.server = self.config.get('core', 'server')
self.port = self.config.getint('core', 'port')
self.report_path = self.config.get('core', 'report_path')
self.limit = self.config.getint('core', 'limit')
self.sleepmax = self.config.getint('core', 'sleepmax')
self.sleepmin = self.config.getint('core', 'sleepmin')
self.debug("PARSED scans: %s" % self.scans)
self.info("Nessus scanner started.")
self.scanner = Nessus(self.server, self.port)
self.user = self.scanner.User(self.config.get('core', 'user'),
self.config.get('core', 'password'))
if self.scanner.login(self.user):
self.info(
"Connected to Nessus server; authenticated to server '%s' as user '%s'"
% (self.server, self.user.username))
else:
self.error("An error occured when logging into nessus server.")
class NessusTestCase(unittest.TestCase):
def setUp(self):
self.server = Nessus('localhost')
user = self.server.User('XXXX', 'XXXX')
self.server.login(user)
self.connected = False
def tearDown(self):
if self.connected:
self.assertTrue(self.server.logout())
class NessusTestCase(unittest.TestCase):
def setUp(self):
self.server = Nessus('localhost')
user = self.server.User('XXXX', 'XXXX')
self.server.login(user)
self.connected = False
def tearDown(self):
if self.connected:
self.assertTrue(self.server.logout())
def run(self):
nessus = Nessus(self.config.get('core', 'server'), self.config.get('core', 'port'))
user = nessus.User(self.config.get('core', 'user'), self.config.get('core', 'password'))
if nessus.login(user):
nessus.load_scans()
self.info("Successfully logged in.")
self.info("%d reports will be downloaded." % (len(nessus.scans)))
for scan in nessus.scans:
path = scan.download(fmt=self.export_format, password=self.encryption_password)
self.info("Report downloaded to %s" % path)
if nessus.logout():
self.info("Successfully logged out.")
def run(self):
nessus = Nessus(self.config.get('core', 'server'), self.config.getint('core', 'port'))
user = nessus.User(self.config.get('core', 'user'), self.config.get('core', 'password'))
if nessus.login(user):
nessus.load_policies()
self.info("Successfully logged in.")
self.info("%d policies will be downloaded." %
(len([policy for policy in nessus.policies if policy.id > 0])))
for policy in [policy for policy in nessus.policies if policy.id > 0]:
path = policy.download()
self.info("Policy downloaded to %s" % path)
if nessus.logout():
self.info("Successfully logged out.")
else:
self.error("An error occured while login you out.")
else:
self.error("An error occured while login you in.")
def run(self):
vid = None
name = "CGI scanning test"
nessus = Nessus(self.config.get('core', 'server'), self.config.getint('core', 'port'))
user = nessus.User(self.config.get('core', 'user'), self.config.get('core', 'password'))
if nessus.login(user):
self.info("Successfully logged in.")
p = nessus.Policy()
p.name = name
if nessus.create_policy(p):
self.alert("Policy successfully created.")
nessus.load_policies()
for policy in nessus.policies:
if policy.name == name:
for preference in policy.preferences:
if preference.name == "Web Application Tests Settings":
for value in preference.values:
if value.name == "Enable web applications tests":
vid = value.id
if vid is not None:
p.settings = {
"preferences.Web+Application+Tests+Settings.%d" % vid: "yes"
}
if nessus.update_policy(p):
self.alert("Policy settings successfully updated (Web Application Tests Settings).")
else:
self.error("An error occured when updating policy settings (Web Application Tests Settings).")
else:
self.error("An error occured while creating the policy.")
if nessus.logout():
self.info("Successfully logged out.")
def __init__(self, configfile, scans):
"""
:param configfile:
:param scans:
:return:
"""
self.logformat = "%s %8s %s"
self.scans_running = [] # Scans currently running.
self.scans_complete = [] # Scans that have completed.
self.scans = scans # Scans that remain to be started.
self.started = False # Flag for telling when scanning has started.
# Parse the configuration file to set everything up
self.config = ConfigParser.ConfigParser()
self.config.readfp(open(configfile))
loglevels = {'debug': logging.DEBUG,
'info': logging.INFO,
'warning': logging.WARNING,
'error': logging.ERROR,
'critical': logging.CRITICAL}
# Core settings
self.logfile = self.config.get('core', 'logfile')
self.loglevel = loglevels[self.config.get('core', 'loglevel')]
# Setup some basic logging.
self.logger = logging.getLogger('Nessus')
self.logger.setLevel(self.loglevel)
self.loghandler = WatchedFileHandler(self.logfile)
self.logger.addHandler(self.loghandler)
self.debug("CONF configfile = %s" % configfile)
self.debug("Logger initiated; Logfile: %s, Loglevel: %s" % (self.logfile, self.loglevel))
self.server = self.config.get('core', 'server')
self.port = self.config.getint('core', 'port')
self.report_path = self.config.get('core', 'report_path')
self.limit = self.config.getint('core', 'limit')
self.sleepmax = self.config.getint('core', 'sleepmax')
self.sleepmin = self.config.getint('core', 'sleepmin')
self.debug("PARSED scans: %s" % self.scans)
try:
self.info("Nessus scanner started.")
self.scanner = Nessus(self.server, self.port)
self.user = self.scanner.User(self.config.get('core', 'user'), self.config.get('core', 'password'))
if self.scanner.login(self.user):
self.info(
"Connected to Nessus server; authenticated to server '%s' as user '%s'" % (self.server, self.user.username))
self.scanner.load()
else:
self.error("An error occured when logging into nessus server.")
except socket.error as (errno, strerror):
self.error(
"Socket error encountered while connecting to Nessus server: %s. User: '******', Server: '%s', Port: %s" % (
strerror, self.user, self.server, self.port))
def run(self):
vid = None
name = "CGI scanning test"
nessus = Nessus(self.config.get('core', 'server'),
self.config.getint('core', 'port'))
user = nessus.User(self.config.get('core', 'user'),
self.config.get('core', 'password'))
if nessus.login(user):
self.info("Successfully logged in.")
p = nessus.Policy()
p.name = name
if nessus.create_policy(p):
self.alert("Policy successfully created.")
nessus.load_policies()
for policy in nessus.policies:
if policy.name == name:
for preference in policy.preferences:
if preference.name == "Web Application Tests Settings":
for value in preference.values:
if value.name == "Enable web applications tests":
vid = value.id
if vid is not None:
p.settings = {
"preferences.Web+Application+Tests+Settings.%d" % vid:
"yes"
}
if nessus.update_policy(p):
self.alert(
"Policy settings successfully updated (Web Application Tests Settings)."
)
else:
self.error(
"An error occured when updating policy settings (Web Application Tests Settings)."
)
else:
self.error("An error occured while creating the policy.")
if nessus.logout():
self.info("Successfully logged out.")
def run(self):
nessus = Nessus(self.config.get('core', 'server'),
self.config.get('core', 'port'))
user = nessus.User(self.config.get('core', 'user'),
self.config.get('core', 'password'))
if nessus.login(user):
nessus.load_scans()
self.info("Successfully logged in.")
self.info("%d reports will be downloaded." % (len(nessus.scans)))
for scan in nessus.scans:
path = scan.download(fmt=self.export_format,
password=self.encryption_password)
self.info("Report downloaded to %s" % path)
if nessus.logout():
self.info("Successfully logged out.")
def run(self):
nessus = Nessus(self.config.get('core', 'server'),
self.config.getint('core', 'port'))
user = nessus.User(self.config.get('core', 'user'),
self.config.get('core', 'password'))
if nessus.login(user):
nessus.load_policies()
self.info("Successfully logged in.")
self.info(
"%d policies will be downloaded." %
(len([policy for policy in nessus.policies if policy.id > 0])))
for policy in [
policy for policy in nessus.policies if policy.id > 0
]:
path = policy.download()
self.info("Policy downloaded to %s" % path)
if nessus.logout():
self.info("Successfully logged out.")
else:
self.error("An error occured while login you out.")
else:
self.error("An error occured while login you in.")
import ConfigParser
from optparse import OptionParser
from pynessus.nessus import Nessus
if __name__ == "__main__":
parser = OptionParser()
parser.add_option("-f", dest='format', help="report file format", default="nessus.v2")
parser.add_option("-c", dest='configfile', default='nessus.conf', help="configuration file to use")
(options, args) = parser.parse_args()
config = ConfigParser.ConfigParser()
config.readfp(open(options.configfile))
server = config.get('core', 'server')
port = config.getint('core', 'port')
nessus = Nessus(server, port)
user = nessus.User(config.get('core', 'user'), config.get('core', 'password'))
if nessus.login(user):
nessus.load_reports()
print "[+] Successfully logged in."
print "[+] %d reports will be downloaded." % (len(nessus.reports))
for report in nessus.reports:
path = report.download()
print "[+] Report downloaded to %s" % path
if nessus.logout():
print "[+] Successfully logged out."
parser.add_option("-c", dest='configfile', default='nessus.conf', help="configuration file to use")
(options, args) = parser.parse_args()
config = ConfigParser.ConfigParser()
config.readfp(open(options.configfile))
server = config.get('core', 'server')
port = config.getint('core', 'port')
user = User(config.get('core', 'user'), config.get('core', 'password'))
if options.format is not None and options.format in ("nessus.v2", "pdf", "html", "csv"):
fmt = options.format
vid = None
name = "CGI scanning test"
nessus = Nessus(server, port)
if nessus.login(user):
print "[+] Successfully logged in."
p = Policy()
p.name = name
if nessus.create_policy(p):
print "[+] Policy successfully created."
nessus.load_policies()
for policy in nessus.policies:
if policy.name == name:
nessus.get_policy_preferences(policy)
for preference in policy.preferences:
if preference.name == "Web Application Tests Settings":
for value in preference.values:
if value.name == "Enable web applications tests":
vid = value.id
def setUp(self):
self.server = Nessus('localhost')
user = self.server.User('XXXX', 'XXXX')
self.server.login(user)
self.connected = False
def setUp(self):
self.server = Nessus('localhost')
user = self.server.User('XXXX', 'XXXX')
self.server.login(user)
self.connected = False
(options, args) = parser.parse_args()
config = ConfigParser.ConfigParser()
config.readfp(open(options.configfile))
server = config.get('core', 'server')
port = config.getint('core', 'port')
user = User(config.get('core', 'user'), config.get('core', 'password'))
if options.format is not None and options.format in ("nessus.v2", "pdf",
"html", "csv"):
fmt = options.format
vid = None
name = "CGI scanning test"
nessus = Nessus(server, port)
if nessus.login(user):
print "[+] Successfully logged in."
p = Policy()
p.name = name
if nessus.create_policy(p):
print "[+] Policy successfully created."
nessus.load_policies()
for policy in nessus.policies:
if policy.name == name:
nessus.get_policy_preferences(policy)
for preference in policy.preferences:
if preference.name == "Web Application Tests Settings":
for value in preference.values:
if value.name == "Enable web applications tests":
vid = value.id
def __init__(self, configfile, scans):
"""
:param configfile:
:param scans:
:return:
"""
self.logformat = "%s %8s %s"
self.scans_running = [] # Scans currently running.
self.scans_complete = [] # Scans that have completed.
self.scans = scans # Scans that remain to be started.
self.started = False # Flag for telling when scanning has started.
# Parse the configuration file to set everything up
self.config = ConfigParser.ConfigParser()
self.config.readfp(open(configfile))
loglevels = {
'debug': logging.DEBUG,
'info': logging.INFO,
'warning': logging.WARNING,
'error': logging.ERROR,
'critical': logging.CRITICAL
}
# Core settings
self.logfile = self.config.get('core', 'logfile')
self.loglevel = loglevels[self.config.get('core', 'loglevel')]
# Setup some basic logging.
self.logger = logging.getLogger('Nessus')
self.logger.setLevel(self.loglevel)
self.loghandler = WatchedFileHandler(self.logfile)
self.logger.addHandler(self.loghandler)
self.debug("CONF configfile = %s" % configfile)
self.debug("Logger initiated; Logfile: %s, Loglevel: %s" %
(self.logfile, self.loglevel))
self.server = self.config.get('core', 'server')
self.port = self.config.getint('core', 'port')
self.report_path = self.config.get('core', 'report_path')
self.limit = self.config.getint('core', 'limit')
self.sleepmax = self.config.getint('core', 'sleepmax')
self.sleepmin = self.config.getint('core', 'sleepmin')
self.debug("PARSED scans: %s" % self.scans)
try:
self.info("Nessus scanner started.")
self.scanner = Nessus(self.server, self.port)
self.user = self.scanner.User(self.config.get('core', 'user'),
self.config.get('core', 'password'))
if self.scanner.login(self.user):
self.info(
"Connected to Nessus server; authenticated to server '%s' as user '%s'"
% (self.server, self.user.username))
self.scanner.load()
else:
self.error("An error occured when logging into nessus server.")
except socket.error as (errno, strerror):
self.error(
"Socket error encountered while connecting to Nessus server: %s. User: '******', Server: '%s', Port: %s"
% (strerror, self.user, self.server, self.port))
class NessusRunner(Framework):
"""
NessusRunner
"""
def __init__(self, configfile, scans):
super(NessusRunner, self).__init__(configfile)
self.scans_running = [] # Scans currently running.
self.scans_complete = [] # Scans that have completed.
self.scans = scans # Scans that remain to be started.
self.started = False # Flag for telling when scanning has started.
# Parse the configuration file to set everything up
self.config = ConfigParser.ConfigParser()
self.config.readfp(open(configfile))
self.server = self.config.get('core', 'server')
self.port = self.config.getint('core', 'port')
self.report_path = self.config.get('core', 'report_path')
self.limit = self.config.getint('core', 'limit')
self.sleepmax = self.config.getint('core', 'sleepmax')
self.sleepmin = self.config.getint('core', 'sleepmin')
self.debug("PARSED scans: %s" % self.scans)
self.info("Nessus scanner started.")
self.scanner = Nessus(self.server, self.port)
self.user = self.scanner.User(self.config.get('core', 'user'),
self.config.get('core', 'password'))
if self.scanner.login(self.user):
self.info(
"Connected to Nessus server; authenticated to server '%s' as user '%s'"
% (self.server, self.user.username))
else:
self.error("An error occured when logging into nessus server.")
def run(self):
"""
Proxy for resume() really. Basically begins scanning with the current scanning list.
"""
self.started = True
self.info("%d scans detected. Launching ..." % len(self.scans))
if self.scans_running is None:
self.scans_running = []
return self.resume()
def stop(self):
"""
We have a start() so we most certainly should have a stop(). This should prevent scans from being continued.
"""
self.started = False
def resume(self):
"""
Basically gets scans going, observing the limit.
"""
if self.started and len(self.scans) > 0 and len(
self.scans_running) < self.limit:
count = len(self.scans_running)
for scan in self.scans:
scan["target"] = NessusRunner.parse_nmap(scan["nmap_xml_file"])
if self.scanner.upload_file(scan["nmap_xml_file"]):
self.info("%s has been uploaded." %
(scan["nmap_xml_file"]))
cp = None
for policy in self.scanner.policies:
if policy.name == scan["policy"]:
cp = policy
if cp is not None:
p = cp.clone()
if p is None:
self.error(
"An error occured while copying policy.")
else:
p.name = "%s %s %s" % (scan["name"],
scan["nmap_xml_file"],
int(time.time()))
prefid = None
for preference in p.preferences:
if "Nmap (XML file importer)" in preference.name:
for value in preference.values:
prefid = value.id
if prefid is None:
self.error(
"Nmap plugin is either not installed or misconfigured."
)
else:
settings = {
"Filedata.Nmap+(%s)." % (p.name.replace(
" ", "+")):
os.path.basename(scan["nmap_xml_file"]),
"preferences.Nmap+(%s).%d" % (p.name.replace(
" ", "+"), int(prefid)):
os.path.basename(scan["nmap_xml_file"]),
}
p.settings = settings
if not p.save():
self.error(
"An error occured while updating policy."
)
else:
currentscan = self.scanner.Scan()
currentscan.name = scan["name"]
currentscan.custom_targets = scan["target"]
currentscan.policy = p
currentscan.tag = self.scanner.tags[0]
if currentscan.launch():
self.info(
"Scan successfully started; Owner: '%s', Name: '%s'"
% (currentscan.owner.name,
currentscan.name))
self.scans_running.append(currentscan)
self.scans.remove(scan)
count += 1
if count == self.limit:
self.warning(
"Concurrent scan limit reached (currently set at %d)"
% self.limit)
self.warning(
"Will monitor scans and continue as possible"
)
break
else:
self.error(
"Unable to start scan. Name: '%s', Target: '%s', Policy: '%s'"
% (currentscan.name,
currentscan.custom_targets,
currentscan.policy.name))
else:
self.error("That policy do not exist.")
else:
self.error("An error occured while uploading file %s" %
(scan["nmap_xml_file"]))
return self.scans_running
def iscomplete(self):
"""
Check for the completion of of running scans. Also, if there are scans left to be run, resume and run them.
"""
for scan in self.scans_running:
if scan.status == "completed":
self.scans_complete.append(scan)
self.scans_running.remove(scan)
elif scan.status == "canceled" or scan.status == "stopped":
self.warning("Scan '%s' has been %s." %
(scan.name, scan.status))
self.scans_running.remove(scan)
# Check to see if we're running under the limit and we have scans remaining.
# If so, run more scans up to the limit and continue.
if len(self.scans_running) < self.limit and len(
self.scans) > 0 and self.started:
self.resume()
elif len(self.scans_running) > 0:
return False
else:
return True
def report(self):
"""
Report on currently completed scans.
"""
for scan in self.scans_complete:
report = self.scanner.Report()
report.id, report.name = scan.uuid, scan.uuid
path = report.download(
"%s/%s.%s" % (self.report_path, report.name, report.format))
if path is not None:
self.info("Report for scan %s saved at %s" % (scan.name, path))
@staticmethod
def parse_nmap(nmap_xml_file):
targets = []
tree = xml.etree.ElementTree.parse(nmap_xml_file)
root = tree.getroot()
for i in root.iter("host"):
targets.append(i.find("hostnames").find("hostname").get("name"))
targets.append(i.find("address").get("addr"))
return ",".join(targets)
def close(self):
"""
End it.
"""
return self.scanner.logout()