1

I am trying to do a script to get me access of advance scan option of nessus in localhost. So I want advance scan operation through shell script without GUI. I want all operations like login, advance scan and export report are performed through shell script without GUI access.

sknsk
  • 19
  • 1
  • 7
  • 4
    Sounds great; so where is your best attempt thus far? Take a look in [Help Center > Asking](https://stackoverflow.com/help/how-to-ask) for a more detailed explanation of the guidelines so that we can better assist you. – Travis Clarke May 18 '17 at 05:47
  • Firsty I have tried to access nessus through terminal. I have use "nessus -q localhost 8834 admin admin targets.txt results.txt" this command. But Output is: nessus command not found – sknsk May 23 '17 at 10:16
  • does my post answer your question @sknsk ? if so, please accept the answer. – Gewure Jul 11 '17 at 13:11

2 Answers2

1

Why do you want to do it with bash script? You can do this much easier with the nessus API. Have a look at the link below https://github.com/jfalken/nessus_enterprise_rest_client

kayhan89
  • 11
  • 1
0

the simplest way of doing automatisation in nessus is to use the nessus API.

its located at https://NessusServerIP:8834/ - if you visit it, you will be greeted by the API-Documentation.

There are various API-Implementations available - if you google 'Nessus API client' you'll get a glimpse.

If you, as you said, want to to run bash-skripts than the simplest way is probably using CURL for the API-Requests.

A typical workflow will look like this:

  1. authorize yourself to the NessusAPI (either via TOKEN or API-Key)
  2. launch or configure a scan (and wait until it finished)
  3. export a report (and wait until it finished)
  4. download the exported report

CURL #1 (authorize using token):

    curl -X POST --data '{"username":"NessusUser","password":"YourPassword"}' -k "https://NessusServerIp:8834/session" 
--header "Content-Type:application/json" | python -m json.tool

..which will yield you following JSON yielding an Token which you need for the other API-Calls:

{"token": "e411e443521adee4496d79823a510cc68c5bf05aeda6e6eb"}

CURL #2 (launch a scan):

        curl -X POST -H 'X-Cookie: token=e411e443521adee4496d79823a510cc68c5bf05aeda6e6eb' -H 'Content-Type:application/json' 
    --data '{"scan_id":"21", "alt_targets":[127.0.0.1]}' 
-k "https://NessusServerIp:8834/scans/21/launch" | python -m json.tool

...which will be answered with a JSON like this, containing the ID of the just startet scan:

{"scan_uuid":"c1c30d8f-5f79-2e4b-2d03-05b8b3c595f1e768e03195abdfa2"}

CURL #3 (exporting a scan):

 curl -X POST -H 'X-Cookie: token=766ef7a2302780c189ba563b89c5eb3706140c0ef1e4de8b' -H
 'Content-Type:application/json' --data '{"scan_id":"33", "format":"html"}' -k
 "https://NessusServerIP:8834/scans/33/export" | python -m json.tool

...which will yield this JSON response, containing a token to the exported file and the file_id: {"token":"3e13ab381c480caa1e377411c0b561970c46e5d78894c5a0cb2be0e7f00fefe0","file":1434780027}

...so now we are ready to download the report. in this case, since i have specified "format: html" in the last call, its a .html you will need to safe the outcome into.

Curl #4 (download exported report):

        curl -X GET -H 'X-Cookie: token=7d155aef4359d02addea29d8d56bca4a5045ca61efeb38ee' -H 'Content-Type:application/json' 
    --data '{"scan_id":"21", "alt_targets":127.0.0.1}' 
-k "https://NessusServerIP:8834/scans/17/export/945237343/download" > report.html

...which should leave you with a report.html in the folder you started your script.

Now... how do you automatize this? Well write a Bash-Skript, put in this calls, parse the answers to extract the information you need - and then enjoy! :)

ps: i use the python -m json.tool to beautify the otherwise not very beautiful output of CURL.

Hope i have helped, Gewure

Gewure
  • 1,208
  • 18
  • 31