Questions tagged [nessus]

Nessus is a commercial vulnerability scanner offered by Tenable Security

Nessus is a commercial vulnerability scanner offered by Tenable Security.

Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks

98 questions

votes

1 answer

Get specific element data from xml

I am trying to parse a nessus xml report and am trying to get the specific description and plugin_output but can't seem to get it for some reason I have the following xml data:

python xml nessus

asked Jan 02 '19 at 16:13

Mr39

votes

1 answer

Nessus File upload REST API

I'm trying to upload an exported scan (.nessus) file to a Nessus Community Edition server using python and the Nessus REST API (func POST /file/upload) however I keep getting the response null like this {"fileuploaded":null} in the response. I…

python rest python-requests nessus

asked Dec 11 '18 at 11:22

Dusty Boshoff

1,016
14
39

votes

1 answer

How can get the reproduce/test procedure for the vulnerabilities reported by NESSUS?

My NESSUS scanning gives report that there are vulnerabilities in my host, such as: > Vulnerabilities by PluginExpand All | Collapse All > **11801 (1) - HTTP Method Remote Format String-** > **Synopsis** > It is possible to execute…

security nessus

asked Nov 26 '18 at 03:16

Michael.Sun

votes

1 answer

Linq XML Xelement with Namespace Returns Null

I am parsing an .nessus file generated from an offline config file audit. I've set up a Linq for the ReportItem node and verified the namespace works, but when I try to get the cm:compliance-solution value it returns null (verified there is a value…

c# linq xml-parsing linq-to-xml nessus

asked Jul 11 '18 at 15:41

Chris

votes

0 answers

Curl and Nessus API (Session Hijacking)

I am currently working with Nessus Automation using API. I prefer to use CURL for the requirement. I see that everytime to get data from Nessus, I need to use token (session id). If I send this token with GET method, won't it lead to Session…

rest curl libcurl nessus

asked Feb 05 '18 at 08:36

tech_enthusiast

votes

1 answer

How to change Policy Scan type using nessus API?

I am following documentation present at https://localhost:8834/api/# fro nessus. I listed policies and created new scan with template uuid as "Host Discovery" uuid fetched from the policies list. Problem is it creates new scan with discovery scan…

api nessus

asked Nov 18 '17 at 15:16

Tanu Jain

votes

1 answer

Powershell: extracting a comma-separated list of IPs?

I'm dealing with a .csv export from Nessus, where essentially I have a column of Host IPs and a column with Plugin IDs My customer wants an output where, for example, Plugin X would be in a column, and then next to it would be a comma separated list…

xml excel powershell csv nessus

asked Oct 06 '17 at 00:11

TenaciousB

votes

1 answer

Nessus scanner returning a Cleartext credentials vulnerability

I'm running Nessus on one of my websites and it returns "Web Server Transmits Cleartext Credentials" vulnerability. It is a low level vulnerability, but I want to understand it. My website encrypts the password text box and that is sent to a…

passwords password-encryption nessus

asked Aug 03 '17 at 13:25

Jerry Warra

votes

1 answer

Nessus RESTful API - Java Problems implementing POST

Im currently tasked to do automation for Nessus. While almost everything works fine, im biting on rock working with this call (from API-DOCU): Request HTTP Request POST /scans/{scan_id}/launch Parameters scan_id integer The id of the scan…

java rest curl post nessus

asked Jun 21 '17 at 12:18

Gewure

1,208
18
31

votes

2 answers

Ruby ignoring boolean value in IF statement

I am parsing some Nessus scans, and am trying to split the output of plugin 21643 into 3 different arrays, highSecArray, mediumSecArray, and lowSecArray depending on their Cipher strength. I am going line by line and have been setting flags to put…

arrays ruby if-statement nessus

asked Mar 13 '17 at 15:41

J. Loffhagen

votes

1 answer

Net::Nessus::REST using API Keys vs. Session Token

I have a perl script using the Net::Nessus::REST module. Currently I'm using: $nessus->create_session( username => $NESSUSUSER, password => $NESSUSPASSWORD ); this bit of code to create a session token. This works great so long as my scans…

perl api nessus

asked Feb 21 '17 at 01:33

Alby

votes

1 answer

How can i send nessus log over syslog?

I've been ask to send the logs from a Nessus scanner remotely on a syslog server, But I can't find a way to bind it to syslog. Is there a way to do it ?

redhat syslog nessus

asked Nov 08 '16 at 06:16

NoP

votes

1 answer

Nessus API client to extract Start and End times of a scan - Ruby script

I have a ruby script I downloaded that connects to the API and can download all the reports in one shot. However, it is critical for me to have the start and end times in the actual filename when I download these reports. I was able to modify my…

ruby security scripting nessus

asked Oct 24 '16 at 17:33

unixpipe

votes

1 answer

Is a hash table the way forward?

I have a variable that looks like this: Plugin ID : 66334 Host : GCAB-L7-449090L Plugin Output : . Microsoft Operating System Patches : + To patch the remote system, you need to install the following Microsoft patches : …

arrays powershell hashtable nessus

asked Aug 19 '16 at 21:21

Tchotchke

votes

2 answers

Regex to capture CVEs from Nessus plugin output

I have a block of output that looks like this: - KB3167679 (MS16-101) (2 vulnerabilities)The following CVEs would be covered: CVE-2016-3300, CVE-2016-3237 - KB3114340 (MS16-099) (16 vulnerabilities)The following CVEs would be covered:…

regex powershell nessus

asked Aug 16 '16 at 20:05

Tchotchke

Prev 1 2 3 4

6 7 Next