Xml interfaces to the popular nessus scanner
•
0 j'aime•1,264 vues
null Mumbai Meet March 2012
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Xml interfaces to the popular nessus scanner
Similaire à Xml interfaces to the popular nessus scanner (20)
Plus de n|u - The Open Security Community
Plus de n|u - The Open Security Community (20)
Dernier
Dernier (20)
Xml interfaces to the popular nessus scanner
- 1. XML Interfaces to the Popular Nessus Scanner Rajesh Deo Network Intelligence India Pvt. Ltd. 29/03/2012 NULL Mumbai Chapter
- 2. The Venerable Nessus Scanner • A comprehensive vulnerability scanner • Can perform network tests, system audits, patch management, compliance tests such as PCI DSS, SCADA vulnerability audits, and so on… • Proprietary - Tenable Network Security • Started by Renaud Deraison in 1998 to provide to the Internet community with a free remote security scanner similar to SATAN and NetSaint. • Nessus 5.0 was released on Feb 15th, 2012. • http://www.nessus.org/products/nessus
- 3. Open-source Tools • Perl/Net::Nessus::XMLRPC • Vlatko Košturjak • http://search.cpan.org/~kost/Net-Nessus-XMLRPC- 0.30/lib/Net/Nessus/XMLRPC.pm • Perl 5 License (Artistic 1 & GPL 1) • https://github.com/kost/nessus-xmlrpc-perl • Also develops similar library for Rapid 7’s NeXpose • Ruby/nessus-xmlrpc • http://nessus-xmlrpc.rubyforge.org/ • GPL/BSD, by author of Net::Nessus::XMLRPC • Python/nessus-xmlrpc • http://code.google.com/p/nessusxmlrpc/ • Apache License 2.0 • Kurtis Miller
- 4. Why do we need these tools? • Automation • Automation • Automation • Custom reporting • Custom reporting • Custom reporting • XML/XSL • XPATH/XQUERY • CLI • http://seclists.org/metasploit/2010/q3/378 • Bridges to awesome software • By Zate Burg
- 5. Why are we using Python/nessus- xmlrpc? • I know Python a little bit • Matplotlib for charting/graphs • Numpy/SciPy or Interface to R for numerical computations and statistics. • Not as well developed as Perl/Ruby modules but pretty close • Last upload in Dec. 2010 • There is scope to contribute... • ..and perhaps integrate with different tools
- 6. Automation: XML-RPC API in Ruby • Write custom scripts, simple one-off tools • Monitor long-running scans • Get reports in XML for parsing and custom reporting. • Large similarity between Perl and Ruby APIs.
- 7. CLI for shell lovers • Automate with your favorite shell: Bash, Tcsh, Zsh • Grep, sed and awk • With an XML/RPC interface you can tunnel your scan requests to your central Nessus server with professional feed over SSH/HTTPS directly from within python/perl/ruby. • Great for doing external penetration tests.
- 8. Multiple Targets? • Home Feed limits you to 15 targets only at a time, good enough for development. • XML-RPC interface same between Professional Feed and Home Feed. Multiple targets separated by “,” or “n”
- 9. Automation with Python Email and xsltproc • Possibilities • Have report emailed to management desktop • Write custom xsl reports, process with xsltproc on Linux. • Import into CMS solutions
- 10. The XML-RPC Interface for Nessus • Partially documented • http://www.tenable.com/documentation/nessus_XMLRPC_proto col_guide.pdf • An unofficial test.html from Renaud Deraison is here • http://nessus-xmlrpc.rubyforge.org/test.html • An update to XML docs will be available in a week, last post 2 days ago. • https://discussions.nessus.org/message/14693;jsessionid=E2130 C8DA7ACFC58DC1850D9EFE828FE • http://blog.upbeat.fr/tagged/Nessus? • Unofficial documentation on .nessus v2 XML report format • Automation using wget • But please use ruby/perl/python interfaces, far cleaner and you can add custom features.
- 11. Nessus v2 XML report format Vulnerability • Microsoft Excel is your friend References Host Inventory Is there a Metasploit module for this?
- 12. Custom Reports: MS Patches With python use lxml, output to csv, xls, sql, html or xml again! Python constructs make it easy to write clean code.
- 13. Vulnerability Management/Delta Reporting • Seccubus: http://seccubus.com/ • Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting. • Frank Breedijk • Perl/Javascript based. • Need to integrate custom reporting with change management and inventory management etc. • Bridges to proprietary software: SharePoint, MS SQL Server, integration into standard business workflows of IT departments. Both Perl/Python provide modules to generate standard business format documents.
- 14. Improve the tools • Goals: Integration • Custom reports • Python/XML foo OK. • We are doing one-off scripts right now. • Reporting/Tracking should not be painful • Web-based reports best • Export to PDF • Summarize and drill down interactive capability • Need awesome reporting and charting capability • Ruby/Ruport • J-Query/Ext JS/Node.js • Java/Processing
- 15. Questions? Please send us your ideas/comments/questions at rajesh.deo@niiconsulting.com Acknowledgements: Tuhin Goswami Our esteemed client where we implemented some of the tools presented. Wasim Halani and K. K. Mookhey for guidance.