README
¶
Nessie
Tenable Nessus 6 API client in Go.
Usage
Have a look at the client example for how to start a scan, wait until it finishes and exports the results to a CSV file.
Status
Here are the resources accessible via the official API and their current implementation status in this client:
- AgentGroups
- Add agent
- Add agents
- Configure
- Create
- Delete group
- Delete groups
- Delete agent
- Delete agents
- List groups ✓
- Editor
- Details
- Edit
- List policy templates ✓
- List scan templates ✓
- Plugin description
- File
- Upload ✓
- Folders ✓
- Create ✓
- Delete ✓
- Edit ✓
- List ✓
- Groups
- Add user
- Create ✓
- Delete
- Delete user
- Edit
- List ✓
- List users
- Permissions
- Change
- List ✓
- Plugins ✓
- Families ✓
- Family details ✓
- Plugin details ✓
- Plugin rules
- Create
- Delete
- Edit
- List
- Policies
- Configure ✓
- Copy
- Create ✓
- Delete ✓
- Details
- Import
- Export
- List ✓
- Scanners ✓
- List ✓
- Scans
- Configure ✓
- Create ✓
- Delete ✓
- Delete history
- Details ✓
- Download ✓
- Export ✓
- Export status ✓
- Host details
- Import
- Launch ✓
- List ✓
- Pause ✓
- Plugin output
- Read status
- Resume ✓
- Stop ✓
- Timezones ✓
- Server ✓
- Properties ✓
- Status ✓
- Sessions
- Create ✓
- Destroy ✓
- Edit
- Get ✓
- Password
- Users ✓
- Create ✓
- Delete ✓
- Edit ✓
- List ✓
- Password ✓
Some methods are not part of the API but are implemented by this client to make life easier:
- Get all plugin details
Documentation
¶
Overview ¶
Package nessie implements a client for the Tenable Nessus 6 API.
Index ¶
- Constants
- Variables
- type Acls
- type AgentGroup
- type AuditCustomItem
- type CreatePolicyRequest
- type CreatePolicyResp
- type FamilyDetails
- type Filter
- type FilterControls
- type Folder
- type Group
- type History
- type Host
- type HostCompliance
- type HostVulnerability
- type ListScansResponse
- type Nessus
- type NewScanRequest
- type Permission
- type Plugin
- type PluginAttr
- type PluginDetails
- type PluginFamilies
- type PluginFamily
- type PluginOutput
- type Policy
- type PolicyAudits
- type PolicySettings
- type Remediation
- type Rule
- type Scan
- type ScanDetailsResp
- type ScanSettingsRequest
- type Scanner
- type ServerProperties
- type ServerStatus
- type Session
- type Template
- type TemplateDisplayGroup
- type TemplateFormInput
- type TemplateMode
- type TemplatePluginFamily
- type TemplateSection
- type TimeZone
- type User
- type Vulnerability
Constants ¶
View Source
const ( UserTypeLocal = "local" UserTypeLDAP = "ldap" Permissions0 = "0" Permissions16 = "16" Permissions32 = "32" Permissions64 = "64" Permissions128 = "128" )
View Source
const ( LaunchOnDemand = "ON_DEMAND" LaunchDaily = "DAILY" LaunchWeekly = "WEEKLY" LaunchMonthly = "MONTHLY" LaunchYearly = "YEARLY" )
View Source
const ( ExportNessus = "nessus" ExportPDF = "pdf" ExportHTML = "html" ExportCSV = "csv" ExportDB = "db" )
View Source
const (
NessusApiTokenPath = "nessus6.js"
)
Variables ¶
View Source
var (
NessusAPITokenRegex = regexp.MustCompile("([0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12})")
)
Functions ¶
This section is empty.
Types ¶
type AgentGroup ¶
type AgentGroup struct {
ID int64 `json:"id"`
Name string `json:"name"`
OwnerID int64 `json:"owner_id"`
Owner string `json:"owner"`
UserPerms int64 `json:"user_permissions"`
CreationDate int64 `json:"creation_date"`
LastModificationDate int64 `json:"last_modification_date"`
}
AgentGroup The details of an agent group.
type AuditCustomItem ¶
AuditCustomItem custom audit item
type CreatePolicyRequest ¶
type CreatePolicyRequest struct {
UUID string `json:"uuid"`
Audits PolicyAudits `json:"audits"`
Settings PolicySettings `json:"settings"`
}
CreatePolicyRequest Policies are created by sending the below fields.
type CreatePolicyResp ¶
type CreatePolicyResp struct {
PolicyID int64 `json:"policy_id"`
PolicyName string `json:"policy_name"`
}
CreatePolicyResp response body If successful
type FamilyDetails ¶
type Filter ¶
type Filter struct {
Name string `json:"name"`
ReadableName string `json:"readable_name"`
Operators []string `json:"operators"`
Controls []FilterControls `json:"controls"`
}
type FilterControls ¶
type Host ¶
type Host struct {
HostID int64 `json:"host_id"`
HostIdx int64 `json:"host_index"`
Hostname string `json:"hostname"`
Progress string `json:"progress"`
Critical int64 `json:"critical"`
High int64 `json:"high"`
Medium int64 `json:"medium"`
Low int64 `json:"low"`
Info int64 `json:"info"`
TotalChecksConsidered int64 `json:"totalchecksconsidered"`
NumChecksConsidered int64 `json:"numchecksconsidered"`
ScanProgressTotal int64 `json:"scanprogresstotal"`
ScanProgressCurrent int64 `json:"scanprogresscurrent"`
Score int64 `json:"score"`
}
type HostCompliance ¶
type HostCompliance struct {
HostID int64 `json:"host_id"`
Hostname string `json:"hostname"`
PluginID int64 `json:"plugin_id"`
PluginName string `json:"plugin_name"`
PluginFamily string `json:"plugin_family"`
Count int64 `json:"count"`
SeverityIdx int64 `json:"severity_index"`
Severity int64 `json:"severity"`
}
type HostVulnerability ¶
type HostVulnerability struct {
HostID int64 `json:"host_id"`
Hostname string `json:"hostname"`
PluginID int64 `json:"plugin_id"`
PluginName string `json:"plugin_name"`
PluginFamily string `json:"plugin_family"`
Count int64 `json:"count"`
VulnIdx int64 `json:"vuln_index"`
SeverityIdx int64 `json:"severity_index"`
Severity int64 `json:"severity"`
}
type ListScansResponse ¶
type Nessus ¶
type Nessus interface {
SetVerbose(bool)
AuthCookie() string
Request(method string, resource string, js interface{}, wantStatus []int) (resp *http.Response, err error)
Login(username, password string) error
Logout() error
Session() (Session, error)
ServerProperties() (*ServerProperties, error)
ServerStatus() (*ServerStatus, error)
CreateUser(username, password, userType, permissions, name, email string) (*User, error)
ListUsers() ([]User, error)
DeleteUser(userID int) error
SetUserPassword(userID int, password string) error
EditUser(userID int, permissions, name, email string) (*User, error)
PluginFamilies() ([]PluginFamily, error)
FamilyDetails(ID int64) (*FamilyDetails, error)
PluginDetails(ID int64) (*PluginDetails, error)
AllPlugins() (chan PluginDetails, error)
Scanners() ([]Scanner, error)
Policies() ([]Policy, error)
CreatePolicy(policySettings CreatePolicyRequest) (CreatePolicyResp, error)
ConfigurePolicy(id int64, policySettings CreatePolicyRequest) error
DeletePolicy(id int64) error
Upload(filePath string) error
AgentGroups() ([]AgentGroup, error)
NewScan(editorTmplUUID, settingsName string, outputFolderID, policyID, scannerID int64, launch string, targets []string) (*Scan, error)
CreateScan(newScanRequest NewScanRequest) (*Scan, error)
Scans() (*ListScansResponse, error)
ScanTemplates() ([]Template, error)
PolicyTemplates() ([]Template, error)
StartScan(scanID int64) (string, error)
PauseScan(scanID int64) error
ResumeScan(scanID int64) error
StopScan(scanID int64) error
DeleteScan(scanID int64) error
ScanDetails(scanID int64) (*ScanDetailsResp, error)
ConfigureScan(scanID int64, scanSetting NewScanRequest) (*Scan, error)
Timezones() ([]TimeZone, error)
Folders() ([]Folder, error)
CreateFolder(name string) error
EditFolder(folderID int64, newName string) error
DeleteFolder(folderID int64) error
ExportScan(scanID, templateID int64, format string) (int64, error)
ExportFinished(scanID, exportID int64) (bool, error)
DownloadExport(scanID, exportID int64) ([]byte, error)
Permissions(objectType string, objectID int64) ([]Permission, error)
}
Nessus exposes the resources offered via the Tenable Nessus RESTful API.
func NewFingerprintedNessus ¶
NewFingerprintedNessus will return a nessus instance which verifies the api server's certificate by its SHA256 fingerprint (on the RawSubjectPublicKeyInfo and base64 encoded) against a whitelist of good certFingerprints. Fingerprint verification will enable InsecureSkipVerify.
func NewInsecureNessus ¶
NewInsecureNessus will return a nessus instance which does not check for the api certificate validity, do not use in production environment.
func NewInsecureNessusWithAPICredentials ¶
NewInsecureNessusWithAPICredentials will return a nessus instance which does not check for the api certificate validity, and also injects an API token header. This replaces the standard 'Cookie' login mechanism.
type NewScanRequest ¶
type NewScanRequest struct {
UUID string `json:"uuid"`
Settings ScanSettingsRequest `json:"settings"`
}
type Permission ¶
type PluginAttr ¶
type PluginDetails ¶
type PluginDetails struct {
Plugin
FamilyName string `json:"family_name"`
Attrs []PluginAttr `json:"attributes"`
}
type PluginFamilies ¶
type PluginFamilies struct {
Families []PluginFamily `json:"families"`
}
type PluginFamily ¶
type PluginOutput ¶
type Policy ¶
type Policy struct {
ID int64 `json:"id"`
TemplateUUID string `json:"template_uuid"`
Name string `json:"name"`
Desc string `json:"description"`
OwnerID int64 `json:"owner_id"`
Owner string `json:"owner"`
UserPerms int64 `json:"user_permissions"`
CreationDate int64 `json:"creation_date"`
LastModificationDate int64 `json:"last_modification_date"`
Visibility string `json:"visibility"`
NoTarget string `json:"no_target"`
}
type PolicyAudits ¶
type PolicyAudits struct {
Custom interface{} `json:"custom"`
Feed interface{} `json:"feed"`
}
type PolicySettings ¶
type PolicySettings struct {
UnixfileanalysisDisableXdev string `json:"unixfileanalysis_disable_xdev"`
UnixfileanalysisIncludePaths string `json:"unixfileanalysis_include_paths"`
UnixfileanalysisExcludePaths string `json:"unixfileanalysis_exclude_paths"`
UnixfileanalysisFileExtensions string `json:"unixfileanalysis_file_extensions"`
UnixfileanalysisMaxSize string `json:"unixfileanalysis_max_size"`
UnixfileanalysisMaxCumulativeSize string `json:"unixfileanalysis_max_cumulative_size"`
UnixfileanalysisMaxDepth string `json:"unixfileanalysis_max_depth"`
StaggeredStartMins string `json:"staggered_start_mins"`
LogWholeAttack string `json:"log_whole_attack"`
EnablePluginDebugging string `json:"enable_plugin_debugging"`
AuditTrail string `json:"audit_trail"`
IncludeKb string `json:"include_kb"`
EnablePluginList string `json:"enable_plugin_list"`
AllowPostScanEditing string `json:"allow_post_scan_editing"`
WmiNetstatScanner string `json:"wmi_netstat_scanner"`
SSHNetstatScanner string `json:"ssh_netstat_scanner"`
Acls []Acls `json:"acls"`
Name string `json:"name"`
Description string `json:"description"`
}
type Remediation ¶
type Scan ¶
type Scan struct {
ID int64 `json:"id"`
UUID string `json:"uuid"`
Name string `json:"name"`
Owner string `json:"owner"`
UserPermissions int64 `json:"user_permissions"`
CreationDate int64 `json:"creation_date"`
LastModificationDate int64 `json:"last_modification_date"`
StartTime string `json:"starttime"`
TimeZone string `json:"timezone"`
RRules string `json:"rrules"`
ContainerID int `json:"container_id"`
Description string `json:"description"`
PolicyID int `json:"policy_id"`
ScannerID int `json:"scanner_id"`
Emails string `json:"emails"`
AttachReport int `json:"attach_report"`
AttachedReportMaximumSize int `json:"attached_report_maximum_size"`
AttachedReportType interface{} `json:"attached_report_type"`
Sms interface{} `json:"sms"`
Enabled int `json:"enabled"`
UseDashboard int `json:"use_dashboard"`
DashboardFile interface{} `json:"dashboard_file"`
LiveResults int `json:"live_results"`
ScanTimeWindow int `json:"scan_time_window"`
CustomTargets string `json:"custom_targets"`
Migrated int `json:"migrated"`
LastScheduledRun string `json:"last_scheduled_run"`
NotificationFilters interface{} `json:"notification_filters"`
TagID int `json:"tag_id"`
DefaultPermisssions int `json:"default_permisssions"`
OwnerID int `json:"owner_id"`
Type string `json:"type"`
}
Scan resource.
type ScanDetailsResp ¶
type ScanDetailsResp struct {
UUID string `json:"scan_uuid"`
Info struct {
EditAllowed bool `json:"edit_allowed"`
Status string `json:"status"`
Policy string `json:"policy"`
PCICanUpload bool `json:"pci-can-upload"`
HasAuditTrail bool `json:"hasaudittrail"`
ScanStart int64 `json:"scan_start"`
FolderID int64 `json:"folder_id"`
Targets string `json:"targets"`
Timestamp int64 `json:"timestamp"`
ObjectID int64 `json:"object_id"`
ScannerName string `json:"scanner_name"`
HasKB bool `json:"haskb"`
UUID string `json:"uuid"`
HostCount int64 `json:"hostcount"`
// TODO: why does this flip between string/int64?
// ScanEnd int64 `json:"scan_end"`
Name string `json:"name"`
UserPerms int64 `json:"user_permissions"`
Control bool `json:"control"`
} `json:"info"`
Hosts []Host `json:"hosts"`
CompHosts []Host `json:"comphosts"`
// TODO: this does not always return the same data!
// Notes []Note `json:"notes"`
Remediations struct {
Remediation Remediation `json:"remediation"`
} `json:"remediations"`
NumHosts int64 `json:"num_hosts"`
NumCVEs int64 `json:"num_cves"`
NumImpactedHosts int64 `json:"num_impacted_hosts"`
NumRemediatedCVEs int64 `json:"num_remediated_cves"`
Vulnerabilities []Vulnerability `json:"vulnerabilities"`
Compliance []Vulnerability `json:"compliance"`
History []History `json:"history"`
Filters []Filter `json:"filters"`
}
type ScanSettingsRequest ¶
type ScanSettingsRequest struct {
Acls []Acls `json:"acls"`
Emails string `json:"emails"`
FilterType string `json:"filter_type"`
Filters []interface{} `json:"filters"`
Launch string `json:"launch"`
LaunchNow bool `json:"launch_now"`
Enabled bool `json:"enabled"`
UseDashboard string `json:"use_dashboard"`
Name string `json:"name"`
Description string `json:"description"`
FolderID int64 `json:"folder_id"`
ScannerID int64 `json:"scanner_id"`
AgentGroupID []string `json:"agent_group_id"`
ScanTimeWindow int64 `json:"scan_time_window"`
PolicyID int64 `json:"policy_id"`
TextTargets string `json:"text_targets"`
FileTargets string `json:"file_targets"`
RRules string `json:"rrules"`
TimeZone string `json:"timezone"`
StartTime string `json:"starttime"`
}
type Scanner ¶
type Scanner struct {
ID int64 `json:"id"`
UUID string `json:"uuid"`
Name string `json:"name"`
Type string `json:"type"`
Status string `json:"status"`
ScanCount int64 `json:"scan_count"`
EngineVersion string `json:"engine_version"`
Platform string `json:"platform"`
LoadedPluginSet string `json:"loaded_plugin_set"`
RegistrationCode string `json:"registration_code"`
Owner string `json:"owner"`
}
type ServerProperties ¶
type ServerProperties struct {
Token string `json:"token"`
NessusType string `json:"nessus_type"`
NessusUIVersion string `json:"nessus_ui_version"`
ServerVersion string `json:"server_version"`
Feed string `json:"feed"`
Enterprise bool `json:"enterprise"`
LoadedPluginSet string `json:"loaded_plugin_set"`
ServerUUID string `json:"server_uuid"`
Expiration int64 `json:"expiration"`
Notifications []struct {
Type string `json:"type"`
Msg string `json:"message"`
} `json:"notifications"`
ExpirationTime int64 `json:"expiration_time"`
Capabilities struct {
MultiScanner bool `json:"multi_scanner"`
ReportEmailConfig bool `json:"report_email_config"`
} `json:"capabilities"`
PluginSet string `json:"plugin_set"`
IdleTImeout int64 `json:"idle_timeout"`
ScannerBoottime int64 `json:"scanner_boottime"`
LoginBanner bool `json:"login_banner"`
}
ServerProperties is the structure returned by the ServerProperties() method.
type ServerStatus ¶
type ServerStatus struct {
Status string `json:"status"`
Progress int64 `json:"progress"`
MustDestroySession bool
}
ServerStatus is the stucture returned by the ServerStatus() method.
type Template ¶
type Template struct {
// The uuid for the template.
UUID string `json:"uuid"`
// The short name of the template.
Name string `json:"name"`
// The long name of the template.
Title string `json:"title"`
// The description of the template.
Desc string `json:"description"`
// If true, template is only available on the cloud.
CloudOnly bool `json:"cloud_only"`
// If true, the template is only available for subscribers.
SubscriptionOnly bool `json:"subscription_only"`
// If true, the template is for agent scans.
IsAgent bool `json:"is_agent"`
// An external URL to link the template to.
MoreInfo string `json:"more_info"`
}
Template is used to create scans or policies with predefined parameters.
type TemplateDisplayGroup ¶
type TemplateFormInput ¶
type TemplateMode ¶
type TemplatePluginFamily ¶
type TemplateSection ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.