tenable-scan-launcher

module

v0.0.0-...-6006eb2 Latest Latest Go to latest Published: Aug 12, 2022 License: MIT

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Invoca/tenable-scan-launcher

Links

Open Source Insights

README ¶

Tenable-Scan-Launcher

This scan launcher collects the private IP addresses of Google Cloud and AWS instances and then launches a tenable scan with the option to download the scan as a pdf.

Installation

Installing this repo is as simple as cloning the repo into your $Go/src/github.com directory.

git clone git@github.com:Invoca/tenable-scan-launcher.git

Usage

Running

There are three methods to run the scan launcher. With Docker, the executable file, and in Kubernetes. To run it in kubernetes, modify the manifests in the examples/manifests directory and then apply them.
Docker:

    docker run invoca:SOMETHING

Shell:

  go build -mod=readonly -o $PWD/tenable-scan-launcher $PWD/cmd/tenable-scan-launcher
  ./tenable-scan-launcher $FLAGS

Flags

The scanner will list private IPs from all regions of each cloud provider given. To enable AWS, include the --include_aws flag. It will use the shared aws configuration settings, so it will use the standard order of precedence for AWS service accounts. To include Google Cloud, use the --include_gcloud flag and be sure to specify the service account file location with --gcloud_json and the desired project with --gcloud_project.

The following Tenable flags are needed to preform a scan:

--tenable-access-key which is the access key generated from https://cloud.tenable.com/#/ .
--tenable-secret-key is the secret key generated from https://cloud.tenable.com/#/
--scanner_id is the scanner to id of the scanner to use.

Reports

Flag	Description
`--generate_report`	Generates a report. Supported values are `true` or `false`. Defaults to false.
`--format`	Specifies the format of the report. Formats are Nessus, HTML, PDF, CSV, or DB. Defaults to empty string
`--report-file-location`	The file location to save the file. Default is the empty string.
`--chapters`	Specify which chapters of the report to use. Supported chapters are `vuln_hosts_summary`, `vuln_by_host`, `compliance_exec`, `remediations`, `vuln_by_plugin`, `compliance`. Has to be a semi-colon delimited list. Defaults to empty string.
`--summary-report`	Only includes the `vuln_hosts_summary` chapter
`--full-report`	Includes all chapters

Note that --summary-report will override --chapters and --full-report overrides --summary-report

Filtering

In order to filter on the severity within the report, include the --[low,medium,high,critical]_severity flags. The search filter can be modified with --search_type. The supported values are and and or. It is not recommended changing it to the and type since each vulnerability can only have a single severity level.

Logging

Log level can be specified with --log-level. The levels are trace, info, fatal, panic, warn, and debug. Log format can be specified with --log-type. The supported types are json, and text.

Contributions

Contributions to this project are always welcome! Please read our Contribution Guidelines before starting any work.

Directories ¶

Path	Synopsis
cmd
tenable-scan-launcher
pkg
aws
config
gcloud
mocks
runner
slack
tenable
wrapper

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL