├── README.md └── nmap2ness.py /README.md: -------------------------------------------------------------------------------- 1 | Prerequisites 2 | ``` 3 | pip install requests --upgrade 4 | ``` 5 | 6 | 7 | sudo python nmap2ness.py -h 8 | usage: nmap2ness.py [-h] [-s HOSTIP] [-n SCANID] [-u USERNAME] [-p PASSWORD] 9 | [-i INFILE] [-o OUTFILE] 10 | ``` 11 | optional arguments: 12 | -h, --help show this help message and exit 13 | -s HOSTIP [nessus server IP] 14 | -u USERNAME [username] 15 | -p PASSWORD [password] 16 | -t TEMPLATEFILE [Nessus template name to use] 17 | -i INFILE [nmap xml file] 18 | -n SCANID [lookup job based on scan_id (optional)] 19 | -o OUTFILE [nessus report (csv) (optional)] 20 | ``` 21 | 22 | #####Start a nessus scan by connecting to Nessus server 127.0.0.1 23 | 24 | sudo python nmap2ness.py -u root -p 1234 -i nmapt_target.xml -s 127.0.0.1 25 | ``` 26 | - Launching new Nessus scan 27 | - Extracting ports from nmapt_target.xml 28 | - Modifying Nessus policy 29 | - Logging into Nessus 30 | - Uploading Policy 31 | - Starting Nessus Scan 32 | - Checking Job Status: 224 : running 33 | - Checking Job Status: 224 : running 34 | - Checking Job Status: 224 : running 35 | - Checking Job Status: 224 : running 36 | - Checking Job Status: 224 : running 37 | - Checking Job Status: 224 : running 38 | - Checking Job Status: 224 : paused 39 | - Checking Job Status: 224 : paused 40 | - Checking Job Status: 224 : paused 41 | - Checking Job Status: 224 : paused 42 | - Checking Job Status: 224 : paused 43 | - Checking Job Status: 224 : canceled 44 | 45 | - Summary of Results (Critical/High/Medium) 46 | Critical 176.28.50.165:80 PHP Unsupported Version Detection 47 | High 176.28.50.165:80 PHP 5.3.x < 5.3.29 Multiple Vulnerabilities 48 | Medium 176.28.50.165:110 SSL Certificate Expiry 49 | Medium 176.28.50.165:110 SSL Certificate Cannot Be Trusted 50 | Medium 176.28.50.165:110 SSL Self-Signed Certificate 51 | Medium 176.28.50.165:143 SSL Certificate Expiry 52 | Medium 176.28.50.165:143 SSL Certificate Cannot Be Trusted 53 | Medium 176.28.50.165:143 SSL Self-Signed Certificate 54 | Medium 176.28.50.165:25 SSL Certificate Expiry 55 | Medium 176.28.50.165:25 SSL Certificate Cannot Be Trusted 56 | Medium 176.28.50.165:25 SSL Self-Signed Certificate 57 | Medium 176.28.50.165:465 SSL Certificate Expiry 58 | Medium 176.28.50.165:465 SSL Version 2 and 3 Protocol Detection 59 | Medium 176.28.50.165:465 SSL Certificate Cannot Be Trusted 60 | Medium 176.28.50.165:465 SSL Self-Signed Certificate 61 | Medium 176.28.50.165:465 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 62 | Medium 176.28.50.165:993 SSL Certificate Expiry 63 | Medium 176.28.50.165:993 SSL Version 2 and 3 Protocol Detection 64 | Medium 176.28.50.165:993 SSL Weak Cipher Suites Supported 65 | Medium 176.28.50.165:993 SSL Medium Strength Cipher Suites Supported 66 | Medium 176.28.50.165:993 SSL Certificate Cannot Be Trusted 67 | Medium 176.28.50.165:993 SSL Self-Signed Certificate 68 | Medium 176.28.50.165:993 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 69 | Medium 176.28.50.165:995 SSL Certificate Expiry 70 | Medium 176.28.50.165:995 SSL Version 2 and 3 Protocol Detection 71 | Medium 176.28.50.165:995 SSL Weak Cipher Suites Supported 72 | Medium 176.28.50.165:995 SSL Medium Strength Cipher Suites Supported 73 | Medium 176.28.50.165:995 SSL Certificate Cannot Be Trusted 74 | Medium 176.28.50.165:995 SSL Self-Signed Certificate 75 | Medium 176.28.50.165:995 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 76 | 77 | - Nessus report has been saved to: report.csv 78 | ``` 79 | #####If you have started a Nessus job but the scripts accidentally gets terminated, you can connect back to the Nessus server by specifying the Scan_ID using the -n parameter 80 | 81 | sudo python nmap2ness.py -u root -p 1234 -n 224 82 | ``` 83 | - Logging into Nessus 84 | - Starting Nessus Scan 85 | - Checking Job Status: 224 : running 86 | - Checking Job Status: 224 : running 87 | - Checking Job Status: 224 : running 88 | - Checking Job Status: 224 : running 89 | - Checking Job Status: 224 : running 90 | - Checking Job Status: 224 : running 91 | - Checking Job Status: 224 : paused 92 | - Checking Job Status: 224 : paused 93 | - Checking Job Status: 224 : paused 94 | - Checking Job Status: 224 : paused 95 | - Checking Job Status: 224 : paused 96 | - Checking Job Status: 224 : canceled 97 | 98 | - Summary of Results (Critical/High/Medium) 99 | Critical 176.28.50.165:80 PHP Unsupported Version Detection 100 | High 176.28.50.165:80 PHP 5.3.x < 5.3.29 Multiple Vulnerabilities 101 | Medium 176.28.50.165:110 SSL Certificate Expiry 102 | Medium 176.28.50.165:110 SSL Certificate Cannot Be Trusted 103 | Medium 176.28.50.165:110 SSL Self-Signed Certificate 104 | Medium 176.28.50.165:143 SSL Certificate Expiry 105 | Medium 176.28.50.165:143 SSL Certificate Cannot Be Trusted 106 | Medium 176.28.50.165:143 SSL Self-Signed Certificate 107 | Medium 176.28.50.165:25 SSL Certificate Expiry 108 | Medium 176.28.50.165:25 SSL Certificate Cannot Be Trusted 109 | Medium 176.28.50.165:25 SSL Self-Signed Certificate 110 | Medium 176.28.50.165:465 SSL Certificate Expiry 111 | Medium 176.28.50.165:465 SSL Version 2 and 3 Protocol Detection 112 | Medium 176.28.50.165:465 SSL Certificate Cannot Be Trusted 113 | Medium 176.28.50.165:465 SSL Self-Signed Certificate 114 | Medium 176.28.50.165:465 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 115 | Medium 176.28.50.165:993 SSL Certificate Expiry 116 | Medium 176.28.50.165:993 SSL Version 2 and 3 Protocol Detection 117 | Medium 176.28.50.165:993 SSL Weak Cipher Suites Supported 118 | Medium 176.28.50.165:993 SSL Medium Strength Cipher Suites Supported 119 | Medium 176.28.50.165:993 SSL Certificate Cannot Be Trusted 120 | Medium 176.28.50.165:993 SSL Self-Signed Certificate 121 | Medium 176.28.50.165:993 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 122 | Medium 176.28.50.165:995 SSL Certificate Expiry 123 | Medium 176.28.50.165:995 SSL Version 2 and 3 Protocol Detection 124 | Medium 176.28.50.165:995 SSL Weak Cipher Suites Supported 125 | Medium 176.28.50.165:995 SSL Medium Strength Cipher Suites Supported 126 | Medium 176.28.50.165:995 SSL Certificate Cannot Be Trusted 127 | Medium 176.28.50.165:995 SSL Self-Signed Certificate 128 | Medium 176.28.50.165:995 SSLv3 Padding Oracle On Downgraded Legacy Encryption Vulnerability (POODLE) 129 | 130 | - Nessus report has been saved to: report.csv 131 | ``` 132 | 133 | -------------------------------------------------------------------------------- /nmap2ness.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import urllib 3 | import argparse 4 | import operator 5 | import requests 6 | from StringIO import StringIO 7 | import json 8 | import time 9 | import sys 10 | import uuid 11 | import requesocks 12 | from lxml import etree 13 | import lxml.etree as et 14 | import xml.etree.ElementTree as ET 15 | import csv 16 | 17 | requests.packages.urllib3.disable_warnings() 18 | defaultNessusPolicy=" private root 10180 Ping the remote host Ping the remote host[checkbox]:Interpret ICMP unreach from gateway checkbox Interpret ICMP unreach from gateway no no 10180 Ping the remote host Ping the remote host[checkbox]:Fast network discovery checkbox Fast network discovery no no 10180 Ping the remote host Ping the remote host[checkbox]:Test the local Nessus host checkbox Test the local Nessus host yes yes 10180 Ping the remote host Ping the remote host[checkbox]:Log live hosts in the report checkbox Log live hosts in the report no no 10180 Ping the remote host Ping the remote host[checkbox]:Make the dead hosts appear in the report checkbox Make the dead hosts appear in the report no no 10180 Ping the remote host Ping the remote host[checkbox]:Do an applicative UDP ping (DNS,RPC...) checkbox Do an applicative UDP ping (DNS,RPC...) no no 10180 Ping the remote host Ping the remote host[entry]:Number of retries (ICMP) : entry Number of retries (ICMP) : 2 2 10180 Ping the remote host Ping the remote host[checkbox]:Do an ICMP ping checkbox Do an ICMP ping yes yes 10180 Ping the remote host Ping the remote host[checkbox]:Do a TCP ping checkbox Do a TCP ping yes yes 10180 Ping the remote host Ping the remote host[checkbox]:Do an ARP ping checkbox Do an ARP ping yes yes 10180 Ping the remote host Ping the remote host[entry]:TCP ping destination port(s) : entry TCP ping destination port(s) : built-in built-in 10335 Nessus TCP scanner Nessus TCP scanner[radio]:Firewall detection : radio Firewall detection : Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) 10399 SMB Use Domain SID to Enumerate Users SMB Use Domain SID to Enumerate Users[entry]:End UID : entry End UID : 1200 1200 10399 SMB Use Domain SID to Enumerate Users SMB Use Domain SID to Enumerate Users[entry]:Start UID : entry Start UID : 1000 1000 10662 Web mirroring Web mirroring[checkbox]:Follow dynamic pages : checkbox Follow dynamic pages : no 10662 Web mirroring Web mirroring[entry]:Excluded items regex : entry Excluded items regex : /server_privileges\.php|logout 10662 Web mirroring Web mirroring[entry]:Start page : entry Start page : / 10662 Web mirroring Web mirroring[entry]:Maximum depth : entry Maximum depth : 6 10662 Web mirroring Web mirroring[entry]:Number of pages to mirror : entry Number of pages to mirror : 1000 10860 SMB Use Host SID to Enumerate Local Users SMB Use Host SID to Enumerate Local Users[entry]:End UID : entry End UID : 1200 1200 10860 SMB Use Host SID to Enumerate Local Users SMB Use Host SID to Enumerate Local Users[entry]:Start UID : entry Start UID : 1000 1000 10870 Login configurations Login configurations[checkbox]:Only use Kerberos authentication for SMB checkbox Only use Kerberos authentication for SMB no 10870 Login configurations Login configurations[checkbox]:Only use NTLMv2 checkbox Only use NTLMv2 no yes 10870 Login configurations Login configurations[checkbox]:Never send SMB credentials in clear text checkbox Never send SMB credentials in clear text yes yes 10870 Login configurations Login configurations[entry]:Additional SMB domain (optional) (3) : entry Additional SMB domain (optional) (3) : 10870 Login configurations Login configurations[password]:Additional SMB password (3) : password Additional SMB password (3) : 10870 Login configurations Login configurations[entry]:Additional SMB account (3) : entry Additional SMB account (3) : 10870 Login configurations Login configurations[entry]:Additional SMB domain (optional) (2) : entry Additional SMB domain (optional) (2) : 10870 Login configurations Login configurations[password]:Additional SMB password (2) : password Additional SMB password (2) : 10870 Login configurations Login configurations[entry]:Additional SMB account (2) : entry Additional SMB account (2) : 10870 Login configurations Login configurations[entry]:Additional SMB domain (optional) (1) : entry Additional SMB domain (optional) (1) : 10870 Login configurations Login configurations[password]:Additional SMB password (1) : password Additional SMB password (1) : 10870 Login configurations Login configurations[entry]:Additional SMB account (1) : entry Additional SMB account (1) : 10870 Login configurations Login configurations[radio]:SMB password type : radio SMB password type : Password;LM Hash;NTLM Hash 10870 Login configurations Login configurations[entry]:SMB domain (optional) : entry SMB domain (optional) : 10870 Login configurations Login configurations[password]:SMB password : password SMB password : 10870 Login configurations Login configurations[entry]:SMB account : entry SMB account : 10870 Login configurations Login configurations[password]:IPMI password (sent in clear) : password IPMI password (sent in clear) : 10870 Login configurations Login configurations[entry]:IPMI account : entry IPMI account : 10870 Login configurations Login configurations[password]:IMAP password (sent in clear) : password IMAP password (sent in clear) : 10870 Login configurations Login configurations[entry]:IMAP account : entry IMAP account : 10870 Login configurations Login configurations[password]:POP3 password (sent in clear) : password POP3 password (sent in clear) : 10870 Login configurations Login configurations[entry]:POP3 account : entry POP3 account : 10870 Login configurations Login configurations[password]:POP2 password (sent in clear) : password POP2 password (sent in clear) : 10870 Login configurations Login configurations[entry]:POP2 account : entry POP2 account : 10870 Login configurations Login configurations[entry]:FTP writeable directory : entry FTP writeable directory : /incoming 10870 Login configurations Login configurations[password]:FTP password (sent in clear) : password FTP password (sent in clear) : nessus@nessus.org 10870 Login configurations Login configurations[entry]:FTP account : entry FTP account : anonymous 10870 Login configurations Login configurations[password]:NNTP password (sent in clear) : password NNTP password (sent in clear) : 10870 Login configurations Login configurations[entry]:NNTP account : entry NNTP account : 10870 Login configurations Login configurations[password]:HTTP password (sent in clear) : password HTTP password (sent in clear) : 10870 Login configurations Login configurations[entry]:HTTP account : entry HTTP account : 10917 SMB Scope SMB Scope[checkbox]:Request information about the domain checkbox Request information about the domain yes yes 11038 SMTP settings SMTP settings[entry]:To address : entry To address : postmaster@[AUTO_REPLACED_IP] postmaster@[AUTO_REPLACED_IP] 11038 SMTP settings SMTP settings[entry]:From address : entry From address : nobody@example.com nobody@example.com 11038 SMTP settings SMTP settings[entry]:Third party domain : entry Third party domain : example.com example.com 11149 HTTP login page HTTP login page[checkbox]:Abort web application tests if login fails checkbox Abort web application tests if login fails no 11149 HTTP login page HTTP login page[checkbox]:Case insensitive regex checkbox Case insensitive regex no no 11149 HTTP login page HTTP login page[checkbox]:Match regex on HTTP headers checkbox Match regex on HTTP headers no no 11149 HTTP login page HTTP login page[checkbox]:Invert test (disconnected if regex matches) checkbox Invert test (disconnected if regex matches) no no 11149 HTTP login page HTTP login page[entry]:Authenticated regex : entry Authenticated regex : 11149 HTTP login page HTTP login page[entry]:Follow 30x redirections (# of levels) : entry Follow 30x redirections (# of levels) : 2 0 11149 HTTP login page HTTP login page[entry]:Check authentication on page : entry Check authentication on page : 11149 HTTP login page HTTP login page[entry]:Re-authenticate delay (seconds) : entry Re-authenticate delay (seconds) : 11149 HTTP login page HTTP login page[checkbox]:Automated login page search checkbox Automated login page search no 11149 HTTP login page HTTP login page[radio]:Login form method : radio Login form method : POST;GET POST 11149 HTTP login page HTTP login page[entry]:Login form fields : entry Login form fields : user=%USER%&pass=%PASS% 11149 HTTP login page HTTP login page[entry]:Login form : entry Login form : 11149 HTTP login page HTTP login page[entry]:Login page : entry Login page : / 11219 Nessus SYN scanner Nessus SYN scanner[radio]:Firewall detection : radio Firewall detection : Automatic (normal);Disabled (softer);Do not detect RST rate limitation (soft);Ignore closed ports (aggressive) Automatic (normal) 12288 Global variable settings Global variable settings[checkbox]:Enable CRL checking (connects to Internet) checkbox Enable CRL checking (connects to Internet) no no 12288 Global variable settings Global variable settings[checkbox]:Enumerate all SSL ciphers checkbox Enumerate all SSL ciphers yes yes 12288 Global variable settings Global variable settings[password]:SSL password for SSL key : password SSL password for SSL key : 12288 Global variable settings Global variable settings[file]:SSL key to use : file SSL key to use : 12288 Global variable settings Global variable settings[file]:SSL CA to trust : file SSL CA to trust : 12288 Global variable settings Global variable settings[file]:SSL certificate to use : file SSL certificate to use : 12288 Global variable settings Global variable settings[entry]:HTTP User-Agent entry HTTP User-Agent Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) 12288 Global variable settings Global variable settings[radio]:Report paranoia radio Report paranoia Normal;Avoid false alarms;Paranoid (more false alarms) Normal 12288 Global variable settings Global variable settings[radio]:Report verbosity radio Report verbosity Normal;Quiet;Verbose Normal 12288 Global variable settings Global variable settings[checkbox]:Thorough tests (slow) checkbox Thorough tests (slow) no no 12288 Global variable settings Global variable settings[checkbox]:Enable experimental scripts checkbox Enable experimental scripts no 12288 Global variable settings Global variable settings[radio]:Network type radio Network type Mixed (use RFC 1918);Private LAN;Public WAN (Internet) Mixed (use RFC 1918) 12288 Global variable settings Global variable settings[checkbox]:Enable CGI scanning checkbox Enable CGI scanning no no 12288 Global variable settings Global variable settings[checkbox]:Do not log in with user accounts not specified in the policy checkbox Do not log in with user accounts not specified in the policy no yes 12288 Global variable settings Global variable settings[checkbox]:Probe services on every port checkbox Probe services on every port yes yes 14273 SSH settings SSH settings[password]:Additional SSH password (5) : password Additional SSH password (5) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (5) : entry Additional SSH user name (5) : 14273 SSH settings SSH settings[password]:Additional SSH password (4) : password Additional SSH password (4) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (4) : entry Additional SSH user name (4) : 14273 SSH settings SSH settings[password]:Additional SSH password (3) : password Additional SSH password (3) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (3) : entry Additional SSH user name (3) : 14273 SSH settings SSH settings[password]:Additional SSH password (2) : password Additional SSH password (2) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (2) : entry Additional SSH user name (2) : 14273 SSH settings SSH settings[password]:Additional SSH password (1) : password Additional SSH password (1) : 14273 SSH settings SSH settings[entry]:Additional SSH user name (1) : entry Additional SSH user name (1) : 14273 SSH settings SSH settings[entry]:Client version : entry Client version : OpenSSH_5.0 OpenSSH_5.0 14273 SSH settings SSH settings[entry]:Preferred SSH port : entry Preferred SSH port : 22 22 14273 SSH settings SSH settings[file]:SSH known_hosts file : file SSH known_hosts file : 14273 SSH settings SSH settings[password]:Escalation password : password Escalation password : 14273 SSH settings SSH settings[entry]:Escalation account : entry Escalation account : root 14273 SSH settings SSH settings[entry]:su login : entry su login : 14273 SSH settings SSH settings[entry]:Privilege elevation binary path (directory) : entry Privilege elevation binary path (directory) : 14273 SSH settings SSH settings[radio]:Elevate privileges with : radio Elevate privileges with : Nothing;sudo;su;su+sudo;dzdo;pbrun;Cisco 'enable' 14273 SSH settings SSH settings[password]:Passphrase for SSH key : password Passphrase for SSH key : 14273 SSH settings SSH settings[file]:SSH private key to use : file SSH private key to use : 14273 SSH settings SSH settings[file]:SSH public key to use : file SSH public key to use : 14273 SSH settings SSH settings[password]:SSH password (unsafe!) : password SSH password (unsafe!) : 14273 SSH settings SSH settings[entry]:SSH user name : entry SSH user name : root 16193 Antivirus Software Check Antivirus Software Check[entry]:Delay (in days, between 0 and 7) : entry Delay (in days, between 0 and 7) : 0 0 17351 Kerberos configuration Kerberos configuration[entry]:Kerberos Realm (SSH only) : entry Kerberos Realm (SSH only) : 17351 Kerberos configuration Kerberos configuration[radio]:Kerberos KDC Transport : radio Kerberos KDC Transport : tcp 17351 Kerberos configuration Kerberos configuration[entry]:Kerberos KDC Port : entry Kerberos KDC Port : 88 17351 Kerberos configuration Kerberos configuration[entry]:Kerberos Key Distribution Center (KDC) : entry Kerberos Key Distribution Center (KDC) : 19762 SNMP settings SNMP settings[radio]:SNMPv3 privacy algorithm : radio SNMPv3 privacy algorithm : AES;DES 19762 SNMP settings SNMP settings[password]:SNMPv3 privacy password : password SNMPv3 privacy password : 19762 SNMP settings SNMP settings[radio]:SNMPv3 authentication algorithm : radio SNMPv3 authentication algorithm : MD5;SHA1 19762 SNMP settings SNMP settings[password]:SNMPv3 authentication password : password SNMPv3 authentication password : 19762 SNMP settings SNMP settings[entry]:SNMPv3 user name : entry SNMPv3 user name : 19762 SNMP settings SNMP settings[entry]:Additional UDP port (3) : entry Additional UDP port (3) : 161 19762 SNMP settings SNMP settings[entry]:Additional UDP port (2) : entry Additional UDP port (2) : 161 19762 SNMP settings SNMP settings[entry]:Additional UDP port (1) : entry Additional UDP port (1) : 161 19762 SNMP settings SNMP settings[entry]:UDP port : entry UDP port : 161 161 19762 SNMP settings SNMP settings[entry]:Community name (3) : entry Community name (3) : 19762 SNMP settings SNMP settings[entry]:Community name (2) : entry Community name (2) : 19762 SNMP settings SNMP settings[entry]:Community name (1) : entry Community name (1) : 19762 SNMP settings SNMP settings[entry]:Community name : entry Community name : public 21744 Cleartext protocols settings Cleartext protocols settings[checkbox]:Try to perform patch level checks over rexec checkbox Try to perform patch level checks over rexec no no 21744 Cleartext protocols settings Cleartext protocols settings[checkbox]:Try to perform patch level checks over rsh checkbox Try to perform patch level checks over rsh no no 21744 Cleartext protocols settings Cleartext protocols settings[checkbox]:Try to perform patch level checks over telnet checkbox Try to perform patch level checks over telnet no no 21744 Cleartext protocols settings Cleartext protocols settings[password]:Password (unsafe!) : password Password (unsafe!) : 21744 Cleartext protocols settings Cleartext protocols settings[entry]:User name : entry User name : 22076 Oracle Settings Oracle Settings[checkbox]:Test default accounts (slow) checkbox Test default accounts (slow) no no 22076 Oracle Settings Oracle Settings[entry]:Oracle SID : entry Oracle SID : 22481 Do not scan fragile devices Do not scan fragile devices[checkbox]:Scan Novell Netware hosts checkbox Scan Novell Netware hosts no no 22481 Do not scan fragile devices Do not scan fragile devices[checkbox]:Scan Network Printers checkbox Scan Network Printers no no 22964 Service Detection Service Detection[radio]:Test SSL based services radio Test SSL based services Known SSL ports;All;None Known SSL ports 33812 Port scanners settings Port scanners settings[checkbox]:Only run network port scanners if local port enumeration failed checkbox Only run network port scanners if local port enumeration failed yes yes 33812 Port scanners settings Port scanners settings[checkbox]:Check open TCP ports found by local port enumerators checkbox Check open TCP ports found by local port enumerators no no 33815 Database settings Database settings[radio]:SQL Server auth type: radio SQL Server auth type: Windows;SQL 33815 Database settings Database settings[radio]:Oracle auth type: radio Oracle auth type: NORMAL;SYSOPER;SYSDBA 33815 Database settings Database settings[entry]:Database port to use : entry Database port to use : 33815 Database settings Database settings[entry]:Database SID : entry Database SID : 33815 Database settings Database settings[radio]:DB Type : radio DB Type : Oracle;SQL Server;MySQL;DB2;Informix/DRDA;PostgreSQL 33815 Database settings Database settings[password]:Password : password Password : 33815 Database settings Database settings[entry]:Login : entry Login : 35703 SMB Registry : Start the Registry Service during the scan SMB Registry : Start the Registry Service during the scan[checkbox]:Enable administrative shares during the scan checkbox Enable administrative shares during the scan no no 35703 SMB Registry : Start the Registry Service during the scan SMB Registry : Start the Registry Service during the scan[checkbox]:Start the registry service during the scan checkbox Start the registry service during the scan no no 39471 Web Application Tests Settings Web Application Tests Settings[entry]:URL for Remote File Inclusion : entry URL for Remote File Inclusion : http://rfi.nessus.org/rfi.txt 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:Test embedded web servers checkbox Test embedded web servers no 39471 Web Application Tests Settings Web Application Tests Settings[radio]:Stop at first flaw radio Stop at first flaw per CGI;per port (quicker);per parameter (slow);look for all flaws (slower) 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:HTTP Parameter Pollution checkbox HTTP Parameter Pollution no 39471 Web Application Tests Settings Web Application Tests Settings[radio]:Combinations of arguments values radio Combinations of arguments values one value;some pairs;all pairs (slower but efficient);some combinations;all combinations (extremely slow) 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:Try all HTTP methods checkbox Try all HTTP methods no 39471 Web Application Tests Settings Web Application Tests Settings[entry]:Maximum run time (min) : entry Maximum run time (min) : 60 39471 Web Application Tests Settings Web Application Tests Settings[checkbox]:Enable web applications tests checkbox Enable web applications tests no 42893 HTTP cookies import HTTP cookies import[file]:Cookies file : file Cookies file : 52616 Wake-on-LAN Wake-on-LAN[entry]:Time to wait (in minutes) for the systems to boot: entry Time to wait (in minutes) for the systems to boot: 5 5 52616 Wake-on-LAN Wake-on-LAN[file]:List of MAC addresses for Wake-on-LAN: file List of MAC addresses for Wake-on-LAN: 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[password]:SCCM Password : password SCCM Password : 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[entry]:SCCM Username : entry SCCM Username : 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[entry]:SCCM Domain : entry SCCM Domain : 57029 Patch Management: SCCM Server Settings Patch Management: SCCM Server Settings[entry]:SCCM Server : entry SCCM Server : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[checkbox]:SSL : checkbox SSL : no 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[password]:WSUS Password : password WSUS Password : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[entry]:WSUS Username : entry WSUS Username : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[entry]:WSUS Port : entry WSUS Port : 57031 Patch Management: WSUS Server Settings Patch Management: WSUS Server Settings[entry]:WSUS Server : entry WSUS Server : 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[password]:Red Hat Satellite password(s) : password Red Hat Satellite password(s) : 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite username(s) : entry Red Hat Satellite username(s) : 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[checkbox]:Verify SSL certificates : checkbox Verify SSL certificates : no 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite port(s) : entry Red Hat Satellite port(s) : 443 57063 Patch Management: Red Hat Satellite Server Settings Patch Management: Red Hat Satellite Server Settings[entry]:Red Hat Satellite server(s) [separated w/ semicolons] : entry Red Hat Satellite server(s) [separated w/ semicolons] : 57395 VMware SOAP API Settings VMware SOAP API Settings[checkbox]:Ignore SSL Certificate : checkbox Ignore SSL Certificate : no 57395 VMware SOAP API Settings VMware SOAP API Settings[password]:VMware password : password VMware password : 57395 VMware SOAP API Settings VMware SOAP API Settings[entry]:VMware user name : entry VMware user name : 57861 IBM iSeries Credentials IBM iSeries Credentials[password]:Password : password Password : 57861 IBM iSeries Credentials IBM iSeries Credentials[entry]:Login : entry Login : 58038 LDAP 'Domain Admins' Group Membership Enumeration LDAP 'Domain Admins' Group Membership Enumeration[entry]:Max results : entry Max results : 1000 58038 LDAP 'Domain Admins' Group Membership Enumeration LDAP 'Domain Admins' Group Membership Enumeration[password]:LDAP password : password LDAP password : 58038 LDAP 'Domain Admins' Group Membership Enumeration LDAP 'Domain Admins' Group Membership Enumeration[entry]:LDAP user : entry LDAP user : 59275 Malicious Process Detection Malicious Process Detection[file]:Known good MD5 hashes (optional) : file Known good MD5 hashes (optional) : 59275 Malicious Process Detection Malicious Process Detection[file]:Additional MD5 hashes (optional) : file Additional MD5 hashes (optional) : 60024 ADSI Settings ADSI Settings[password]:Domain Password 5: password Domain Password 5: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 5: entry Domain Username 5: 60024 ADSI Settings ADSI Settings[entry]:Domain 5: entry Domain 5: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 5: entry Domain Controller 5: 60024 ADSI Settings ADSI Settings[password]:Domain Password 4: password Domain Password 4: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 4: entry Domain Username 4: 60024 ADSI Settings ADSI Settings[entry]:Domain 4: entry Domain 4: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 4: entry Domain Controller 4: 60024 ADSI Settings ADSI Settings[password]:Domain Password 3: password Domain Password 3: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 3: entry Domain Username 3: 60024 ADSI Settings ADSI Settings[entry]:Domain 3: entry Domain 3: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 3: entry Domain Controller 3: 60024 ADSI Settings ADSI Settings[password]:Domain Password 2: password Domain Password 2: 60024 ADSI Settings ADSI Settings[entry]:Domain Username 2: entry Domain Username 2: 60024 ADSI Settings ADSI Settings[entry]:Domain 2: entry Domain 2: 60024 ADSI Settings ADSI Settings[entry]:Domain Controller 2: entry Domain Controller 2: 60024 ADSI Settings ADSI Settings[password]:Domain Password : password Domain Password : 60024 ADSI Settings ADSI Settings[entry]:Domain Username : entry Domain Username : 60024 ADSI Settings ADSI Settings[entry]:Domain : entry Domain : 60024 ADSI Settings ADSI Settings[entry]:Domain Controller : entry Domain Controller : 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Device Update Timeout (Minutes) : entry Device Update Timeout (Minutes) : 5 5 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[checkbox]:Force Device Updates : checkbox Force Device Updates : yes yes 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[checkbox]:SSL : checkbox SSL : yes 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[password]:Apple Profile Manager password : password Apple Profile Manager password : 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Apple Profile Manager username : entry Apple Profile Manager username : 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Apple Profile Manager port : entry Apple Profile Manager port : 443 60032 Apple Profile Manager API Settings Apple Profile Manager API Settings[entry]:Apple Profile Manager server : entry Apple Profile Manager server : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[checkbox]:SSL : checkbox SSL : no 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[password]:Web Reports Password : password Web Reports Password : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Username : entry Web Reports Username : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Port : entry Web Reports Port : 62558 Patch Management: IBM Tivoli Endpoint Manager Server Settings Patch Management: IBM Tivoli Endpoint Manager Server Settings[entry]:Web Reports Server : entry Web Reports Server : 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[checkbox]:SSL : checkbox SSL : yes 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[password]:VMware vCenter password : password VMware vCenter password : 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[entry]:VMware vCenter user name : entry VMware vCenter user name : 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[entry]:VMware vCenter port : entry VMware vCenter port : 443 63060 VMware vCenter SOAP API Settings VMware vCenter SOAP API Settings[entry]:VMware vCenter host : entry VMware vCenter host : 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Port : entry Palo Alto Port : 443 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[password]:Palo Alto Password : password Palo Alto Password : 64286 Palo Alto Networks PAN-OS Settings Palo Alto Networks PAN-OS Settings[entry]:Palo Alto Username : entry Palo Alto Username : 66334 Patch Report Patch Report[checkbox]:Display the superseded patches in the report checkbox Display the superseded patches in the report yes no 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #5 : radio OVAL Result Type #5 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #5 : entry SCAP Profile ID #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #5 : entry SCAP Benchmark ID #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : entry SCAP Data Stream ID (1.2 only) #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #5 : radio SCAP Version #5 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #5 : file SCAP File (zip) #5 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #4 : radio OVAL Result Type #4 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #4 : entry SCAP Profile ID #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #4 : entry SCAP Benchmark ID #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : entry SCAP Data Stream ID (1.2 only) #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #4 : radio SCAP Version #4 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #4 : file SCAP File (zip) #4 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #3 : radio OVAL Result Type #3 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #3 : entry SCAP Profile ID #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #3 : entry SCAP Benchmark ID #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : entry SCAP Data Stream ID (1.2 only) #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #3 : radio SCAP Version #3 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #3 : file SCAP File (zip) #3 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #2 : radio OVAL Result Type #2 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #2 : entry SCAP Profile ID #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #2 : entry SCAP Benchmark ID #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : entry SCAP Data Stream ID (1.2 only) #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #2 : radio SCAP Version #2 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #2 : file SCAP File (zip) #2 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:OVAL Result Type #1 : radio OVAL Result Type #1 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Profile ID #1 : entry SCAP Profile ID #1 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Benchmark ID #1 : entry SCAP Benchmark ID #1 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : entry SCAP Data Stream ID (1.2 only) #1 : 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[radio]:SCAP Version #1 : radio SCAP Version #1 : 1.2;1.1;1.0 66756 SCAP Windows Compliance Checks SCAP Windows Compliance Checks[file]:SCAP File (zip) #1 : file SCAP File (zip) #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #5 : radio OVAL Result Type #5 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #5 : entry SCAP Profile ID #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #5 : entry SCAP Benchmark ID #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #5 : entry SCAP Data Stream ID (1.2 only) #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #5 : radio SCAP Version #5 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #5 : file SCAP File (zip) #5 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #4 : radio OVAL Result Type #4 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #4 : entry SCAP Profile ID #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #4 : entry SCAP Benchmark ID #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #4 : entry SCAP Data Stream ID (1.2 only) #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #4 : radio SCAP Version #4 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #4 : file SCAP File (zip) #4 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #3 : radio OVAL Result Type #3 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #3 : entry SCAP Profile ID #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #3 : entry SCAP Benchmark ID #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #3 : entry SCAP Data Stream ID (1.2 only) #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #3 : radio SCAP Version #3 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #3 : file SCAP File (zip) #3 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #2 : radio OVAL Result Type #2 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #2 : entry SCAP Profile ID #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #2 : entry SCAP Benchmark ID #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #2 : entry SCAP Data Stream ID (1.2 only) #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #2 : radio SCAP Version #2 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #2 : file SCAP File (zip) #2 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:OVAL Result Type #1 : radio OVAL Result Type #1 : Full results w/ system characteristics;Full results w/o system characteristics;Thin results 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Profile ID #1 : entry SCAP Profile ID #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Benchmark ID #1 : entry SCAP Benchmark ID #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[entry]:SCAP Data Stream ID (1.2 only) #1 : entry SCAP Data Stream ID (1.2 only) #1 : 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[radio]:SCAP Version #1 : radio SCAP Version #1 : 1.2;1.1;1.0 66757 SCAP Linux Compliance Checks SCAP Linux Compliance Checks[file]:SCAP File (zip) #1 : file SCAP File (zip) #1 : 66963 Good MDM Settings Good MDM Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 66963 Good MDM Settings Good MDM Settings[checkbox]:SSL : checkbox SSL : yes 66963 Good MDM Settings Good MDM Settings[password]:Password : password Password : 66963 Good MDM Settings Good MDM Settings[entry]:Username : entry Username : 66963 Good MDM Settings Good MDM Settings[entry]:Domain : entry Domain : 66963 Good MDM Settings Good MDM Settings[entry]:Port : entry Port : 66963 Good MDM Settings Good MDM Settings[entry]:GMC Server : entry GMC Server : 72904 MobileIron API Settings MobileIron API Settings[checkbox]:Verify SSL certificate : checkbox Verify SSL certificate : no 72904 MobileIron API Settings MobileIron API Settings[checkbox]:SSL : checkbox SSL : yes 72904 MobileIron API Settings MobileIron API Settings[password]:MobileIron password : password MobileIron password : 72904 MobileIron API Settings MobileIron API Settings[entry]:MobileIron username : entry MobileIron username : 72904 MobileIron API Settings MobileIron API Settings[entry]:MobileIron port : entry MobileIron port : 72904 MobileIron API Settings MobileIron API Settings[entry]:MobileIron VSP Admin Portal URL : entry MobileIron VSP Admin Portal URL : 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : yes yes 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:SSL : checkbox SSL : yes yes 73490 Amazon Web Services Settings Amazon Web Services Settings[password]:AWS Secret Access Key : password AWS Secret Access Key : 73490 Amazon Web Services Settings Amazon Web Services Settings[password]:AWS Access Key ID : password AWS Access Key ID : 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-gov-west-1 : checkbox Region us-gov-west-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region cn-north-1 : checkbox Region cn-north-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region sa-east-1 : checkbox Region sa-east-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region ap-southeast-2 : checkbox Region ap-southeast-2 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region ap-southeast-1 : checkbox Region ap-southeast-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region ap-northeast-1 : checkbox Region ap-northeast-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region eu-west-1 : checkbox Region eu-west-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-west-2 : checkbox Region us-west-2 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-west-1 : checkbox Region us-west-1 : no no 73490 Amazon Web Services Settings Amazon Web Services Settings[checkbox]:Region us-east-1 : checkbox Region us-east-1 : no no 73980 Hosts File Whitelisted Entries Hosts File Whitelisted Entries[file]:Upload file with custom hosts entries : file Upload file with custom hosts entries : 76460 AirWatch API Settings AirWatch API Settings[checkbox]:Verify SSL certificate : checkbox Verify SSL certificate : no 76460 AirWatch API Settings AirWatch API Settings[checkbox]:SSL : checkbox SSL : yes 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch API key : entry AirWatch API key : 76460 AirWatch API Settings AirWatch API Settings[password]:AirWatch password : password AirWatch password : 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch username : entry AirWatch username : 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch port : entry AirWatch port : 76460 AirWatch API Settings AirWatch API Settings[entry]:AirWatch Environment API URL : entry AirWatch Environment API URL : 76512 MongoDB Settings MongoDB Settings[entry]:Port : entry Port : 27017 76512 MongoDB Settings MongoDB Settings[entry]:Database for authentication : entry Database for authentication : 76512 MongoDB Settings MongoDB Settings[password]:Password : password Password : 76512 MongoDB Settings MongoDB Settings[entry]:Username : entry Username : 76710 Salesforce.com Settings Salesforce.com Settings[password]:Password : password Password : 76710 Salesforce.com Settings Salesforce.com Settings[entry]:Username : entry Username : 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[password]:K1000 Database Password : password K1000 Database Password : 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Username : entry K1000 Database Username : R1 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Organization Database Name : entry K1000 Organization Database Name : ORG1 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Database Port : entry K1000 Database Port : 3306 76866 Patch Management: Dell KACE K1000 Settings Patch Management: Dell KACE K1000 Settings[entry]:K1000 Address : entry K1000 Address : 77089 RHEV Settings RHEV Settings[checkbox]:Verify SSL Certificate : checkbox Verify SSL Certificate : no 77089 RHEV Settings RHEV Settings[entry]:Port : entry Port : 443 77089 RHEV Settings RHEV Settings[password]:Password : password Password : 77089 RHEV Settings RHEV Settings[entry]:Username : entry Username : 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[password]:Symantec Altiris Database Password : password Symantec Altiris Database Password : 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Username : entry Symantec Altiris Database Username : 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[checkbox]:Symantec Altiris Use Windows Credentials : checkbox Symantec Altiris Use Windows Credentials : no 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Name : entry Symantec Altiris Database Name : Symantec_CMDB 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Port : entry Symantec Altiris Database Port : 5690 78013 Patch Management: Symantec Altiris Settings Patch Management: Symantec Altiris Settings[entry]:Symantec Altiris Database Server : entry Symantec Altiris Database Server : template_policy yes wizard_uuid ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66 local_portscan.snmp yes portscan.ping yes local_portscan.netstat_wmi yes port_range 0-1000 plugin_selection.individual_plugin.34220 enabled reverse_lookup no network_scanners.udp no slice_network_addresses no checks_read_timeout 5 plugin_selection.individual_plugin.34277 disabled stop_scan_on_disconnect no name PolicyName local_portscan.netstat_ssh yes silent_dependencies yes reduce_connections_on_congestion no plugin_selection.individual_plugin.14272 enabled use_kernel_congestion_detection no network_scanners.tcp no plugin_selection.individual_plugin.11219 enabled allow_post_scan_editing yes max_checks 5 max_hosts 30 service_detection.search_for_ssl yes network_scanners.syn yes log_whole_attack no plugin_selection.individual_plugin.14274 enabled unscanned_closed no plugin_selection.individual_plugin.10335 disabled safe_checks yes ui.aws.region_category Rest of the World plugin_selection.individual_plugin.10180 enabled Port scanners mixed PolicyName " 19 | 20 | #https://192.168.112.160:8834/nessus6-api.html#/ 21 | 22 | origUrl = '' 23 | verify = False 24 | token = "" 25 | username = '' 26 | password = '' 27 | filename = "test.nessus" 28 | headers = {} 29 | 30 | def parseNmapReport(reportFile): 31 | criticalList=[] 32 | highList=[] 33 | mediumList=[] 34 | 35 | print reportFile 36 | with open(reportFile, 'rb') as csvfile: 37 | reader = csv.DictReader(csvfile,delimiter=',') 38 | for row in reader: 39 | if row['Risk']!='None': 40 | result = ([row['Risk'],row['Host']+':'+row['Port'],row['Name']]) 41 | if row['Risk']=='Critical': 42 | if result not in criticalList: 43 | criticalList.append(result) 44 | if row['Risk']=='High': 45 | if result not in highList: 46 | highList.append(result) 47 | if row['Risk']=='Medium': 48 | if result not in mediumList: 49 | mediumList.append(result) 50 | 51 | print "\n- Summary of Results (Critical/High/Medium)" 52 | if len(criticalList)<1 and len(highList)<1 and len(mediumList)<1: 53 | print "- No results found" 54 | 55 | criticalList = sorted(criticalList, key=operator.itemgetter(0, 1)) 56 | for x in criticalList: 57 | print "%-10s %15s %80s" % (x[0], x[1], x[2]) 58 | highList = sorted(highList, key=operator.itemgetter(0, 1)) 59 | for x in highList: 60 | print "%-10s %15s %80s" % (x[0], x[1], x[2]) 61 | 62 | mediumList = sorted(mediumList, key=operator.itemgetter(0, 1)) 63 | for x in mediumList: 64 | print "%-10s %15s %80s" % (x[0], x[1], x[2]) 65 | 66 | def setHeaders(contentType="",token=""): 67 | if contentType=="json": 68 | headers = {'X-Cookie': 'token='+token, 69 | 'content-type': 'application/json'} 70 | else: 71 | headers = {'X-Cookie': 'token='+token} 72 | return headers 73 | 74 | def login(username,password): 75 | headers=setHeaders(contentType="json") 76 | login = {'username': username, 'password': password} 77 | data = json.dumps(login) 78 | r = requests.post(origUrl+"/session", data=data, headers=headers, verify=verify) 79 | data = json.loads(r.text) 80 | token = data['token'] 81 | return token 82 | 83 | def upload_file(filename,token): 84 | headers=setHeaders(contentType="",token=token) 85 | url = origUrl+"/file/upload" 86 | files = {"Filedata": open(filename, 'rb')} 87 | r = requests.post(url = url, headers = headers, data = {'Filename':filename}, files = files, verify = verify) 88 | if r.status_code==200: 89 | data = json.loads(r.text) 90 | filename = data['fileuploaded'] 91 | return filename 92 | else: 93 | return None 94 | 95 | def import_policy(filename,token): 96 | headers=setHeaders(contentType="json",token=token) 97 | login = {'file': filename} 98 | data = json.dumps(login) 99 | url = origUrl+"/policies/import" 100 | r = requests.post(url = url, data=data, headers=headers, verify=verify) 101 | data = json.loads(r.text) 102 | uuid = data['template_uuid'] 103 | policy_id = data['id'] 104 | return (uuid,policy_id) 105 | 106 | def get_policy(policy_id,token): 107 | headers=setHeaders(contentType="json",token=token) 108 | url = origUrl+"/policies/"+str(policy_id)+"/export" 109 | r = requests.get(url = url, headers=headers, verify=verify) 110 | #data = json.loads(r.text) 111 | #return data 112 | return r.text 113 | 114 | def list_policy(token): 115 | headers=setHeaders(contentType="json",token=token) 116 | url = origUrl+"/policies/" 117 | r = requests.get(url = url, headers=headers, verify=verify) 118 | data = json.loads(r.text) 119 | return data 120 | 121 | def delete_policy(token,policy_id): 122 | headers=setHeaders(contentType="json",token=token) 123 | url = origUrl+"/policies/"+str(policy_id) 124 | r = requests.delete(url = url, headers=headers, verify=verify) 125 | 126 | #def list_policy(token): 127 | # headers=setHeaders(contentType="json",token=token) 128 | # url = origUrl+"/policies" 129 | # #url = origUrl+"/editor/policy/templates" 130 | # r = requests.get(url = url, headers=headers, verify=verify) 131 | # data = json.loads(r.text) 132 | # return data 133 | 134 | def list_scans(token): 135 | headers=setHeaders(contentType="json",token=token) 136 | r = requests.get(origUrl+"/scans", headers=headers, verify=verify) 137 | data = json.loads(r.text) 138 | return data 139 | 140 | def add_scan(uuid,policy_id,targets,token): 141 | headers=setHeaders(contentType="json",token=token) 142 | data = {"uuid":uuid, "settings": {"policy_id": policy_id, "name": "Scan Name", "description": "Scan Description", "text_targets": targets}} 143 | data = json.dumps(data) 144 | r = requests.post(origUrl+"/scans", data=data, headers=headers, verify=verify) 145 | data = json.loads(r.text) 146 | return data 147 | 148 | def start_scan(uuid,scan_id,token): 149 | headers=setHeaders(contentType="json",token=token) 150 | data = {"scan_uuid":uuid} 151 | data = json.dumps(data) 152 | r = requests.post(origUrl+"/scans/"+str(scan_id)+"/launch", data=data, headers=headers, verify=verify) 153 | data = json.loads(r.text) 154 | return data 155 | 156 | def extractIP(filename): 157 | root = etree.parse(filename) 158 | addrList = [port.get('addr') for port in root.findall('.//address')] 159 | count=0 160 | addrList = list(set(addrList)) 161 | addrStr = ",".join(addrList) 162 | return addrStr 163 | 164 | def extractPorts(filename): 165 | resultList=[] 166 | root = etree.parse(filename) 167 | stateList = [port.get('state') for port in root.findall('.//state')] 168 | portsList = [port.get('portid') for port in root.findall('.//port')] 169 | 170 | count=0 171 | for x in stateList: 172 | if x=="open": 173 | resultList.append(portsList[count]) 174 | count+=1 175 | resultList = list(set(resultList)) 176 | portsStr = ",".join(resultList) 177 | return portsStr 178 | 179 | #def modifyPolicy(portsStr): 180 | # doc = etree.parse(StringIO(defaultNessusPolicy)) 181 | # #doc = etree.parse(filename) 182 | # for elem in doc.findall("/Policy/Preferences/ServerPreferences/preference/value"): 183 | # if elem.text=="PolicyName": 184 | # elem.text="scan_"+str(uuid.uuid4()) 185 | # if elem.text=="0-1000": 186 | # elem.text=portsStr 187 | # for elem in doc.findall("Policy/policyName"): 188 | # if elem.text=="PolicyName": 189 | # elem.text="scan_"+str(uuid.uuid4()) 190 | # doc.write('output.nessus', xml_declaration=False) 191 | # return "output.nessus" 192 | 193 | def modifyPolicy(portsStr): 194 | doc = etree.parse(StringIO(defaultNessusPolicy)) 195 | found=False 196 | for elem in doc.findall("/Policy/Preferences/ServerPreferences/preference"): 197 | for node in elem: 198 | if found==True: 199 | if node.tag=="value": 200 | node.text = portsStr 201 | found=False 202 | if node.tag=="name": 203 | if node.text=="port_range": 204 | found=True 205 | doc.write('output.nessus', xml_declaration=False) 206 | return "output.nessus" 207 | 208 | def request_report(scan_id,format,token): 209 | headers=setHeaders("json",token) 210 | if format=="csv": 211 | data = {'scan_id':scan_id,'format':'csv'} 212 | data = json.dumps(data) 213 | r = requests.post(origUrl+"/scans/"+str(scan_id)+"/export/", data=data, headers=headers, verify=verify) 214 | data = json.loads(r.text) 215 | return data 216 | 217 | def download_report(file_id,scan_id,format,token): 218 | headers=setHeaders("json",token) 219 | if format=="csv": 220 | data = {'scan_id': scan_id, 'format': 'csv'} 221 | data = json.dumps(data) 222 | r = requests.get(origUrl+"/scans/"+str(scan_id)+"/export/"+str(file_id)+"/download", data=data, headers=headers, verify=verify) 223 | return r.text 224 | 225 | 226 | 227 | if __name__== '__main__': 228 | parser= argparse.ArgumentParser() 229 | parser.add_argument('-s', dest='hostIP', action='store', help='[nessus server IP]') 230 | parser.add_argument('-u', dest='username', action='store', help='[username]') 231 | parser.add_argument('-p', dest='password', action='store', help='[password]') 232 | parser.add_argument('-i', dest='infile', action='store', help='[nmap xml file]') 233 | parser.add_argument('-T', dest='targetHost', action='store', help='[target IP address/range]') 234 | parser.add_argument('-t', dest='templatefile', action='store', help='[Nessus policy template to use (optional)]') 235 | parser.add_argument('-n', dest='scanid', action='store', help='[lookup job based on scan_id (optional)]') 236 | parser.add_argument('-o', dest='outfile', action='store', help='[nessus report (csv) (optional)]') 237 | 238 | if len(sys.argv)==1: 239 | parser.print_help() 240 | sys.exit(1) 241 | 242 | options= parser.parse_args() 243 | if not options.username and not options.password: 244 | print "- Enter a username and password to connect to Nessus" 245 | sys.exit() 246 | if not options.hostIP: 247 | print "- Enter the Nessus server IP address" 248 | sys.exit() 249 | else: 250 | hostIP = options.hostIP 251 | origUrl = 'https://'+hostIP+':8834' 252 | 253 | if options.scanid: 254 | scan_id = options.scanid 255 | username = options.username 256 | password = options.password 257 | 258 | print "- Logging into Nessus" 259 | token = login(username,password) 260 | 261 | found=False 262 | while found==False: 263 | results=list_scans(token) 264 | for x in results['scans']: 265 | if str(x['id'])==str(scan_id): 266 | print "- Checking Job Status: "+str(scan_id)+" : "+str(x['status']) 267 | if x['status']=='canceled' or x['status']=='completed': 268 | found=True 269 | time.sleep(5) 270 | 271 | results = request_report(scan_id,"csv",token) 272 | 273 | file_id = results['file'] 274 | 275 | results = download_report(file_id,scan_id,"csv",token) 276 | 277 | if options.outfile: 278 | #results = download_report(file_id,scan_id,"csv",token) 279 | file = open(options.outfile, "w") 280 | file.write(results.encode('ascii', 'ignore').decode('ascii')) 281 | file.close() 282 | print "\n- Nessus report has been saved to: "+options.outfile 283 | parseNmapReport(options.outfile) 284 | else: 285 | outfile = "report.csv" 286 | #results = download_report(file_id,scan_id,"csv",token) 287 | file = open("report.csv", "w") 288 | file.write(results.encode('ascii', 'ignore').decode('ascii')) 289 | file.close() 290 | print "\n- Nessus report has been saved to: report.csv" 291 | parseNmapReport(outfile) 292 | sys.exit() 293 | if options.targetHost: 294 | username = options.username 295 | password = options.password 296 | 297 | print "- Launching new Nessus scan" 298 | resultStr="" 299 | 300 | portsStr="1-65535" 301 | portsStr="80" 302 | print "- Modifying Nessus policy" 303 | filename="nessusPolicy.xml" 304 | filename = modifyPolicy(portsStr) 305 | 306 | print "- Logging into Nessus" 307 | token = login(username,password) 308 | 309 | if options.templatefile: 310 | foundPolicy=False 311 | results = list_policy(token) 312 | for x in results['policies']: 313 | if options.templatefile==x['name']: 314 | policy_id = x['id'] 315 | defaultNessusPolicy = get_policy(policy_id,token) 316 | modifyPolicy(portsStr) 317 | foundPolicy=True 318 | if foundPolicy==False: 319 | print "- Cannot find Nessus policy name" 320 | sys.exit() 321 | 322 | 323 | print "- Uploading Policy" 324 | filename = upload_file(filename,token) 325 | if filename!=None: 326 | (uuid,policy_id) = import_policy(filename,token) 327 | 328 | targets = options.targetHost 329 | results = add_scan(uuid,policy_id,targets,token) 330 | 331 | uuid = results['scan']['uuid'] 332 | scan_id = results['scan']['id'] 333 | 334 | print "- Starting Nessus Scan" 335 | start_scan(uuid,scan_id,token) 336 | 337 | found=False 338 | while found==False: 339 | results=list_scans(token) 340 | for x in results['scans']: 341 | if str(x['id'])==str(scan_id): 342 | print "- Checking Job Status: "+str(scan_id)+" : "+str(x['status']) 343 | if x['status']=='canceled' or x['status']=='completed': 344 | found=True 345 | time.sleep(5) 346 | 347 | results = request_report(scan_id,"csv",token) 348 | file_id = results['file'] 349 | 350 | print "- Deleting Temp Nessus Policy" 351 | delete_policy(token,policy_id) 352 | 353 | if options.outfile: 354 | results = download_report(file_id,scan_id,"csv",token) 355 | file = open(options.outfile, "w") 356 | file.write(results.encode('ascii', 'ignore').decode('ascii')) 357 | file.close() 358 | print "- Nessus report has been saved to: "+options.outfile 359 | parseNmapReport(options.outfile) 360 | 361 | else: 362 | outfile = "report.csv" 363 | results = download_report(file_id,scan_id,"csv",token) 364 | file = open("report.csv", "w") 365 | file.write(results.encode('ascii', 'ignore').decode('ascii')) 366 | file.close() 367 | print "- Nessus report has been saved to: report.csv" 368 | parseNmapReport(outfile) 369 | 370 | if options.infile: 371 | username = options.username 372 | password = options.password 373 | 374 | print "- Launching new Nessus scan" 375 | filename = options.infile 376 | resultStr="" 377 | 378 | print "- Extracting ports from "+filename 379 | addrStr = extractIP(filename) 380 | 381 | portsStr =extractPorts(filename) 382 | resultStr += portsStr+"," 383 | 384 | portStr = resultStr[:-1] 385 | 386 | print "- Modifying Nessus policy" 387 | filename="nessusPolicy.xml" 388 | filename = modifyPolicy(portsStr) 389 | 390 | print "- Logging into Nessus" 391 | token = login(username,password) 392 | 393 | if options.templatefile: 394 | foundPolicy=False 395 | results = list_policy(token) 396 | for x in results['policies']: 397 | if options.templatefile==x['name']: 398 | policy_id = x['id'] 399 | defaultNessusPolicy = get_policy(policy_id,token) 400 | modifyPolicy(portsStr) 401 | foundPolicy=True 402 | if foundPolicy==False: 403 | print "- Cannot find Nessus policy name" 404 | sys.exit() 405 | 406 | 407 | print "- Uploading Policy" 408 | filename = upload_file(filename,token) 409 | if filename!=None: 410 | (uuid,policy_id) = import_policy(filename,token) 411 | 412 | targets = addrStr 413 | results = add_scan(uuid,policy_id,targets,token) 414 | 415 | uuid = results['scan']['uuid'] 416 | scan_id = results['scan']['id'] 417 | 418 | print "- Starting Nessus Scan" 419 | start_scan(uuid,scan_id,token) 420 | 421 | found=False 422 | while found==False: 423 | results=list_scans(token) 424 | for x in results['scans']: 425 | if str(x['id'])==str(scan_id): 426 | print "- Checking Job Status: "+str(scan_id)+" : "+str(x['status']) 427 | if x['status']=='canceled' or x['status']=='completed': 428 | found=True 429 | time.sleep(5) 430 | 431 | results = request_report(scan_id,"csv",token) 432 | file_id = results['file'] 433 | 434 | print "- Deleting Temp Nessus Policy" 435 | delete_policy(token,policy_id) 436 | 437 | if options.outfile: 438 | results = download_report(file_id,scan_id,"csv",token) 439 | file = open(options.outfile, "w") 440 | file.write(results.encode('ascii', 'ignore').decode('ascii')) 441 | file.close() 442 | print "- Nessus report has been saved to: "+options.outfile 443 | parseNmapReport(options.outfile) 444 | 445 | else: 446 | outfile = "report.csv" 447 | results = download_report(file_id,scan_id,"csv",token) 448 | file = open("report.csv", "w") 449 | file.write(results.encode('ascii', 'ignore').decode('ascii')) 450 | file.close() 451 | print "- Nessus report has been saved to: report.csv" 452 | parseNmapReport(outfile) 453 | --------------------------------------------------------------------------------