XML Interfaces to thePopular NessusScannerRajesh DeoNetwork Intelligence India Pvt. Ltd.29/03/2012NULL Mumbai Chapter
The Venerable Nessus Scanner• A comprehensive vulnerability scanner• Can perform network tests, system audits, patch  mana...
Open-source Tools• Perl/Net::Nessus::XMLRPC  • Vlatko Košturjak  • http://search.cpan.org/~kost/Net-Nessus-XMLRPC-    0.30...
Why do we need these tools?•   Automation•   Automation•   Automation•   Custom reporting•   Custom reporting•   Custom re...
Why are we using Python/nessus-xmlrpc?• I know Python a little bit  • Matplotlib for charting/graphs  • Numpy/SciPy or Int...
Automation: XML-RPC API in Ruby• Write custom scripts, simple one-off tools• Monitor long-running scans• Get reports in XM...
CLI for shell lovers• Automate with your favorite shell: Bash, Tcsh, Zsh• Grep, sed and awk• With an XML/RPC interface you...
Multiple Targets?• Home Feed limits you to 15 targets only at a time, good  enough for development.• XML-RPC interface sam...
Automation with Python           Email and            xsltproc                       • Possibilities                      ...
The XML-RPC Interface for Nessus• Partially documented  • http://www.tenable.com/documentation/nessus_XMLRPC_proto    col_...
Nessus v2 XML report format                                          Vulnerability• Microsoft Excel is your friend        ...
Custom Reports: MS Patches               With python use lxml, output to csv,                   xls, sql, html or xml agai...
Vulnerability Management/DeltaReporting• Seccubus: http://seccubus.com/  • Seccubus automates regular vulnerability scans ...
Improve the tools• Goals: Integration  • Custom reports     • Python/XML foo OK.     • We are doing one-off scripts right ...
Questions?             Please send us your             ideas/comments/questions at             rajesh.deo@niiconsulting.co...
Upcoming SlideShare
Loading in …5
×

Xml interfaces to the popular nessus scanner

2,831 views

Published on

null Mumbai Meet March 2012

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,831
On SlideShare
0
From Embeds
0
Number of Embeds
377
Actions
Shares
0
Downloads
32
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Xml interfaces to the popular nessus scanner

  1. 1. XML Interfaces to thePopular NessusScannerRajesh DeoNetwork Intelligence India Pvt. Ltd.29/03/2012NULL Mumbai Chapter
  2. 2. The Venerable Nessus Scanner• A comprehensive vulnerability scanner• Can perform network tests, system audits, patch management, compliance tests such as PCI DSS, SCADA vulnerability audits, and so on…• Proprietary - Tenable Network Security• Started by Renaud Deraison in 1998 to provide to the Internet community with a free remote security scanner similar to SATAN and NetSaint.• Nessus 5.0 was released on Feb 15th, 2012. • http://www.nessus.org/products/nessus
  3. 3. Open-source Tools• Perl/Net::Nessus::XMLRPC • Vlatko Košturjak • http://search.cpan.org/~kost/Net-Nessus-XMLRPC- 0.30/lib/Net/Nessus/XMLRPC.pm • Perl 5 License (Artistic 1 & GPL 1) • https://github.com/kost/nessus-xmlrpc-perl • Also develops similar library for Rapid 7’s NeXpose• Ruby/nessus-xmlrpc • http://nessus-xmlrpc.rubyforge.org/ • GPL/BSD, by author of Net::Nessus::XMLRPC• Python/nessus-xmlrpc • http://code.google.com/p/nessusxmlrpc/ • Apache License 2.0 • Kurtis Miller
  4. 4. Why do we need these tools?• Automation• Automation• Automation• Custom reporting• Custom reporting• Custom reporting • XML/XSL • XPATH/XQUERY• CLI• http://seclists.org/metasploit/2010/q3/378 • Bridges to awesome software  • By Zate Burg
  5. 5. Why are we using Python/nessus-xmlrpc?• I know Python a little bit • Matplotlib for charting/graphs • Numpy/SciPy or Interface to R for numerical computations and statistics.• Not as well developed as Perl/Ruby modules but pretty close • Last upload in Dec. 2010 • There is scope to contribute... • ..and perhaps integrate with different tools
  6. 6. Automation: XML-RPC API in Ruby• Write custom scripts, simple one-off tools• Monitor long-running scans• Get reports in XML for parsing and custom reporting.• Large similarity between Perl and Ruby APIs.
  7. 7. CLI for shell lovers• Automate with your favorite shell: Bash, Tcsh, Zsh• Grep, sed and awk• With an XML/RPC interface you can tunnel your scan requests to your central Nessus server with professional feed over SSH/HTTPS directly from within python/perl/ruby. • Great for doing external penetration tests.
  8. 8. Multiple Targets?• Home Feed limits you to 15 targets only at a time, good enough for development.• XML-RPC interface same between Professional Feed and Home Feed. Multiple targets separated by “,” or “n”
  9. 9. Automation with Python Email and xsltproc • Possibilities • Have report emailed to management desktop • Write custom xsl reports, process with xsltproc on Linux. • Import into CMS solutions
  10. 10. The XML-RPC Interface for Nessus• Partially documented • http://www.tenable.com/documentation/nessus_XMLRPC_proto col_guide.pdf• An unofficial test.html from Renaud Deraison is here • http://nessus-xmlrpc.rubyforge.org/test.html• An update to XML docs will be available in a week, last post 2 days ago. • https://discussions.nessus.org/message/14693;jsessionid=E2130 C8DA7ACFC58DC1850D9EFE828FE• http://blog.upbeat.fr/tagged/Nessus? • Unofficial documentation on .nessus v2 XML report format • Automation using wget • But please use ruby/perl/python interfaces, far cleaner and you can add custom features.
  11. 11. Nessus v2 XML report format Vulnerability• Microsoft Excel is your friend References Host Inventory Is there a Metasploit module for this?
  12. 12. Custom Reports: MS Patches With python use lxml, output to csv, xls, sql, html or xml again! Python constructs make it easy to write clean code.
  13. 13. Vulnerability Management/DeltaReporting• Seccubus: http://seccubus.com/ • Seccubus automates regular vulnerability scans with Nessus and OpenVAS and provides delta reporting. • Frank Breedijk• Perl/Javascript based.• Need to integrate custom reporting with change management and inventory management etc.• Bridges to proprietary software: SharePoint, MS SQL Server, integration into standard business workflows of IT departments. Both Perl/Python provide modules to generate standard business format documents.
  14. 14. Improve the tools• Goals: Integration • Custom reports • Python/XML foo OK. • We are doing one-off scripts right now.• Reporting/Tracking should not be painful • Web-based reports best • Export to PDF • Summarize and drill down interactive capability • Need awesome reporting and charting capability • Ruby/Ruport • J-Query/Ext JS/Node.js • Java/Processing
  15. 15. Questions? Please send us your ideas/comments/questions at rajesh.deo@niiconsulting.com Acknowledgements: Tuhin Goswami Our esteemed client where we implemented some of the tools presented. Wasim Halani and K. K. Mookhey for guidance.

×