Automating Nessus


m3rcer

This Program helps automate aspects of the Nessus API to build classes to perform unauthenticated vulnerability scans against target hosts on a network.

View/Download the Visual Studio Project

REST (representational state transfer) is a way of accessing and interacting with resources (such as user accounts or vulnerability scans) on the server, usually over HTTP, using a variety of HTTP methods(GET, POST, DELETE, and PUT).

Note: The REST API to automate scans was removed from Nesssus 7.0 and above. If you need to launch scans in an automated way, you would have to upgrade to Tenable.io or Tenable.sc which have full API integrations. I tried looking for Nessus versions < 7.0 as only versions prior 7.0 would work with this program but failed to find a working version. Except the “scan automation” part everything else works with the API(Refer Main.md).

Code:

Class Components:

  1. The NessusSession Class.
  2. The NessusManager Class
  3. The Main Class

Output: 

$ mono ch5_automating_nessus.exe
Scan status: running
Scan status: running
Scan status: running
--snip--
{
"count": 1,
"plugin_name": "SSL Version 2 and 3 Protocol Detection",
"vuln_index": 62,
"severity": 2,
"plugin_id": 20007,
"severity_index": 30,
"plugin_family": "Service detection"
}
{
"count": 1,
"plugin_name": "SSL Self-Signed Certificate",
"vuln_index": 61,
"severity": 2,
"plugin_id": 57582,
"severity_index": 31,
"plugin_family": "General"
}
{
"count": 1,
"plugin_name": "SSL Certificate Cannot Be Trusted",
"vuln_index": 56,
"severity": 2,
"plugin_id": 51192,
"severity_index": 32,
"plugin_family": "General"
}