API tools faq
paste
Advertisement
D0cEvil

Nessus - Plugin info to Elasticsearch

D0cEvil
Dec 6th, 2022
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.94 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. #Nessus plugins
  2.  
  3. #This Powershell script queries the Nessus Professional 8 API for plugin informations, format the JSON response and sends it at the #Logstash http input.
  4. #Installation
  5.  
  6. #Ip and port of Nessus and Logstash need to be set ; $nessusIP and $logstashIP
  7.  
  8. #API keys of Nessus and Logstash need to be set ; $xApiKey and $logstashAuth
  9.  
  10. # Ignore the self-signed certificates
  11.  
  12. if (-not("dummy" -as [type])) {
  13.    add-type -TypeDefinition @"
  14. using System;
  15. using System.Net;
  16. using System.Net.Security;
  17. using System.Security.Cryptography.X509Certificates;
  18.  
  19. public static class Dummy {
  20.   public static bool ReturnTrue(object sender,
  21.       X509Certificate certificate,
  22.       X509Chain chain,
  23.       SslPolicyErrors sslPolicyErrors) { return true; }
  24.  
  25.   public static RemoteCertificateValidationCallback GetDelegate() {
  26.       return new RemoteCertificateValidationCallback(Dummy.ReturnTrue);
  27.   }
  28. }
  29. "@
  30. }
  31. [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [dummy]::GetDelegate()
  32.  
  33.  
  34. # authentication header
  35. $xApiKey = ''              #<=============NessusAPIKey=============
  36. $headers = @{
  37.    "X-ApiKeys" = $xApiKey
  38.    "Accept" = "application/json"
  39. }
  40. $logstashAuth = ''  #<=============LogstashBasicAuth=============
  41. $headersLog = @{
  42.    "Authorization" = $logstashAuth
  43. }
  44.  
  45. $nessusIP = 'srv675m:8834'  #<=============Nessus=============
  46. $logstashIP = 'srv723l:8080' #<=============Logstash=============
  47.  
  48. # get all families
  49. $uri = "https://"+$nessusIP+"/plugins/families"
  50. $Result = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers
  51. $j = 0
  52. $total = $Result.families.Count
  53. # for each family
  54. Foreach ($family in $Result.families){
  55.    $j += 1
  56.    Write-Progress -Activity "Nessus to Logstash" -PercentComplete (($j / $total)  * 100)
  57.    # get information on one family
  58.    $uri = "https://"+$nessusIP+"/plugins/families/" + $family.id
  59.    $Result = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers
  60.    # for each plugin of the family
  61.    Foreach ($plugin in $Result.plugins){
  62.       # get information on the plugin
  63.       $uri = "https://"+$nessusIP+"/plugins/plugin/" + $plugin.id
  64.       $Result = Invoke-RestMethod -Uri $uri -Method GET -Headers $headers
  65.  
  66.       # format dictionary
  67.       $newAttLst = @()
  68.       foreach ($att in $Result.attributes) {
  69.          if($att.attribute_name -ne "plugin_modification_date" -and $att.attribute_name -ne "plugin_publication_date"){
  70.             $newAttLst += @{ $att.attribute_name = $att.attribute_value}        
  71.          }
  72.       }
  73.       # we remove the attribute list and add our newly formated one.
  74.       $Result.psobject.properties.remove('attributes')
  75.       $Result | Add-Member -MemberType NoteProperty -Name "attributes" -Value $newAttLst
  76.  
  77.       # send it to logstash
  78.       $JSON = $Result | ConvertTo-json
  79.       $uri = "https://"+$logstashIP
  80.       $empty = Invoke-WebRequest -uri $uri -Method POST -Body $JSON -UseBasicParsing -Headers $headersLog
  81.    }
  82. }
Tags: python костыли-велосипеды elk Nessus
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!