stevespringett
commented
6 years ago Credentials for authenticated scans are stored in Nessus policies. Policies can be added/modified/removed from the Nessus API directly. It's important to have a small set of centralized service accounts or SSH keys used for authentication so that you can build up a small collection of pre-defined policies that can be utilized by the majority of services. If the goal is to make the entire process dynamic, then I believe the following things to be true:
- Policies would need to be dynamically created (and potentially removed) since each type of authentication (SSH, AWS, etc) is tied to a specific policy.
- For SSH authentication, the private key would need to be safely stored and sent as part of the request Hakbot would make to the Nessus server to dynamically create the policy
- For AWS authentication, this requires the AWS root user. Again, safely store and transmit this.
Some investigation would need to be done to determine what happens when a policy is dynamically removed. What happens to trends, history, reports, etc? Also, what happens if the policy requested already exists but the authentication details are different?
Unfortunately, Nessus policies, as far as I know (with version 6.x) do not support variables that can be defined at scan time. If there's documentation to suggest that it does, then I think the enhancement could easily be achieved. But without that support, the tool may limit what Hakbot can realistically do.
Is it possible to trigger a Nessus authenticated scan by providing the credentials dynamically in the Json-body? If not, would this be a useful feature request?