potatoqualitee / tentools

💙 tenable.sc / nessus / acas powershell module
BSD 3-Clause "New" or "Revised" License
40 stars 7 forks source link
acas deployment devops nessus powershell tenablesc

tentools logo tentools is PowerShell module automates tenable.sc and Nessus. It is a rewrite of Tenable's Posh-Nessus, which was created by Carlos Perez.

This toolset extends Posh-Nessus by adding more functionality, including the ability to work with tenable.sc / SecurityCenter.

Installer

tentools works on PowerShell Core. This means that you can run all commands on Windows, Linux and macOS.

Run the following to install tentools from the PowerShell Gallery (to install on a server or for all users, remove the -Scope parameter and run in an elevated session):

Install-Module tentools -Scope CurrentUser

If you need to install this module to an offline server, you can run

Save-Module tentools -Path C:\temp

And it will save all dependent modules. You can also download the zip from our repo, but you'll also need to download PSFramework.

Please rename the folders from name-main to name and store in your $Env:PSModulePath.

Usage scenarios

Usage examples

Initalize a newly setup Nessus server with a license and username

Initialize-TNServer -ComputerName securitycenter01 -Path $home\Downloads\nessus.license -Credential admin

Get a list of Organizations and Repositories using an Administrator account then create an Organization

$admin = Get-Credential acasadmin
Connect-TNServer -ComputerName acas -Credential $admin
Get-TNOrganization
Get-TNRepository
New-TNOrganization -Name "Acme Corp"

Get a list of Scans using an Security Manager account

$cred = Get-Credential secman
Connect-TNServer -ComputerName acas -Credential $cred
Get-TNScan

Support

Simplified deployment

As described in the wiki, you can deploy your entire environment in one simple command called Start-TNDeploy. This wrapper command accepts input from a JSON file with all of your configuration values, such as the one below.

{
    "ComputerName": "securitycenter",
    "AdministratorCredential": "admin",
    "Scanner": "localhost",
    "ScannerCredential": "admin",
    "Repository": [
        "Vulnerabilities",
        "Audits"
    ],
    "Organization": "Acme",
    "SecurityManagerCredential": "secman",
    "IpRange": "192.168.100.0/24",
    "PolicyFilePath": "C:\\sc\\scan_policies",
    "AuditFilePath": "C:\\sc\\portal_audits\\Database\\DISA*MSSQL*",
    "DashboardFilePath": "C:\\sc\\dashboards",
    "AssetFilePath": "C:\\sc\\asset_lists",
    "ReportFilePath": "C:\\sc\\reports",
    "ScanZone": "All Computers",
    "ScanCredentialHash": [
        {
            "Credential": "ad\\nessus",
            "Name": "Windows Scanner Account",
            "Type": "windows",
            "AuthType": "password"
        },
        {
            "Credential": "acasaccount",
            "PrivilegeEscalation": "sudo",
            "Name": "Linux Scanner Account",
            "Type": "ssh",
            "AuthType": "password"
        },
        {
            "Credential": "sa",
            "Name": "SQL Server sqladmin account",
            "CredentialHash": {
                "SQLServerAuthType": "SQL",
                "dbType": "SQL Server"
            },
            "Type": "database",
            "AuthType": "password"
        }
    ]
}

To create a well-stocked deployment, just add that to a JSON file, then pipe that file to Start-TNDeploy.

Get-Content C:\github\demo.json | ConvertFrom-Json | Start-TNDeploy

After entering all of the required passwords for your accounts (administrator, security manager, nessus scanner, scan credentials), sit back and let PowerShell take care of the rest as seen in the video below.

Start-TNDeploy demo

That last frame of that video was basically this result, which shows how the tenable.sc has been fully stocked:

ServerUri         : securitycenter:443
AuditPolicy       : {DISA STIG MSSQL 2012 Database v1r20, DISA STIG MSSQL 2012 Instance-DB v1r20, DISA STIG MSSQL 2012 Instance-OS v1r20, DISA STIG MSSQL 2014 Database v1r6...}
ComputerName      : securitycenter
DISADetailedASR   : DISA ASR
ImportedAsset     : {BPG 5.4 - Bad, No Auth Attempted, BPG 5.4 - Bad, Error, - CMRS Daily Publishing, BPG 5.4 - Endpoint No Agent Differential Scan...}
ImportedAudit     : {DISA STIG MSSQL 2012 Database v1r20, DISA STIG MSSQL 2012 Instance-DB v1r20, DISA STIG MSSQL 2012 Instance-OS v1r20, DISA STIG MSSQL 2014 Database v1r6...}
ImportedDashboard : Acme Scan Summary
ImportedPolicy    : {Acme - Agent Differential Scan Policy (DRAFT), Acme - Agent Scan BPG, Acme - Configuration (STIG) Scan, Acme - Malware Scan...}
ImportedReport    : Test Import File
IpRange           : 192.168.100.0/24
Organization      : Acme
ReportAttribute   : DISA
Repository        : {Vulnerabilities, Audits}
ScanCredential    : {Windows Scanner Account, Linux Scanner Account, SQL Server sqladmin account}
Scanner           : localhost
ScannerCredential : admin
Scans             : {Acme - Agent Differential Scan Policy (DRAFT), Acme - Agent Scan BPG, Acme - Configuration (STIG) Scan, Acme - Malware Scan...}
ScanZone          : All Computers
SecurityManager   : secman
ServerType        : tenable.sc
Status            : Success

From here, you can run the necessary scans and export the reports for eMASS.

# Run the STIG scan
Get-TNScan -Name 'DISA STIG MSSQL 2012 Database v1r20' | Start-TNScan -Wait
# Export the zip to upload to eMASS
Get-TNReport -Name 'DISA ASR' | Start-TNReport -Wait | Save-TNReportResult -Path C:\temp

Command Support

Some commands are not supported on all platforms. Here is is legend to help.

Command Nessus tenable.sc
Add-TNGroupUser x
Add-TNPluginRule x
Add-TNPolicyPortRange x x
Add-TNScanner x
Backup-TNServer x x
Connect-TNServer x x
ConvertFrom-TNRestResponse x x
Copy-TNPolicy x x
Disable-TNPolicyLocalPortEnumeration x x
Disable-TNPolicyPortScanner x x
Edit-TNPluginRule x x
Enable-TNPolicyLocalPortEnumeration x x
Enable-TNPolicyPortScanner x x
Export-TNPolicy x x
Export-TNScan x x
Get-TNAnalysis x x
Get-TNAsset x
Get-TNAudit x
Get-TNCredential x
Get-TNDashboard x
Get-TNFeedStatus x
Get-TNFolder x
Get-TNGroup x x
Get-TNGroupMember x x
Get-TNLdapServer x
Get-TNOrganization x
Get-TNOrganizationUser x
Get-TNPlugin x x
Get-TNPluginFamily x x
Get-TNPluginFamilyDetails x x
Get-TNPluginRule x
Get-TNPolicy x x
Get-TNPolicyDetail x x
Get-TNPolicyLocalPortEnumeration x
Get-TNPolicyPortRange x x
Get-TNPolicyPortScanner x x
Get-TNPolicyTemplate x x
Get-TNQuery x
Get-TNReport x
Get-TNReportAttribute x
Get-TNReportResult x
Get-TNRepository x
Get-TNRole x
Get-TNScan x x
Get-TNScanDetail x x
Get-TNScanHistory x
Get-TNScanHost x x
Get-TNScanHostDetail x x
Get-TNScanner x
Get-TNScanResult x
Get-TNScanTemplate x
Get-TNScanZone x
Get-TNServerInfo x
Get-TNServerStatus x x
Get-TNSession x x
Get-TNSessionInfo x x
Get-TNSystemLog x
Get-TNUser x x
Import-TNAsset x
Import-TNAudit x
Import-TNCustomPlugin x
Import-TNDashboard x
Import-TNPolicy x
Import-TNReport x
Import-TNScan x
Initialize-TNServer x x
Invoke-TNRequest x x
New-TNAsset x
New-TNCredential x
New-TNDisaAsrReport x
New-TNFolder x
New-TNGroup x x
New-TNLdapServer x
New-TNOrganization x
New-TNOrganizationUser x
New-TNPolicy x x
New-TNQuery x
New-TNReportAttribute x
New-TNRepository x
New-TNScan x x
New-TNScanZone x
New-TNUser x x
Register-TNLicense x
Remove-TNAsset x x
Remove-TNAudit x
Remove-TNCredential x
Remove-TNDashboard x x
Remove-TNFolder x x
Remove-TNGroup x x
Remove-TNGroupUser x x
Remove-TNOrganization x
Remove-TNOrganizationUser x
Remove-TNPluginRule x x
Remove-TNPolicy x x
Remove-TNQuery x
Remove-TNReport x x
Remove-TNReportResult x x
Remove-TNRepository x
Remove-TNScan x x
Remove-TNScanHistory x x
Remove-TNScanner x
Remove-TNScanZone x x
Remove-TNSession x x
Remove-TNUser x x
Rename-TNFolder x x
Rename-TNGroup x x
Restart-TNService x x
Restore-TNServer x x
Resume-TNScan x x
Save-TNAudit x x
Save-TNPlugin x x
Save-TNReportResult x
Save-TNScanResult x
Save-TNScapFile x x
Set-TNCertificate x x
Set-TNPolicyPortRange x x
Set-TNRepositoryProperty x
Set-TNScanProperty x
Set-TNScanZoneProperty x
Set-TNUserPassword x x
Start-TNDeploy x x
Start-TNReport x
Start-TNScan x x
Stop-TNScan x x
Suspend-TNScan x x
Test-TNAccessibility x x
Update-TNPluginFeed x
Wait-TNServerReady x x

Key links for reference: