search

tenable / Posh-Nessus

PowerShell Module for automating Tenable Nessus Vulnerability Scanner.
BSD 3-Clause "New" or "Revised" License
88 stars 36 forks source link

Credentials on Policy not recognised.. #1

Closed davidwallis closed 9 years ago

davidwallis commented 9 years ago

I have an existing policy with credentials set, which works in the gui.

If I do:

$policy = Get-NessusPolicy -SessionId $Session.SessionId -Name $PolicyName -ErrorAction Stop New-NessusScan -SessionId $Session.SessionId -PolicyID $Policy.PolicyID -Name "Test" -Target $ServerName -Enabled $true -Email david.wallis@blah.com

I get the following error:

InvokeNessusRestRequest : {"error":"One of the following credentials must be added to this policy: SNMPv1/v2c, Windows, SSH, Symantec Altiris, Red Hat Satellite 6 Server, Microsoft SCCM, Red Hat Satellite Server, Dell KACE K1000, IBM Tivoli Endpoint Manager (BigFix), Microsoft WSUS, Palo Alto Networks PAN-OS, VMware vCenter SOAP API, VMware ESX SOAP API, ADSI, MongoDB, Database"} At C:\Users\davidw\Documents\WindowsPowerShell\Modules\Posh-Nessus\Scan.ps1:1418 char:25

Is this something you are aware of, or something I'm doing wrong?

davidwallis commented 9 years ago

I also see the same if I try using $Policy.PolicyUUID as -PolicyUUID

To add I've also logged this with support under 00159284 as I'm not 100% convinced its the API code after looking through the source.

darkoperator commented 9 years ago

just in case, this project is in development and not supported by Tenable, so more than likely support will not able to assist. Can you provide info on the version of of Nessus your using so I can try to replicate?

darkoperator commented 9 years ago

Been trying to replicate and only way I have been able is if I by accident I click and add an empty credential by importing a policy that requires them but they are not defined since export and import of a policy file will not contain the credentials. 

PS C:\Users\cperez> Get-NessusPolicy -SessionId 0
Name           : Lab Cred Scan
PolicyId       : 11
Description    : 
PolicyUUID     : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f
Visibility     : private
Shared         : False
Owner          : carlos
UserId         : 2
NoTarget       : false
UserPermission : 128
Modified       : 2/13/2015 7:46:51 PM
Created        : 2/13/2015 7:46:51 PM
SessionId      : 0
Name           : tesztcred
PolicyId       : 136
Description    : 
PolicyUUID     : ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66
Visibility     : private
Shared         : False
Owner          : carlos
UserId         : 2
NoTarget       : false
UserPermission : 128
Modified       : 8/20/2015 7:17:53 PM
Created        : 8/20/2015 7:17:53 PM
SessionId      : 0
PS C:\Users\cperez> New-NessusScan -SessionId 0 -Name testscan -PolicyId 136 -Target "192.168.1.4" -Email "cperez@tenable.com" -Enabled $true
Name             : testscan
ScanId           : 145
Status           : 
Enabled          : True
FolderId         : 
Owner            : carlos
UserPermission   : Sysadmin
Rules            : 
Shared           : 0
TimeZone         : 
CreationDate     : 8/20/2015 7:35:05 PM
LastModified     : 8/20/2015 7:35:05 PM
StartTime        : 12/31/1969 7:00:00 PM
Scheduled        : 
DashboardEnabled : False
SessionId        : 0
davidwallis commented 9 years ago

Version Info:

Support ID No Asset Tag Platform VMware, Inc. VMware Virtual Platform Architecture x86_64 Tenable Appliance 3.7.0 Nessus® 6.4.3

davidwallis commented 9 years ago

I also mentioned to support that I have upgraded this appliance from version 2.8.1 -> 3.2.0 --> 3.4 -- > 3.7

darkoperator commented 9 years ago

Support will not even know who to pass the ticket for since the module is not a product or finished :) for anything in GitHub better to open an Issue directly in Github. When you look at the policy in the Nessus UI and go to credentials are their any that are empty with missing fields? Was this policy created from a Template that requiered credentials?

davidwallis commented 9 years ago

nessus credentials

See attached

darkoperator commented 9 years ago

What template did you use for the policy?

On Sep 8, 2015, at 11:24 AM, David Wallis notifications@github.com wrote:

https://cloud.githubusercontent.com/assets/13855486/9739042/1f85a456-5646-11e5-8fc2-7fff7ac448a5.jpg See attached

— Reply to this email directly or view it on GitHub https://github.com/tenable/Posh-Nessus/issues/1#issuecomment-138599587.

davidwallis commented 9 years ago

Advanced.. If I do a new template I get the same error..

darkoperator commented 9 years ago

Something weird is happening, on a regular scanner I can not replicate it, will try to see if I can get my hands on a Appliance image. Bellow you will see the steps I took to create it, the info of my scanner also. Policy only has one single SSH cred assigned it it. 

PS C:\> Get-NessusServerInfo -SessionId 1

NessusType     : Nessus Professional
ServerVersion  : 6.4.3
UIVersion      : 6.4.3
PluginSet      : 201508200415
Feed           : 
FeedExpiration : 9/19/2017 12:00:00 AM
Capabilities   : @{multi_scanner=True; report_email_config=False}
UUID           : 9b7b6864-d654-345f-57f2-aeaa5438654421ba99bb9f34e2b5
Update         : @{href=; new_version=0; restart=0}
Enterprise     : 
License        : @{activation_code=****-****-****-****; 
                 update_url=https://plugins.nessus.org/v2/nessus.php; type=professional; 
                 expiration_date=1505793600; mode=2; scanners_used=0; agents_used=0; 
                 update_password=f3f57a4647ee408b1cd04943354aea1f; name=Nessus Professional}

PS C:\> Get-NessusPolicy -SessionId 1

Name           : adv_sshcred
PolicyId       : 146
Description    : 
PolicyUUID     : ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66
Visibility     : private
Shared         : False
Owner          : carlos
UserId         : 2
NoTarget       : false
UserPermission : 128
Modified       : 9/8/2015 1:25:12 PM
Created        : 9/8/2015 1:25:12 PM
SessionId      : 1

PS C:\> New-NessusScan -SessionId 1 -Name devops_scan -PolicyId 146 -Target "192.168.1.4" -Email "cperez@tenable.com" -Enabled $true

Name             : devops_scan
ScanId           : 149
Status           : 
Enabled          : True
FolderId         : 
Owner            : carlos
UserPermission   : Sysadmin
Rules            : 
Shared           : 0
TimeZone         : 
CreationDate     : 9/8/2015 1:27:20 PM
LastModified     : 9/8/2015 1:27:20 PM
StartTime        : 12/31/1969 7:00:00 PM
Scheduled        : 
DashboardEnabled : False
SessionId        : 1
davidwallis commented 9 years ago

NessusType : Nessus Professional ServerVersion : 6.4.3 UIVersion : 6.4.3 PluginSet : 201509081215 Feed : FeedExpiration : 27/01/2016 05:00:00 Capabilities : @{multi_scanner=True; report_email_config=True} UUID : 1ba307e8-b6f9-122a-b9d1-22ffa2450cb2762c3df4a17e7f65 Update : @{href=; new_version=0; restart=0} Enterprise : License : @{activation_code=xxxx-xxxx-xxxx-xxxx; update_url=https://plugins.nessus.org/v2/nessus.php; type=professional; expiration_date=1453870800; mode=2; scanners_used=0; agents_used=0; update_password=xxxxxxxxxxxxxxxxxxxxxxx; name=Nessus Professional}

Name : Missing Patches PolicyId : 2 Description : Scan For Missing Patches PolicyUUID : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f Visibility : shared Shared : True Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:40 Created : 20/05/2014 09:50:04 SessionId : 0

Name : PCI Scan PolicyId : 3 Description : PolicyUUID : cfc46c2d-30e7-bb2b-3b92-c75da136792d080c1fffcc429cfd Visibility : shared Shared : True Owner : Admin UserId : 1 NoTarget : false UserPermission : 128 Modified : 01/09/2015 20:51:40 Created : 20/05/2014 09:50:04 SessionId : 0

Name : AutomatedServerBuildPolicy PolicyId : 4 Description : Automated Server Build Policy - Don't rename! PolicyUUID : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f Visibility : shared Shared : True Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 20/05/2014 09:50:04 SessionId : 0

Name : Basic Network Scan PolicyId : 120 Description : PolicyUUID : 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65 Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 15/09/2014 14:27:10 SessionId : 0

Name : DavidTest PolicyId : 245 Description : Non Domain Joined Test PolicyUUID : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:40 Created : 25/11/2014 10:49:13 SessionId : 0

Name : HostDiscovery_DW PolicyId : 250 Description : PolicyUUID : bbd4f805-3966-d464-b2d1-0079eb89d69708c3a05ec2812bcf Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : false UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 25/11/2014 10:52:29 SessionId : 0

Name : Credit Card Number PolicyId : 379 Description : Searches for valid Visa, AMEX, Discover, and MasterCard numbers. PolicyUUID : Visibility : shared Shared : True Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 09/01/2015 10:14:45 SessionId : 0

Name : AutomatedServerBuildPolicyV2 PolicyId : 728 Description : PolicyUUID : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 01/04/2015 11:02:23 SessionId : 0

Name : Ingrida_Test PolicyId : 963 Description : basic machine scan PolicyUUID : 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65 Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:40 Created : 19/06/2015 09:08:11 SessionId : 0

Name : Internal Scan For VA Schedule PolicyId : 1010 Description : PolicyUUID : 731a8e52-3ea6-a291-ec0a-d2ff0619c19d7bd788d6be818b65 Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 26/06/2015 12:17:48 SessionId : 0

Name : Patch Scan Policy PolicyId : 1060 Description : PolicyUUID : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:40 Created : 15/07/2015 12:27:38 SessionId : 0

Name : DG Trial PolicyId : 1103 Description : PolicyUUID : e460ea7c-7916-d001-51dc-e43ef3168e6e20f1d97bdebf4a49 Visibility : private Shared : False Owner : Admin UserId : 1 NoTarget : UserPermission : 128 Modified : 01/09/2015 20:51:41 Created : 21/07/2015 10:17:07 SessionId : 0

davidwallis commented 9 years ago

I certainly think something wierd is going on.. and dont think its the code.. but to show I'm doing the same:

PS C:\Users\davidw\Documents> New-NessusScan -SessionId 0 -Name "devops_scan" -policyId 245 -Target "192.168.1.4" -Email "david.wallis@something.com" -Enabled $true InvokeNessusRestRequest : {"error":"One of the following credentials must be added to this policy: SNMPv1/v2c, Windows, SSH, Symantec Altiris, Red Hat Satellite 6 Server, Microsoft SCCM, Red Hat Satellite Server, Dell KACE K1000, IBM Tivoli Endpoint Manager (BigFix), Microsoft WSUS, Palo Alto Networks PAN-OS, VMware vCenter SOAP API, VMware ESX SOAP API, ADSI, MongoDB, Database"} At C:\Users\davidw\Documents\WindowsPowerShell\Modules\Posh-Nessus\Scan.ps1:1418 char:25

davidwallis commented 9 years ago

I can export my policy and send it if that's any use?

davidwallis commented 9 years ago

Just had a thought, I had a linux box also running a scanner, so tried it on there and got the same issue..

But there are two policies, one called automated that has the type as advanced - this worked.. the one called automated1 who's type is template - didnt work...

Details from that:

NessusType : Nessus Professional ServerVersion : 6.4.3 UIVersion : 6.4.3 PluginSet : 201509080515 Feed : FeedExpiration : 27/01/2016 05:00:00 Capabilities : @{multi_scanner=True; report_email_config=False} UUID : 0cf56f0b-3afb-edc7-e115-45f10f18cc9fbf844f2af28c0976 Update : @{href=; new_version=0; restart=0} Enterprise : License : @{activation_code=xxxx-xxxx-xxxx-xxxx; update_url=https://plugins.nessus.org/v2/nessus.php; type=professional; expiration_date=1453870800; mode=2; scanners_used=0; agents_used=0; update_password=xxxxxxxxxxxxxxxxxxxxxx; name=Nessus Professional}

Name : 123 PolicyId : 9 Description : PolicyUUID : ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66 Visibility : shared Shared : True Owner : admin UserId : 2 NoTarget : false UserPermission : 128 Modified : 13/07/2015 14:01:54 Created : 13/07/2015 13:50:13 SessionId : 5

Name : automated1 PolicyId : 10 Description : test PolicyUUID : 0625147c-30fe-d79f-e54f-ce7ccd7523e9b63d84cb81c23c2f Visibility : shared Shared : True Owner : admin UserId : 2 NoTarget : false UserPermission : 128 Modified : 09/09/2015 10:03:30 Created : 13/07/2015 14:01:27 SessionId : 5

Name : Test123 ScanId : 17 Status : Enabled : True FolderId : Owner : admin UserPermission : Sysadmin Rules : Shared : 0 TimeZone : CreationDate : 09/09/2015 10:04:59 LastModified : 09/09/2015 10:04:59 StartTime : 01/01/1970 00:00:00 Scheduled : DashboardEnabled : False SessionId : 5

davidwallis commented 9 years ago

Hmm, I really dont understand this, I've now created another policy and it now seems to work.. however the scan isn't visible in the gui.. and the scan number does increment..

davidwallis commented 9 years ago

Ok fixed that by getting the folders and specifying the folderID

So I think I am working now, but don't understand what has changed..