search

tenable / Posh-Nessus

PowerShell Module for automating Tenable Nessus Vulnerability Scanner.
BSD 3-Clause "New" or "Revised" License
88 stars 36 forks source link

REST timeout since Nessus upgrade to v7.0.1 #20

Open tschuh-vazata opened 6 years ago

tschuh-vazata commented 6 years ago

New-NessusSession times out on instantiation since upgrading our Nessus instance to 7.0.1 (Windows 2012R2). I can log in to the Nessus server via browser with the same credentials.

tschuh-vazata commented 6 years ago 
VERBOSE: POST https://<ServerIP>:8834/session with -1-byte payload
Invoke-RestMethod : The operation has timed out
At C:\Users\tschuh\Documents\WindowsPowerShell\Modules\Posh-Nessus\Session.ps1:78 char:30
+             $TokenResponse = Invoke-RestMethod @RestMethodParams
+                              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
    + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Packet analyzer shows:

<title>400 Bad Request</title></head><body><h1>Bad Request</h1><p>Your browser sent a request that this server could not understand.<br>Reason: You're speaking plain HTTP to an SSL-enabled server port.<br>Instead, please use the HTTPS scheme to access this URL.<br></p></body></html>

If the Write-Verbose output is to be trusted (no reason not to) then we're already submitting the POST via HTTPS.

darkoperator commented 6 years ago

Module is for Nessus 6.x it has not been tested or updates for 7.x yet so it could be . Thanks for reporting the issue. What specific function where you running that caused the timeout to see if it is related to the change in API

Sent from my iPhone

On Jan 16, 2018, at 6:43 PM, TSchuh notifications@github.com wrote:

VERBOSE: POST https://:8834/session with -1-byte payload Invoke-RestMethod : The operation has timed out At C:\Users\tschuh\Documents\WindowsPowerShell\Modules\Posh-Nessus\Session.ps1:78 char:30

    $TokenResponse = Invoke-RestMethod @RestMethodParams
                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand Packet analyzer shows:

400 Bad Request

Bad Request

Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead, please use the HTTPS scheme to access this URL.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

tschuh-vazata commented 6 years ago

New-NessusSession

I resolved it moments ago by manually removing the module and reinstalling from Git. It seems Remove-Module did not perform as expected.