Tenable Nessus

Launching a Tenable Nessus Scan on an EC2

1176 VIEWS

Tenable Nessus is a network vulnerability scanner, and you use it to scan your assets to expose common vulnerabilities and misconfiguration. In this post, I will talk about how to use Nessus on EC2.

The tools we will be using are the Tenable Python SDK, AWS Python SDK, and Boto 3 to launch a scan on AWS EC2. The first thing we need is our target. In this case, AWS EC2’s IP address is needed to use them as targets for the scan.

Since we are utilizing the AWS Python SDK, the first step will be to connect to your AWS account, from which we will retrieve the EC2 IP address. You can use as many targets as you want, but for this example, I will be taking a random set of 5 EC2 targets from the AWS account.

But before jumping into the code, I am going to assume that you have installed Boto 3 and have access to the AWS CLI. If you don’t, please set that up before proceeding. You can find that information through the following links:

Installing the AWS CLI
BOTO 3 Configuration

Now that the setup is complete, it is time to import our libraries and connect to AWS EC2.

`import boto3`
`import random`
`import datetime`
 
`def ec2_connect():
 	ec2 = boto3.resources(‘ec2’)
 	instances = ec2.instances.filter(Filters=[{‘Name’: ’instance-state-name’, ‘Values’:    [‘running’]}])
 	return instances`

For this part, you can have a set target list of IP addresses you want to run the scanner on, or you can grab a random sample of 5 IP addresses. It all depends on what you’re trying to accomplish.

`def filter_ec2_instance(ec2_connect):
        public_ips = [each_instance.public_ip_address for each_instance in ec2_connect]
     	return random.sample((public_ips), 5)`

Let’s create a target list from the random sample we got in the code above — That will conclude the AWS part, which is obtaining our list of targets.

 
`def target_list(filter_ec2_instance):
    target = []
    target = ‘,’.join(filter_ec2_instance)
    return target`

Now, on to our Tenable scan. The first thing we need for this portion of our code to work is to generate an access key and secret key. If you don’t already have these, you can click on the link and it will show you how to create them. Once you have them, you can proceed.

GenerateAPIKey

Import the following libraries:

`import argparse`
`import os`
`from datetime import datetime`
`from tenable_io.api.models import Scan`
`from tenable_io.api.scans import ScanExportRequest`
`from tenable_io.client import TenableIOClient`
`from tenable_io.exceptions import TenableIOApiException`
`from tenable_io.exceptions import TenableIOException`
`from time import time`

We will also be using an ArgumentParser to configure our Tenable private access key and secret key. It’s always important not to hard-code your private keys in any of your code. (If you do, they can be used by anyone, which leaves your account at risk.)

`parser = argparse.ArgumentParser(description='configuration of nessus tenable account')`
`parser.add_argument('-a', '--tenable_key', required=True, help='access key')
`parser.add_argument('-k', '--tenable_secret', required=True, help='secret key')`
 
`args = parser.parse_args()`
`tenable_key = args.tenable_key`
`tenable_secret = args.tenable_secret`

Now we can connect to the Tenable client. This is very similar to what we did in the AWS portion.

`def tenable_client():
        	return TenableIOClient(tenable_key, tenable_secret)`

Now it’s time to create our scan on the target list we provided (in this case, target_list.)

`def create_scan(tenable_client):
        	timestr = time.strftime("%Y%m%d-%H%M%S")
        	scan_name = u"scanjob_" + timestr
        	scan = tenable_client().scan_helper.create(name=scan_name,       text_targets='target_list', template='basic')
        	return scan`

Now we are ready to launch the scan we have just created. Please note that once you execute this script, it may take a while depending on how many IP Addresses you are launching a scan on. I would recommend starting with 1-5 IP addresses and working your way up.

 
`def launch_scan(create_scan):
        	create_scan.launch().download('/path/to/your/scan_name.pdf')
        	first_scan_id = min([int(history.history_id) for history in create_scan.histories()])
        	assert os.path.isfile('/path/to/your/scan_name.pdf')
        	return('/path/to/your/scan_name.pdf')`
 
Execution:
 
`def main():
    generate_tennable_target_list(filter_ec2_instance(ec2_connect()))
	launch_scan(create_scan(tenable_client))`
	
`if __name__ == '__main__':
  main()`

We are done writing our code and are ready to execute. Simply save all the code in your favorite text editor and execute, like so:

`./name_of_your_file –a [Tenable Access Key] –k [Tenable Secret Key]`

Once the report is done, it should appear in the path that you stated. It also will appear in the Tenable console. This script can easily be adapted so that you can email the generated scan report to yourself, or to whoever needs to look at the report. You can also create a cron job from this, or easily make an AWS Lambda function (which is how I used this), along with emailing the report to myself.

I hope that the script is clear so that you understand everything that is going on. If you want to look at more examples of how to use the Tenable.io Python SDK and extend your learning, you can click on the links below.
Tenable.io SDK Python examples
Tenable API Documentation


Wendy Segura is a former Security Engineer Intern at Agari. She previously attended Holberton School in San Francisco. She enjoys learning about new security technologies, reading and writing.


Discussion

Click on a tab to select how you'd like to leave your comment

Leave a Comment

Your email address will not be published. Required fields are marked *

Menu