-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathNessusPro_v7_Report_Exporter_Tool.ps1
165 lines (150 loc) · 7.59 KB
/
NessusPro_v7_Report_Exporter_Tool.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
<#
ScriptName: NessusPro_v7_Report_Exporter_Tool.ps1
PSVersion: 5.1
Purpose: Powershell script that use REST methods to obtain report automation tasks.
Created: Sept 2018.
Comments:
Notes: -Script must be run with ACL that has proxy access if external facing Nessus.io servers are targeted
-Ensure execution policy is set to unrestricted (Requires Administrative ACL)
Author: Paperclips.
Email: Pwd9000@hotmail.co.uk
TechNet: https://gallery.technet.microsoft.com/site/search?f[0].Type=User&f[0].Value=paperclips
Github: /~https://github.com/Pwd9000-ML#>
#------------------Allow Selfsign Cert + workaround force TLS 1.2 connections---------------------
#Ensure correct execution policy is set to run script. Administrative permission is required to Set-ExecutionPolicy.
#Set-ExecutionPolicy Bypass
add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy
[System.Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
#------------------Input Variables-----------------------------------------------------------------
$Baseurl = Read-Host "Enter Nessus Scanner URL + Port (e.g. https://NessusServerFQDN:8834)"
$Username = Read-Host "Enter login username (e.g. Administrator)"
$PasswordResponse = Read-Host "Enter Password" -AsSecureString
$password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($PasswordResponse))
$ContentType = "application/json"
$POSTMethod = 'POST'
$GETMethod = 'GET'
#------------------Create Json Object--------------------------------------------------------------
$UserNameBody = convertto-json (New-Object PSObject -Property @{username = $username; password = $Password})
#------------------Create URI's--------------------------------------------------------------------
$SessionAPIurl = "/session"
$ScansAPIurl = "/scans"
$SessionUri = $baseurl + $SessionAPIurl
$ScansUri = $baseurl + $ScansAPIurl
#------------------Stage props to obtain session token (Parameters)--------------------------------
$session = @{
Uri = $SessionUri
ContentType = $ContentType
Method = $POSTMethod
Body = $UserNameBody
}
#------------------Commit session props for token header X-cookie----------------------------------
$TokenResponse = Invoke-RestMethod @session
if ($TokenResponse) {
$Header = @{"X-Cookie" = "token=" + $TokenResponse.token}
}
else {
Write-host ""
Write-host "Error occured obtaining session token. Script Terminating... Please ensure Username and Password Correct." -ForegroundColor Red
Start-Sleep -s 20
Exit
}
#------------------Output completed scans----------------------------------------------------------
$Scanscompleted = (Invoke-RestMethod -Uri $ScansUri -Headers $Header -Method $GETMethod -ContentType "application/json").scans |
? {$_.status -eq "completed"} |
Select-Object @{Name = "Scan Name"; Expression = {$_.Name}},
@{Name = "Scan Status"; Expression = {$_.Status}},
@{Name = "Id"; Expression = {$_.id}} |
Format-Table -AutoSize
$Scansnotcompleted = (Invoke-RestMethod -Uri $ScansUri -Headers $Header -Method $GETMethod -ContentType "application/json").scans |
? {$_.status -ne "completed"} |
Select-Object @{Name = "Scan Name"; Expression = {$_.Name}},
@{Name = "Scan Status"; Expression = {$_.Status}},
@{Name = "Id"; Expression = {$_.id}} |
Format-Table -AutoSize
Write-Host "-------------------------------------------------------" -ForegroundColor Green
Write-Host "-The following Scans are Completed and can be exported-" -ForegroundColor Green
Write-Host "-------------------------------------------------------" -ForegroundColor Green
$Scanscompleted
Write-Host "---------------------------------------------------------------------" -ForegroundColor Red
Write-Host "-The following Scans have issues and cannot be exported autonomously-" -ForegroundColor Red
Write-Host "---------------------------------------------------------------------" -ForegroundColor Red
$Scansnotcompleted
#------------------Export Completed Scans (Y/N)----------------------------------------------------
$answerexport = Read-Host "Do you want to export the completed Scans? (Y/N)"
If ($answerexport -eq "Y") {
$continue = $True
Write-Host "----------------------------"
Write-Host "-Enter Report Export Format-"
Write-Host "----------------------------"
Write-Host ""
Write-Host "The ""nessus"" format selection will export reports to XML"
$Format = Read-Host "Enter selection: (nessus OR csv OR pdf)"
$ExportBody = convertto-json (New-Object PSObject -Property @{format = "$Format"})
Write-Host "Checking Status...."
#------------------POST Export Requests------------------------------------------------------------
$StatusArray = @()
(Invoke-RestMethod -Uri $ScansUri -Headers $Header -Method $GETMethod -ContentType "application/json").scans |
? {$_.status -eq "completed"} | select-object id, name |
% {
$Exportfile = @{
Uri = "$ScansUri" + "/" + $_.id + "/export"
ContentType = $ContentType
Headers = $Header
Method = $POSTMethod
Body = $ExportBody
}
$file = (Invoke-RestMethod @Exportfile).file
$ScanName = $_.name
$StatusUri = "$ScansUri" + "/" + $_.id + "/export/" + "$file" + "/status"
$DownloadUri = "$ScansUri" + "/" + $_.id + "/export/" + "$file" + "/download"
$StatusArray += [pscustomobject]@{ScanName = $ScanName; StatusUri = $StatusUri; DownloadUri = $DownloadUri}
}
#------------------Check Status of Export requests-------------------------------------------------
Start-Sleep -s 125
$Count = 0
$StatusArray.StatusUri | % {
(Invoke-RestMethod -Uri "$_" -ContentType $ContentType -Headers $Header -Method $GETMethod).status |
% {
If ($_ -ne "ready") {
$Count = $Count + 1
Write-Host "Scan $Count not Ready. Scan is $_. Pausing for 30seconds..." -ForegroundColor Red
Start-Sleep -s 30
}
else {
$Count = $Count + 1
Write-Host "Scan $Count ready for export" -ForegroundColor Green
}
}
}
Write-Host ""
Write-Host "Initiating Scan Export. Please wait for WebRequests to Complete..." -ForegroundColor Green
Write-Host ""
Start-Sleep -s 5
#------------------Download the Reports------------------------------------------------------------
$ExportUri = $StatusArray.DownloadUri
$outputs = $StatusArray.ScanName
foreach ($i in 0..($ExportUri.Count - 1)) {
Invoke-WebRequest -Uri $ExportUri[$i] -ContentType $ContentType -Headers $Header -Method $GETMethod -OutFile "C:\Temp\$($outputs[$i]).$format"
}
Get-childitem c:\Temp\* -include *.nessus -Recurse | Rename-Item -NewName {$_.name -replace 'nessus', 'xml'}
Write-Host ""
Write-Host "Scans have been exported to ""C:\Temp\""" -ForegroundColor Green
Start-Sleep -s 10
}
else {
Write-Host "You selected not to export completed Scans"
Write-Host "This script will Terminate in 10seconds"
Start-Sleep -s 10
}
#------------------Script END----------------------------------------------------------------------