Hurricane Labs Add-on for Nessus: Getting connecti...

vceclava · ‎03-30-2016

Dear Hurricane Labs Team,

We have faced a problem with the Hurricane Labs Add-on for Nessus when we try to connect via api access and secret key.

The script returns next error:

and there is some logical problems with this part of init.py:

Please FIX it. Or explain how to connect in any other way.
Thank you in advance,
Vlada

mcmaster · ‎04-13-2016

Hey guys sorry for the delay in getting back to you. We'll be releasing a new version of the app to correct this issue. Thanks for the patience and persistence in getting this figured out.

jkat54 · ‎04-11-2016

What happens if you remove everything past the number 6 on line 87 in init.py?

jkat54 · ‎04-13-2016

It appears you can probably circumvent this issue by "hardcoding" your api token on line 23 of nessus/__init__.py

For example:

self.API_TOKEN = '14632bb35282171c7b18472287c253668423eb16c1187803'

instead of None

You should be able to get your token using the following curl command:

 curl -k -X POST -H 'Content-Type: application/json' -d '{"username":"yourUsername","password":"yourPassword"}' https://[yournessusaddress]:8834/session

which is effectively what the code should be doing... but for some reason it isnt.

vceclava · ‎04-12-2016

When everything after 6 is commented, I have next error :

Traceback (most recent call last):

File "scans.py", line 60, in
nessus = NessusApi(cfg["username"],
cfg["password"],
endpoint=cfg["endpoint"],
accessKey=cfg["accesskey"],
secretKey=cfg["secretkey"]) File
/opt/splunk/etc/apps/TA-nessus/bin/nessus/__init__.py,
line 31, in __init__
self.login(username, password) File
/opt/splunk/etc/apps/TA-nessus/bin/nessus/__init__.py,
line 95, in login
self.API_TOKEN = r.json()["token"] KeyError: 'token'

As far as I understand, the flow reaches line 71 and then, goes strait to 76, as url is "session"

When I comment everything after 6 in line 71, the same error occurs

jkat54 · ‎04-12-2016

Ok so from what I see you're getting 401 unauthorized which means you've configured the wrong user/pass/etc.

In your error message it looks you're using defaults in the config file.

jkat54 · ‎04-13-2016

I looked at the code and errors from my computer vs my phone and have a different opinion now.

It seems they are missing a conditional statement on the login function which would match major version 6 and minor version >= 4 which would get a token from the nessus api.

vceclava · ‎04-13-2016

I completely agree with you

vceclava · ‎04-13-2016

When I modified login function it worked with the same parameters:

def login(self, username, password):
if self.major_version == 5:
r = self._post("login", data={"login": username, "password": password})
xml = ET.fromstring(r.text)
self.API_TOKEN = xml.find("./contents/token").text
elif self.major_version == 6 and (self.minor_version < 4 or not self.accessKey):
r = self._post("session", data = {'username': username, 'password': password})
elif self.major_version == 6 and self.minor_version >4:
r = self._get("session", data = {'username': username, 'password': password})
elif r.status_code != 401 and (self.major_version == 6 and self.minor_version <4):
self.API_TOKEN = r.json()["token"]
**elif r.status_code != 401 and (self.major_version == 6 and self.minor_version >4):
self.API_TOKEN = None**
else:
raise Exception("ERROR: Invalid credentials")

mcmaster · ‎03-30-2016

Thank you so much for the detailed error report! Can you confirm what version of Nessus you're running?

vceclava · ‎03-31-2016

Thank you for quick reply.
We use Nessus 6.5.6

vceclava · ‎04-08-2016

Hi! any updates?

Hurricane Labs Add-on for Nessus: Getting connection error using API keys

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms