Nessus Plugin unable to create new scan #11117
Comments
|
State altering requests are protected with a new mechanism since Nessus version 7.0. I sent a pull request to the maintainer of nessus_rest-ruby to handle that new protection (see kost/nessus_rest-ruby#7). Once it gets merged, I'll create a PR for metasploit-framework in order to get Nessus scan management back :) With the fixed version of nessus_rest-ruby I can manage scans on Nessus 7.x/8.x with the latest version of Metasploit: |
|
Same to me |
|
Thank you for this temporary fix @qkaiser. |
|
I have the same issue in Metasploit installed in Kali. Can someone please tell me what should I do? |
|
Hi, I have this same issue:
what should I do? |
|
@k4n4n the fix is still not included in nessus_rest library which means it still won't work in Metasploit. What you could do is replace the file directly on your installation. On Kali Linux, you would do the following: Please note that this is a really hacky hot fix and I don't recommend doing it. |
|
@bcoles @wvu-r7 @space-r7 the Nessus integration in Metasploit has been broken for more than a year now. The fix is available since January 2019 but was never merged in the third party library you rely on for Nessus integration. Anything Rapid7 team can do ? Maybe create its own fork of nessus_rest-ruby to merge the fix into it ? I'd do it but I have no experience with gem publishing. |
|
@qkaiser I'll see if we can take a look at this in the next few weeks. |
|
So I tried the "hacky" and not-recommended fix above and landed a new error on connecting to nessus v8.9.0:
any ideas? |
Yes. I provided bad instructions. The wget command does not work like curl, so when you ran the command I provided above it created an empty file ( Can you try with curl instead ? Thanks for pointing this out, I edited my previous instructions. |
|
@qkaiser excellent!!! Works perfectly so far. Very much appreciate the fix and immediate response - university project owes you a mention :) |
|
Further to above fix, directory of broken file on Ubuntu 18.04 is as follows. Works as expect.
|
|
Hey folks, we took a look at this and it seems like changes Tenable made to its API support mean that Nessus version 7 and later (presumably) can't support this integration. This should still work with Nessus 6 and below, but it looks like a further-reaching fix is out of our hands for now. Tenable docs here: https://community.tenable.com/s/article/The-differences-between-Nessus-6-and-Nessus-7 @qkaiser's fix may be a workaround for those looking for an out-of-band solution! |
|
The fix provided by @qkaiser stopped working today. Anyone else experienced the same issue? |
Can you elaborate ? I haven't seen breaking updates with Nessus 8.9.1 |
Hi, thanks for the reply. The bug seems intermittent and is likely linked to editing the policy name in the UI policy configurations (and or attempting to run an incorrect scan name from Metasploit at an earlier stage) I recreated the policy, restarted Nessus and restarted the OS, then re-ran the scan from Metasploit - turn things off and on enough and evidently they work. Here's the trace anyway: |
|
As pointed out here kost/nessus_rest-ruby#7 (comment) my fix no longer works starting from Nessus 8.12 due to a change in token format. I'll update the code this week to support that change. |
|
Fix is now working again, let me know if you encounter any issues. |
|
@qkaiser , i have tried the following curl and still got the error mentioned above. |
Which version of Nessus are you using ? Did you re-launch msfconsole ? Are you running msfconsole on Kali linux ? |
|
Working in BlackArch. I have downloaded the metasploit-framework from git, so the file you have to replace is:
Once I did it, on msfconsole load nessus and issue a new scan with the command nessus_scan_new.
Thanks @qkaiser for your work! |
|
Still the same :
Newest kali, newest msf, tried the workaround, but it didn't help |
same here, newest kali, newest msf, not working :-( |
Tenable Nessus® Essentials ----- ------------ Nessus is a platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources. Originally launched as an open source tool in 1998, its enterprise edition became a commercial product in 2005. -------------------------- https://www.techtarget.com/searchnetworking/definition/Nessus#:~:text=Nessus%20is%20a%20platform%20developed,a%20commercial%20product%20in%202005. ----------------------------------------------------------------------------- Downloads Links - https://www.tenable.com/products/nessus/nessus-essentials. Register for Nessus Essential Install Nessus in Host window ----------------------------------------------------------------------------- Add win 10 as victim machine in VMWare or Virtual Box ----------------------------------------------------------------------------- =========================================================================== =========================================================================== =========================================================================== After installation of Nessus and window 10 ---- - search nessus and open nessus on localhost over the any browser. https://localhost:8834/#/scans/folders/my-scans =========================================================================== =========================================================================== =========================================================================== - open win 10 in VMWare / virtual box and in host machine - in win run command ipconfig in cmd. ipconfig ----------------------- vitual machine -ip Microsoft Windows [Version 10.0.10240] (c) 2015 Microsoft Corporation. All rights reserved. C:\Users\ok>ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : localdomain Link-local IPv6 Address . . . . . : fe80::ec4b:5794:229f:dd1c%5 IPv4 Address. . . . . . . . . . . : 192.168.176.138 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.176.2 Tunnel adapter isatap.localdomain: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : localdomain Tunnel adapter Local Area Connection* 3: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:348b:fb58:6b:1533:8f3b:9bb4 Link-local IPv6 Address . . . . . : fe80::6b:1533:8f3b:9bb4%2 Default Gateway . . . . . . . . . : :: =========================================================================== =========================================================================== ========================================================================== --------------------------------------------------------- Host machine -- Microsoft Windows (c) Microsoft Corporation. All rights reserved. C:\Users\omkan>ipconfig Windows IP Configuration Wireless LAN adapter Local Area Connection* 1: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::e187:a78a:5fa1:4b00%17 IPv4 Address. . . . . . . . . . . : 192.168.61.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::9aa2:197b:a5a0:3820%19 IPv4 Address. . . . . . . . . . . : 192.168.176.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::6e94:6877:311e:a616%5 IPv4 Address. . . . . . . . . . . : 192.168.114.26 Subnet Mask . . . . . . . . . . . : 255.255.252.0 Default Gateway . . . . . . . . . : 192.168.112.1 ================================================================== ================================================================== ================================================================== ================================================================== ================================================================== use ping cmd. in host os to VM os C:\Users\omkan> C:\Users\omkan>ping 192.168.176.138 Pinging 192.168.176.138 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.176.138: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Users\omkan> ================================================================= ================================================================= ================================================================= Turn off win firwall of VMWare os - Control Panel\System and Security\Windows Firewall\Customize Settings Turn off win firwall ================================================================ ================================================================= ================================================================= ================================================================= Then ping again - C:\Users\omkan>ping 192.168.176.138 Pinging 192.168.176.138 with 32 bytes of data: Reply from 192.168.176.138: bytes=32 time<1ms TTL=128 Reply from 192.168.176.138: bytes=32 time<1ms TTL=128 Reply from 192.168.176.138: bytes=32 time=1ms TTL=128 Reply from 192.168.176.138: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.176.138: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms C:\Users\omkan> ================================================================ ================================================================= ================================================================= ================================================================= ================================================================ ================================================================= ================================================================= ================================================================= open web console of Nessus on localhost https://localhost:8834/#/scans/folders/my-scans ==================================================== in new scan not working then https://community.tenable.com/s/question/0D53a00009Gf95JCAR/new-scan-button-not-working?language=en_US =================================================== rapid7/metasploit-framework#11117 =============================================================
Tenable Nessus® Essentials ----- ------------ Nessus is a platform developed by Tenable that scans for security vulnerabilities in devices, applications, operating systems, cloud services and other network resources. Originally launched as an open source tool in 1998, its enterprise edition became a commercial product in 2005. -------------------------- https://www.techtarget.com/searchnetworking/definition/Nessus#:~:text=Nessus%20is%20a%20platform%20developed,a%20commercial%20product%20in%202005. ----------------------------------------------------------------------------- Downloads Links - https://www.tenable.com/products/nessus/nessus-essentials. Register for Nessus Essential Install Nessus in Host window ----------------------------------------------------------------------------- Add win 10 as victim machine in VMWare or Virtual Box ----------------------------------------------------------------------------- =========================================================================== =========================================================================== =========================================================================== After installation of Nessus and window 10 ---- - search nessus and open nessus on localhost over the any browser. https://localhost:8834/#/scans/folders/my-scans =========================================================================== =========================================================================== =========================================================================== - open win 10 in VMWare / virtual box and in host machine - in win run command ipconfig in cmd. ipconfig ----------------------- vitual machine -ip Microsoft Windows [Version 10.0.10240] (c) 2015 Microsoft Corporation. All rights reserved. C:\Users\ok>ipconfig Windows IP Configuration Ethernet adapter Ethernet0: Connection-specific DNS Suffix . : localdomain Link-local IPv6 Address . . . . . : fe80::ec4b:5794:229f:dd1c%5 IPv4 Address. . . . . . . . . . . : 192.168.176.138 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.176.2 Tunnel adapter isatap.localdomain: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : localdomain Tunnel adapter Local Area Connection* 3: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:0:348b:fb58:6b:1533:8f3b:9bb4 Link-local IPv6 Address . . . . . : fe80::6b:1533:8f3b:9bb4%2 Default Gateway . . . . . . . . . : :: =========================================================================== =========================================================================== ========================================================================== --------------------------------------------------------- Host machine -- Microsoft Windows (c) Microsoft Corporation. All rights reserved. C:\Users\omkan>ipconfig Windows IP Configuration Wireless LAN adapter Local Area Connection* 1: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Wireless LAN adapter Local Area Connection* 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::e187:a78a:5fa1:4b00%17 IPv4 Address. . . . . . . . . . . : 192.168.61.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::9aa2:197b:a5a0:3820%19 IPv4 Address. . . . . . . . . . . : 192.168.176.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Wireless LAN adapter Wi-Fi: Connection-specific DNS Suffix . : Link-local IPv6 Address . . . . . : fe80::6e94:6877:311e:a616%5 IPv4 Address. . . . . . . . . . . : 192.168.114.26 Subnet Mask . . . . . . . . . . . : 255.255.252.0 Default Gateway . . . . . . . . . : 192.168.112.1 ================================================================== ================================================================== ================================================================== ================================================================== ================================================================== use ping cmd. in host os to VM os C:\Users\omkan> C:\Users\omkan>ping 192.168.176.138 Pinging 192.168.176.138 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.176.138: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Users\omkan> ================================================================= ================================================================= ================================================================= Turn off win firwall of VMWare os - Control Panel\System and Security\Windows Firewall\Customize Settings Turn off win firwall ================================================================ ================================================================= ================================================================= ================================================================= Then ping again - C:\Users\omkan>ping 192.168.176.138 Pinging 192.168.176.138 with 32 bytes of data: Reply from 192.168.176.138: bytes=32 time<1ms TTL=128 Reply from 192.168.176.138: bytes=32 time<1ms TTL=128 Reply from 192.168.176.138: bytes=32 time=1ms TTL=128 Reply from 192.168.176.138: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.176.138: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms C:\Users\omkan> ================================================================ ================================================================= ================================================================= ================================================================= ================================================================ ================================================================= ================================================================= ================================================================= open web console of Nessus on localhost https://localhost:8834/#/scans/folders/my-scans ==================================================== in new scan not working then https://community.tenable.com/s/question/0D53a00009Gf95JCAR/new-scan-button-not-working?language=en_US =================================================== rapid7/metasploit-framework#11117 ============================================================= ------------------------------------------------------------------------------------------ https://www.youtube.com/watch?v=x87gbgQD4eg
Uh oh!
There was an error while loading. Please reload this page.
Steps to reproduce
Expected behavior
New scan is created which can then be launched.
Current behavior
msf > nessus_scan_new UUID Test Test IP
[] Creating scan from policy number UUID, called Test - Test and scanning IP
[] New scan added
[-] Error while running command nessus_scan_new: undefined method `[]' for nil:NilClass
Call stack:
'/usr/share/metasploit-framework/plugins/nessus.rb:979:in
cmd_nessus_scan_new' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:501:inrun_command'/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:453:in
block in run_single' /usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:ineach'/usr/share/metasploit-framework/lib/rex/ui/text/dispatcher_shell.rb:447:in
run_single' /usr/share/metasploit-framework/lib/rex/ui/text/shell.rb:151:inrun'/usr/share/metasploit-framework/lib/metasploit/framework/command/console.rb:48:in
start' /usr/share/metasploit-framework/lib/metasploit/framework/command/base.rb:82:instart'/usr/bin/msfconsole:49:in `
System stuff
Nessus versions 7.1.2 and 8.1.0 tested.
Metasploit version
Framework: 4.17.26-dev
Console : 4.17.26-dev
I installed Metasploit with:
Kali package via apt
OS
Kali GNU/Linux Rolling
The text was updated successfully, but these errors were encountered: