Installing Nessus e Vulnwhisperer [Part 7]

Vulnerability management is the “cyclical practice of identifying, classifying, prioritizing, remediating, and mitigating” software vulnerabilities.

In this post, we will configure two platforms that will help us to identity vulnerabilities and aggregate the findings: VulnWhisperer and Nessus.

VulnWhisperer is a vulnerability management tool and report aggregator. VulnWhisperer will pull all the reports from the different Vulnerability scanners and create a file with a unique filename for each one.

Nessus essentials: is a free version of the famous Nessus vulnerability scanner.

This tutorial is part of the article “SECaaS — Security as a Service”. I recommend you to read this article before to understand the basics and the purpose of this lab.

Hardware requirements
For this demo I used the following machine configurations for Nessus.

Ubuntu 18.04 LTS — Bionic
2vCPU
4GB Mem
Storage 20GB

Vulnwhisperer must be installed in the same machine as Elasticsearch Stack.

Installing and configuring Nessus

*The following command is only if you have the the Nessus paid version.

$ curl --request GET --url https://www.tenable.com/downloads/api/v2/pages/nessus/files/Nessus-8.7.1-debian6_amd64.deb  --header “Authorization: Bearer <auth-code-here>” --output ./fileName.deb

If you do not have the Nessus paid version, you will need to transfer the package that you downloaded in your machine using for example WinSCP program.

After you download the package, install it.

$ dpkg -i Nessus-8.13.1-ubuntu1110_amd64.deb

Start Nessus service.

$ sudo service nessud start

Try acess Nessus in your browser.

https://<nessus_ip>:8834

After all create an acount in Nessus Website.

Select Nessus Essentials.

Fill the asked informations to receive an activation code.

Insert the code received in an email and create a username and password.

Nessus will take a little time to configure and initialize the plugins.

Launch Scans

We will perform a basic network scan.

Click +New Scan button and select Basic network scan.

Give a Name and a Description for the scan and in the Target box insert the IPs that you want to perform the scan. (You can set a range of IPs, URLs etc)

Click Save.

In the next window, select the scan that you saved and click Launch.

You can click in your scan an view the details the finding.

Installing and Configuring VulnWhisperer

Vulnwhisperer uses python2.7 to work.

First, install dependencies packages.

$ sudo apt-get install  zlib1g-dev libxml2-dev libxslt1-dev

Change the actual python version if you are not using the version 2.7.

$  update-alternatives --config python

Select the version 2.7 and exit.

Download the Vulnwhisperer package.

$ cd /etc/
$ git clone https://github.com/HASecuritySolutions/VulnWhisperer
$ cd VulnWhisperer

Install the requirements.

$  pip install -r requirements.txt

Install Vulnwhisperer.

$  python setup.py install

Go to the configuration files to change the Nessus module. Change the items in bold below. If you change the path where the scans are downloaded, please also change in the configuration file.

$ cd configs
$ vim frameworks_example.ini
[nessus]
enabled=true
hostname=localhost
port=8834
access_key=
secret_key=
username=nessus_username
password=nessus_password

write_path=/opt/VulnWhisperer/data/nessus/
db_path=/opt/VulnWhisperer/data/database
trash=false
verbose=true

In this VulnWhisperer configuration file you can see a lots of scans engines that you can integrate with.

Check the connection with Nessus and download the reports.

$  vuln_whisperer -F -c configs/frameworks_example.ini -s nessus

You should see something like this.

To download the report periodically without interaction, create a cron job.

$  crontab -eSHELL=/bin/bash
* * * * * /usr/local/bin/vuln_whisperer -c /etc/VulnWhisperer/configs/frameworks_example.ini >/dev/null 2>&1

Download Templates for ElasticSearch

Go to the VulnWhisperer official github and copy the template.

Back to Kibana, open a Dev Tools menu.

Upload the code.

PUT _template/logstash-vulnwhisperer
<COPIED TEMPLATE>

In an Index Management menu you can see the upload template.

Download Templates for Kibana

Go to Stack Management, Kibana, Saved Objects, Import.

Import the following file.

Go to Dashboard in Kibana and see the VulnWhisperer dashboards.

Download Templates for Logstash

Copy the configuration file to appropriate directory and change the output command to consider the Elasticsearch server.

$ cd /etc/VulnWhisperer/resources/elk6/pipeline/
$ cp 1000_nessus_process_file.conf /etc/logstash/conf.d/
$ cd /etc/logstash/conf.d/
$ vim 1000_nessus_process_file.conf
output {
if "nessus" in [tags] or "tenable" in [tags]{
stdout {
codec => dots
}
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "logstash-vulnwhisperer-%{+YYYY.MM}"
}
}
}

Restart Logstash and Elasticsearch services.

$ sudo systemctl restart logstash
$ sudo systemctl restart elasticsearch

You now should see the index created in the Index Templates menu.

Viewing Results in a Dashboard

Wrap-up

Information security for study purpose only and more!