Description:

lazynessus 0.2.6.post2

Lazy-Nessus
Description
I made this script for me to not have to log into Nessus every time I wanted to pause/resume a scan because I am lazy and I don't like logging into my computer at 3 AM. I also added Telegram support since I'm paranoid and want to make sure my actions actually worked.
What started as a simple script to pause/resume scans has turned into a full-fledged CLI tool for Nessus. I have added the ability to list scans, check the status of a scan, export a scan, search for a scan, pause a scan, and resume a scan. I have also added the ability to use a .env file to store your API keys and other variables. This is useful if you want to use the Telegram bot functionality. I have also added the ability to pass all variables as command line arguments if you do not want to use a .env file.
Requirements

Python 3
Nessus Professional or Nessus Manager
Telegram Bot (optional)

Installation

Pip or pipx install

pip install lazy-nessus

pipx install lazy-nessus


Create a Telegram Bot (optional)
Create a .env file in your home directory and add your API keys and other variables (see below) (optional)
Run the script

Example .env file
All optional variables are added. If you do not want to use the .env file, you can pass the variables as command line arguments.
TELEGRAM_BOT_TOKEN="1234567890:ABCDEF1234567890"
TELEGRAM_CHAT_ID="1234567890"
NESSUS_API_TOKEN="1a2b3c4d-1a2b-3c4d-1a2b-3c4d1a2b3c4d"
NESSUS_X_COOKIE="1a2b3c4d1a2b3c4d1a2b3c4d1a2b3c4d1a2b3c4d1a2b3c4d"
NESSUS_PASSWORD="1a2b3c4d5e6f7g8h9i0j"

Examples
List all scans
lazy-nessus scans list

Check the status or a single scan on a given server
lazy-nessus scans check -S 192.168.250.158 -s 13

Pause a scan at a specific time with known API token and X-Cookie
lazy-nessus scans pause -S 10.10.10.10 -p 8080 -s 11 -t "2021-01-01 00:00" -tT "1234567890:ABCDEF1234567890" -tC "1234567890" -aT "1a2b3c4d-1a2b-3c4d-1a2b-3c4d1a2b3c4d" -c "1a2b3c4d1a2b3c4d1a2b3c4d1a2b3c4d1a2b3c4d1a2b3c4d" -v

Resume a localhost scan at a specific time using a password
lazy-nessus scans resume -p 8080 -s 11 -t "2021-01-01 09:45" -p "1a2b3c4d5e6f7g8h9i0j"

Export a scan as a .nessus file
lazy-nessus scans export -f nessus -s 4 -p "1a2b3c4d5e6f7g8h9i0j"

Search for a scan by name
lazy-nessus scans search -s "Scan Name"

How to obtain the Nessus API token and X-Cookie

Log into Nessus
Open the developer tools in your browser
Go to the Network tab
Click on something like "All Scans" or "My Scans" under FOLDERS
Look for the GET request to folders and click on it
From the Headers tab, copy the X-Cookie value AFTER "token=" and paste it into the .env file
From the Headers tab, copy the X-API-Token value and paste it into the .env file
Also note the scan ID from the URL (e.g. https://nessus.example.com/#/scans/reports/11/hosts)

How to obtain the Telegram bot token and chat ID

Start a chat with the BotFather
Send the BotFather the start message /start
Send the BotFather the newbot message /newbot
Answer the BotFather's questions to finsh setting up the bot. Keep in mind that your bot name will be searchable by all Telegram users.
Save your bot's API key for future reference.
Start a chat with your bot and then navigate to https://api.telegram.org/bot123456789:jbd78sadvbdy63d37gda37bd8/getUpdates and replace your API key in the URL. IT NEEDS TO START WITH 'bot' SO KEEP THAT PART OF THE URL.
You will likely get a blank result until you send your bot another message and refresh the getUpdates URL.
Once you see updates from the URL, note your 'chat_id'. You can use the combination of chat ID and your API key to send automated alerts.

EXAMPLE: curl "https://api.telegram.org/bot123456789:jbd78sadvbdy63d37gda37bd8/sendMessage?chat_id=123456&text=%22You just got a shell! Go check your C2 server!%22"


Copy the "id" value and paste it into the .env file
Copy the "token" value and paste it into the .env file

Development
Windows

Clone this repository

git clone https://github.com/minniear/lazy-nessus.git


Install the requirements, preferably in a virtual environment

python3 -m venv lazy-nessus
cd lazy-nessus
Scripts\activate.bat
pip install -r requirements.txt


Create a Telegram Bot (optional)
Create a .env file in your home directory and add your API keys and other variables (see above) (optional)

Linux/Mac

Clone this repository

git clone


Install the requirements, preferably in a virtual environment

python -m venv lazy-nessus
cd lazy-nessus
source bin/activate
pip install -r requirements.txt


Create a Telegram Bot (optional)
Create a .env file in your home directory and add your API keys and other variables (see above) (optional)

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter