elliot-bia / nessus Goto Github PK

i have internet but i got this error

Seems the download files is missing wget unable to get the file from the link

https://plugins.nessus.org/v2/nessus.php?f=all-2.0.tar.gz&u=56b33ade57c60a01058b1506999a2431&p=1ee9c89d5379a119a56498f2d5dff674

Resolving plugins.nessus.org (plugins.nessus.org)... failed: Temporary failure in name resolution.
wget: unable to resolve host address 'plugins.nessus.org'

我一直无法pull镜像，我很确认不是我的网络错误

Veni，vidi，vici（英文：Icame，Isaw，Iconquered；中文：我来，我见，我征服）

我自己手动更新了一下许可证有问题，扫描的时候不显示插件

多次扫描，每次均无结果显示。

can you give me a hit please

Hello!

I want to fork your project. The most important thing I would like to change is the download server.
In some regions, the sources used in the project are blocked. For quick assembly and operation, I would like to get access to the project for further modification for these needs.

The open source code will not be published. You can email me at [email protected]

执行docker restart nessus后，web页面无法打开
排查发现nessusd没有启动
需要执行docker exec -it ramisec_nessus /bin/bash /nessus/update.sh才能正常打开web页面：

Whenever I try to do a scheduled scans it keeps stuck on saving.... and does not do the scheduled scan.

I tried a clean reinstall but didn't work.

Do the Migration steps for version v5 20231218 work smoothly?

谢谢大佬

Describe the bug
描述问题
A clear and concise description of what the bug is.
请用精炼的语言描述问题所在

To Reproduce
问题复现步骤
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

用以下步骤复现：
1，第一步。。。
2，第二步。。。
3，第三步。。。

Expected behavior
期待行为
A clear and concise description of what you expected to happen.
简要语言描述你期待这个程序想要响应的行为

Screenshots
截图
If applicable, add screenshots to help explain your problem.
务必带上截图

Desktop (please complete the following information):
测试环境

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Additional context
其他补充
Add any other context about the problem here.

扫描结果全是info级别，也没有level的字段；之前用pro版本没有这个问题。

大佬,由于我的docker有点问题,所以我使用podman拉取你的镜像,但是报错了无法拉取,但使用docker可以,我尝试了fahai的awvs,podman可以正常拉取,可以帮我看看是什么问题吗
以alias docker=podman

❯ docker run -itd --name=ramisec_nessus -p 8834:8834 ramisec/nessus
Resolving "ramisec/nessus" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/ramisec/nessus:latest...
Error: initializing source docker://ramisec/nessus:latest: reading manifest latest in zydcc.mirror.aliyuncs.com/ramisec/nessus: manifest unknown: manifest unknown

感谢大佬的贡献，另外想问这个镜像是怎么做出来的，是DockerFile吗。

fahai 说他害羞，不好意思给你点赞

这是我微信，欢迎一起交流扫描器

如题

192.168.1.115/10180 The network interface 'tap0' does not support packet forgery. This prevents Nessus from determining whether some of the target hosts are alive and from performing a full port scan against them. You may partially work around this problem by editing your scan settings to disable 'Ping' (Uncheck General->Ping host) and by providing Nessus with credentials to the remote host to prevent a port scan from taking place, however it would be preferable to scan over a different network interface.

已经推出新版本，不知道是否会继续开拓新版本？

更新扫描后许可证过期

安装时间2023年7月4日
安装后发现插件全部消失了

安装插件的截图

修改了Nessus密码来使用

Describe the bug
描述问题
扫描任务配置定时运行的时候没响应，而且时区是无法配置的。

1. 社区配置是被砍掉了吗？ 感觉像是未配置时区造成无法保存。
2. 请问这个扫描任务是不能支持定时的吗？还是我造成不对？

v3 admin 密码多少 实在是没有找到密码

新建扫描之后 显示500内部服务器错误 是什么问题呢

just a question.
this version can perform the CIS compliance scan?

Do NOT take an issue for password

Passwords are intended to prevent script kiddie.
It is just a simple cryptography basics. Use Google more.

Anyone who take an issue for password will be BLOCK!

If you are able to understand the process of changing or decrypting the password, it indicates that you possess the fundamental knowledge to comprehend your actions. :)

Hi, Great job on creating the docker images. FYI I run the following command:

docker run -itd --name=ramisec_nessus -p 8834:8834 ramisec/nessus && docker exec -it ramisec_nessus /bin/bash /nessus/update.sh

Now the container with the ramisec_nessus name with the latest plugin update should be ready to be used anytime. However, when I stop the container or restart the host. I can no longer start/run the container back. It automatically exits/closed.

docker stop ramisec_nessus

docker start ramisec_nessus

How to prevent this from happening? I tried with the docker checkpoint, but also unable to create the snapshot. Creating a commit also not works.

Or do we need to spin new container + update plugins every time we want to use it? How is your method?

Describe the bug
描述问题
A clear and concise description of what the bug is.
请用精炼的语言描述问题所在

To Reproduce
问题复现步骤
Steps to reproduce the behavior:

1. Go to '...'
2. Click on '....'
3. Scroll down to '....'
4. See error

用以下步骤复现：
1，第一步。。。
2，第二步。。。
3，第三步。。。

Expected behavior
期待行为
A clear and concise description of what you expected to happen.
简要语言描述你期待这个程序想要响应的行为

Screenshots
截图
If applicable, add screenshots to help explain your problem.
务必带上截图

Desktop (please complete the following information):
测试环境

• OS: [e.g. iOS]
• Browser [e.g. chrome, safari]
• Version [e.g. 22]

Additional context
其他补充
Add any other context about the problem here.

2023-05-25 22:16:16 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:18 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:19 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:20 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:21 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:23 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:27 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:34 ramisec_nessus | Starting Nessus : .
2023-05-25 22:16:49 ramisec_nessus | Starting Nessus : .
2023-05-25 22:17:15 ramisec_nessus | Starting Nessus : .

Describe the bug
When configuring the email, I encountered the following error.

Error: It was not possible to email this scan:
Failed to receive the SMTP banner from the service listening on port 587

nessus扫描时出现如下情况：
Network interface transient error
The network interface ‘\Device\NPF_{DF6D9295-830F-4A92-B0E4-D0C0C9188C87}’ was not always available for packet forgery, which may lead to incomplete results. This is likely to be a transient error due to a lack of resources on this host. To correct this error, reduce the number of scans and/or hosts scanned in parallel

师傅有碰到过这种情况吗，我的是m1pro的mac

U2FsdGVkX19WZv+QOe8awVyJwXDPSNSIC1X4AMNA4+3rO8mL/3HZ+mS/Or3DhcWXKs0WHfvOH1q/YNtVdXnaHg==
这个看起来是base64 但不能解
tips没看懂是什么意思

i cant solve the password challenge

感谢大哥,nessus linux破解不知道哪次更新后就失效了,还好有大哥这个项目!

更新失败

          > > > 已经推出新版本，不知道是否会继续开拓新版本？

什么版本？

最新版本10.5.0已经推出的

@ericzhong2010 我根据大佬镜像制作了最新的10.5.1版本

sudo docker run --cap-add LINUX_IMMUTABLE -it -d --name nessus -p 8834:8834 stackzhao/nessus_pj:v10.5.1
# 更新插件
sudo docker exec -it nessus /bin/bash 
bash /root/upgrade.sh
# 修改默认密码
/opt/nessus/sbin/nessuscli chpasswd --user root --new-password new_password     # 请将new_password替换为新的密码

接下来可以使用用户root，密码new_password进行登录

Originally posted by @zyh001 in #24 (comment)

Describe the bug
在按流程安装docker版本之后，进行扫描，扫描半天之后重新登录提示license error
A clear and concise description of what the bug is.
请用精炼的语言描述问题所在
在按流程安装docker版本之后，进行扫描，扫描半天之后重新登录提示license error，并且成为免费版，只扫描给出16个ip地址结果

To Reproduce
问题复现步骤
正常安装docker版本，扫描7个ip的c段

以下是前面正常扫描后突然出现的日志记录：
[Wed Jul 26 14:03:08 2023][18743.1] Logfile /opt/nessus/var/nessus/logs/nessusd.messages initialized with size-based rotation
[Wed Jul 26 14:03:08 2023][18743.1] Priority set to 0
[Wed Jul 26 14:03:08 2023][18743.1] nessusd 10.2.0 (build 20075) started
[Wed Jul 26 14:03:08 2023][18743.1] System has 2 cores and 3742MB of RAM
[Wed Jul 26 14:03:08 2023][18743.1] Linux overcommit_memory policy is set to: 0
[Wed Jul 26 14:03:08 2023][18743.1] profiled 769200 vm ops / 10msec
[Wed Jul 26 14:03:08 2023][18743.1] VM thread pool size: 2-200
[Wed Jul 26 14:03:09 2023][18743.1] Setting Scanner: engine.min=4 engine.max=16 global.max_scans=0 global.max_hosts=1500 engine.max_hosts=16 engine.optimal_hosts=2 (scan)max_hosts=100 (scan)max_checks=5
[Wed Jul 26 14:03:09 2023][18743.1] PS thread pool size: 1-100
[Wed Jul 26 14:03:14 2023][18743.1] Could not validate the license used on this scanner
[Wed Jul 26 14:03:14 2023][18743.1] Could not validate plugin feed
[Wed Jul 26 14:03:14 2023][18743.1] WebServer thread pool size: 2-200
[Wed Jul 26 14:03:14 2023][18743.1] Nessus is ready
[Wed Jul 26 14:03:14 2023][18743.0] WebServer service is running (pid=32)
[Wed Jul 26 14:03:19 2023][18743.1] Nessus is shutting down:
[Wed Jul 26 14:03:19 2023][18743.1] WebServer service shutting down: Nessus shut down
[Wed Jul 26 14:03:19 2023][18779.1] Logfile /opt/nessus/var/nessus/logs/nessusd.messages initialized with size-based rotation
[Wed Jul 26 14:03:19 2023][18779.1] Priority set to 0
[Wed Jul 26 14:03:19 2023][18779.1] nessusd 10.2.0 (build 20075) started
[Wed Jul 26 14:03:19 2023][18779.1] System has 2 cores and 3742MB of RAM
[Wed Jul 26 14:03:19 2023][18779.1] Linux overcommit_memory policy is set to: 0
[Wed Jul 26 14:03:20 2023][18779.1] profiled 755020 vm ops / 10msec
[Wed Jul 26 14:03:20 2023][18779.1] VM thread pool size: 2-200
[Wed Jul 26 14:03:20 2023][18779.1] Setting Scanner: engine.min=4 engine.max=16 global.max_scans=0 global.max_hosts=1500 engine.max_hosts=16 engine.optimal_hosts=2 (scan)max_hosts=100 (scan)max_checks=5
[Wed Jul 26 14:03:20 2023][18779.1] PS thread pool size: 1-100
[Wed Jul 26 14:03:20 2023][18779.1] WebServer thread pool size: 2-200
[Wed Jul 26 14:03:20 2023][18779.0] WebServer service is running (pid=24)
[Wed Jul 26 14:03:20 2023][18779.1] Nessus is ready

Unsure of the cause of this. Got about 15-20 minutes out of it before I was suddenly booted from the web-server.

All scans are stopped and a warning appears at the top letting you know that your license has either expired or something else..etc

This has been experienced twice, I'm still not sure of the common-denominator at this point. Stay tuned.

导出的时候希望可以自定义模板
在扫描之后，选择report，里面包含了html与csv选项，HTML只有系统默认的几种类型，可以自定义选择吗。官方的教程里是可以自定义的。https://docs.tenable.com/nessus/10_3/Content/CreateReportTemplate.htm

On the "Report" section is not possible to make reports in PDF due to the absence of Java.

Could you add the Java or (better) openjdk to the docker image?

I tried installing it on a copy of your docker and it works, but the resulting image became way too large...

大哥有问题想请教您，方便给个联系方式吗？

Policy Compliance Auditing没有Compliance

Describe the bug
描述问题
启动成功后，点击添加扫描，就会提示状态码500的错误

To Reproduce
问题复现步骤

1. Go to '...'
   

2. Click on '....'

3. Scroll down to '....'

4. See error

用以下步骤复现：
1，第一步。。。
2，第二步。。。
3，第三步。。。

Expected behavior
期待行为

可以进行扫描任务，目前没有开启任务的可能

Screenshots
截图

Additional context
其他补充

扫描报出下列错误，该如何处理网卡eno
貌似是没有权限？
不支持网络接口
192.168.0.108/10114 网络接口“eth0”不支持数据包伪造。这可以防止 Nessus 确定某些目标主机是否处于活动状态并对其执行完整端口扫描。您可以通过编辑扫描设置以禁用“Ping”（取消选中“常规”->“Ping 主机”）并向 Nessus 提供远程主机的凭据以防止发生端口扫描来部分解决此问题，但最好通过不同的网络接口进行扫描。

Have you fixed the previous bug that couldn't be restarted？

U2FsdGVkX19WZv+QOe8awVyJwXDPSNSIC1X4AMNA4+3rO8mL/3HZ+mS/Or3DhcWXKs0WHfvOH1q/YNtVdXnaHg==
这个看起来是base64 但不能解
tips没看懂是什么意思

您好：

想问下，当容器重启时，此时插件不是最新版本，会出现什么问题呢？猜测会导致插件包被清空，然后无法扫描吗，是否还需要再次执行 docker exec -it ramisec_nessus /bin/bash /nessus/update.sh 更新插件包才能正常使用工具。

感谢回答！