.nessus import not working on Kali

Community Edition
1

My Dradis on Kali is working with ZAP outputs, however not with Nessus. Manually uploading the file gives me this output.

When I try to upload it over the website I get “Enqueueing job to start in the background.” as a response in the Output console, however nothing more after that, but I can find the file under my “Uploaded files” node.
Here is the output of my Kali CLI, listening on the server.

I couldn’t find anything really up-to-date regarding my issue.

Additional information:
The .nessus file is about 1.4 MB in size.
It was created in Security Center not Nessus.
I’m using the newest Git distribution of Dradis-CE with everything updated.

Thanks.-

2

Hi @xRestriction, can you try uploading the Nessus file through thor with these instructions? https://dradis.com/support/guides/troubleshooting/tool_output.html.

Since the ZAP uploads are working but not Nessus, my hunch is that something is wrong with that specific file. Does the file generated with Security Center match the format of this sample Nessus file? dradis-nessus/spec/fixtures/files/example_v2.nessus at main · dradis/dradis-nessus · GitHub. I’m not familiar with Security Center exports myself.

3

Hi rachkor, here is the output of the thor command. The format of the .nessus file matches up with your example. Wouldn’t it throw an error anyways?

Thanks.

4

Thanks @xRestriction! The on-screen log isn’t great with displaying stack traces which is why we recommend thor for debugging.

It looks to me like you might be missing this migration? dradis-ce/db/migrate/004_create_configurations.rb at 513fbcb3bfa352d7fc0ee521bc44421688d1432b · dradis/dradis-ce · GitHub. Can you:

$ git checkout master
$ git pull origin master
$ ./bin/update

Then fire up Dradis again and try the upload? If that doesn’t work, can you try uploading this file as a test? dradis-nessus/spec/fixtures/files/example_v2.nessus at main · dradis/dradis-nessus · GitHub. If that file works, we know that the problem lies with the other file and not the instance and can figure it out from there.

5

Hi rachkor, I tried doing a backup of my package but got an error. I’ll have to look into it tomorrow, couldn’t find a fix for it. Should I create a new post for it, or could you help me out directly?
Thanks.

6

I vote we create a new post for that so that others can find it easier in the future. Just let me know how we can help!

7

So I have successfully imported the nessus results of the test file, I also have created a smaller Security Center .nessus file which also worked, but they did not when using the thor command!

PROJECT_ID=1 RAILS_ENV=production bundle exec thor dradis:plugins:nessus:upload /root/dradis-ce/example_v2.nessus >
/usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/connection_adapters/sqlite3_adapter.rb:417:in `table_structure’: Could not find table ‘configurations’ (ActiveRecord::StatementInvalid)

I have also run the git commands as well as retried the bundle command, with no luck. Maybe I could split my big .nessus file in smaller ones, or just remove useless information?

8

@xRestriction it appears that the example_v2 file threw an error message when uploaded through thor? I’m unable to replicate this on my end which makes me think that your instance still needs and update. Can you try this and let me know the output?

$ git checkout master
$ git pull origin master
$ ./bin/setup
9

I have once again run the git commands with the following outputs:

root@kali:~/dradis-ce# git checkout master
M Gemfile.lock
M db/schema.rb
Already on ‘master’
Your branch is up to date with ‘origin/master’.
root@kali:~/dradis-ce# git pull origin master
remote: Enumerating objects: 4, done.
remote: Counting objects: 100% (4/4), done.
remote: Compressing objects: 100% (2/2), done.
remote: Total 4 (delta 3), reused 2 (delta 2), pack-reused 0
Unpacking objects: 100% (4/4), done.
From GitHub - dradis/dradis-ce: Dradis Framework: Colllaboration and reporting for IT Security teams

  • branch master → FETCH_HEAD
    1daa0b4…10840be master → origin/master
    Updating 1daa0b4…10840be
    error: Your local changes to the following files would be overwritten by merge:
    Gemfile.lock
    Please commit your changes or stash them before you merge.
    Aborting
    root@kali:~/dradis-ce# ./bin/setup

== Enabling default add-ons ==
== Installing dependencies ==
The Gemfile’s dependencies are satisfied

== Copying sample files ==

== Preparing database ==
Database ‘db/development.sqlite3’ already exists
Database ‘db/test.sqlite3’ already exists
– create_table(“activities”, {:force=>:cascade})
→ 0.0349s
– create_table(“categories”, {:force=>:cascade})
→ 0.0157s
– create_table(“comments”, {:force=>:cascade})
→ 0.0251s
– create_table(“configurations”, {:force=>:cascade})
→ 0.0180s
– create_table(“evidence”, {:force=>:cascade})
→ 0.0265s
– create_table(“logs”, {:force=>:cascade})
→ 0.0403s
– create_table(“nodes”, {:force=>:cascade})
→ 0.0374s
– create_table(“notes”, {:force=>:cascade})
→ 0.0259s
– create_table(“notifications”, {:force=>:cascade})
→ 0.0533s
– create_table(“subscriptions”, {:force=>:cascade})
→ 0.0293s
– create_table(“taggings”, {:force=>:cascade})
→ 0.0451s
– create_table(“tags”, {:force=>:cascade})
→ 0.0331s
– create_table(“users”, {:force=>:cascade})
→ 0.0215s
– create_table(“versions”, {:force=>:cascade})
→ 0.0363s
– create_table(“activities”, {:force=>:cascade})
→ 0.0315s
– create_table(“categories”, {:force=>:cascade})
→ 0.0093s
– create_table(“comments”, {:force=>:cascade})
→ 0.0240s
– create_table(“configurations”, {:force=>:cascade})
→ 0.0326s
– create_table(“evidence”, {:force=>:cascade})
→ 0.0363s
– create_table(“logs”, {:force=>:cascade})
→ 0.0107s
– create_table(“nodes”, {:force=>:cascade})
→ 0.0300s
– create_table(“notes”, {:force=>:cascade})
→ 0.0323s
– create_table(“notifications”, {:force=>:cascade})
→ 0.0295s
– create_table(“subscriptions”, {:force=>:cascade})
→ 0.0345s
– create_table(“taggings”, {:force=>:cascade})
→ 0.0440s
– create_table(“tags”, {:force=>:cascade})
→ 0.0456s
– create_table(“users”, {:force=>:cascade})
→ 0.0221s
– create_table(“versions”, {:force=>:cascade})
→ 0.0375s

== Removing old logs and tempfiles ==

== Restarting application server ==
root@kali:~/dradis-ce# PROJECT_ID=1 RAILS_ENV=production bundle exec thor dradis:plugins:nessus:upload /root/dradis-ce/example_v2.nessus
Loaded add-ons:
acunetix - Processes Acunetix XML format
api - Dradis REST HTTP API
brakeman - Processes Brakeman JSON output, use: brakeman -f json -o results.json
burp - Processes Burp Scanner XML output
csv - Export results in CSV format
cvss - Provides a CVSS score calculator under /calculators/cvss
dread - Provides a DREAD score calculator under /calculators/dread
html_export - Generate advanced HTML reports
metasploit - Processes Metasploit XML output, use: db_export
nessus - Processes Nessus XML v2 format (.nessus)
netsparker - Processes Netsparker XML format
nexpose - Processes Nexpose XML format
nikto - Processes Nikto output
nmap - Processes Nmap output
nto_spider - Processes NTOSpider reports
open_vas - Processes OpenVAS XML v6 or v7 format
projects - Save and restore project information
qualys - Processes Qualys output
saint - Processes SAINT XML format
zap - Processes ZAP XML format
Traceback (most recent call last):
43: from /usr/lib/dradis-ce/ruby/2.5.0/bin/thor:23:in <main>' 42: from /usr/lib/dradis-ce/ruby/2.5.0/bin/thor:23:in load’
41: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/bin/thor:6:in <top (required)>' 40: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/base.rb:444:in start’
39: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor.rb:369:in dispatch' 38: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in invoke_command’
37: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/command.rb:126:in run' 36: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/command.rb:29:in run’
35: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/runner.rb:44:in method_missing' 34: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/base.rb:444:in start’
33: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor.rb:369:in dispatch' 32: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/invocation.rb:126:in invoke_command’
31: from /usr/lib/dradis-ce/ruby/2.5.0/gems/thor-0.19.4/lib/thor/command.rb:27:in run' 30: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-nessus-753bd877f948/lib/tasks/thorfile.rb:17:in upload’
29: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-nessus-753bd877f948/lib/tasks/thorfile.rb:17:in new' 28: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-plugins-d9d1be964928/lib/dradis/plugins/upload/importer.rb:27:in initialize’
27: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-plugins-d9d1be964928/lib/dradis/plugins/upload/importer.rb:69:in default_template_service' 26: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-plugins-d9d1be964928/lib/dradis/plugins/upload/importer.rb:69:in new’
25: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-plugins-d9d1be964928/lib/dradis/plugins/template_service.rb:8:in initialize' 24: from /usr/lib/dradis-ce/ruby/2.5.0/bundler/gems/dradis-plugins-d9d1be964928/lib/dradis/plugins/template_service.rb:99:in default_templates_dir’
23: from /root/dradis-ce/app/models/configuration.rb:35:in paths_templates_plugins' 22: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation.rb:220:in find_or_create_by’
21: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/finder_methods.rb:78:in find_by' 20: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/query_methods.rb:605:in where’
19: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/query_methods.rb:612:in where!' 18: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/where_clause_factory.rb:21:in build’
17: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/predicate_builder.rb:34:in create_binds' 16: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/predicate_builder.rb:89:in create_binds_for_hash’
15: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/predicate_builder.rb:89:in each' 14: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/predicate_builder.rb:114:in block in create_binds_for_hash’
13: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/relation/predicate_builder.rb:168:in build_bind_param' 12: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/table_metadata.rb:32:in type’
11: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/model_schema.rb:376:in type_for_attribute' 10: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/model_schema.rb:353:in attribute_types’
9: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/model_schema.rb:461:in load_schema' 8: from /usr/lib/ruby/2.5.0/monitor.rb:226:in mon_synchronize’
7: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/model_schema.rb:464:in block in load_schema' 6: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/attribute_decorators.rb:50:in load_schema!’
5: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/attributes.rb:233:in load_schema!' 4: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/model_schema.rb:471:in load_schema!’
3: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/connection_adapters/schema_cache.rb:73:in columns_hash' 2: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/connection_adapters/schema_cache.rb:67:in columns’
1: from /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/connection_adapters/abstract_adapter.rb:167:in columns' /usr/lib/dradis-ce/ruby/2.5.0/gems/activerecord-5.1.6/lib/active_record/connection_adapters/sqlite3_adapter.rb:417:in table_structure’: Could not find table ‘configurations’ (ActiveRecord::StatementInvalid)

10

@xRestriction the error below actually indicates that $ git pull origin master didn’t succeed:

Try this?

$ git stash
$ git pull origin master
$ ./bin/setup
$ bundle exec thor dradis:plugins:nessus:upload /root/dradis-ce/example_v2.nessus

^ I’m going to update our documentation to make it clearer how to run this command in CE rather than Pro. Let me know how it goes!

11

@rachkor Hi! Sorry for taking so long to respond. It works with thor now, even with my own .nessus file, it still doesen’t over the web interface, however I’m fine with that, thanks for the help!

12

@xRestriction glad to hear it! Have you tried restarting the app to see if that resolves the webapp uploads? Do let me know if you want help debugging those!