# README
Tenable-Scan-Launcher 
This scan launcher collects the private IP addresses of Google Cloud and AWS instances and then launches a tenable scan with the option to download the scan as a pdf.
Installation
Installing this repo is as simple as cloning the repo into your $Go/src/github.com directory.
git clone [email protected]:Invoca/tenable-scan-launcher.git
Usage
Running
There are three methods to run the scan launcher. With Docker, the executable file, and in Kubernetes. To run it in
kubernetes, modify the manifests in the examples/manifests directory and then apply them.
Docker:
docker run invoca:SOMETHING
Shell:
go build -mod=readonly -o $PWD/tenable-scan-launcher $PWD/cmd/tenable-scan-launcher
./tenable-scan-launcher $FLAGS
Flags
The scanner will list private IPs from all regions of each cloud provider given. To enable AWS, include the
--include_aws flag. It will use the shared aws configuration settings, so it will use the standard order of precedence
for AWS service accounts. To include Google Cloud, use the --include_gcloud flag and be sure to specify the service
account file location with --gcloud_json and the desired project with --gcloud_project.
The following Tenable flags are needed to preform a scan:
--tenable-access-keywhich is the access key generated from https://cloud.tenable.com/#/ .--tenable-secret-keyis the secret key generated from https://cloud.tenable.com/#/--scanner_idis the scanner to id of the scanner to use.
Reports
| Flag | Description |
|---|---|
--generate_report | Generates a report. Supported values are true or false. Defaults to false. |
--format | Specifies the format of the report. Formats are Nessus, HTML, PDF, CSV, or DB. Defaults to empty string |
--report-file-location | The file location to save the file. Default is the empty string. |
--chapters | Specify which chapters of the report to use. Supported chapters are vuln_hosts_summary, vuln_by_host, compliance_exec, remediations, vuln_by_plugin, compliance. Has to be a semi-colon delimited list. Defaults to empty string. |
--summary-report | Only includes the vuln_hosts_summary chapter |
--full-report | Includes all chapters |
Note that --summary-report will override --chapters and --full-report overrides --summary-report
Filtering
In order to filter on the severity within the report, include the --[low,medium,high,critical]_severity flags. The
search filter can be modified with --search_type. The supported values are and and or. It is not recommended
changing it to the and type since each vulnerability can only have a single severity level.
Logging
Log level can be specified with --log-level. The levels are trace, info, fatal, panic, warn, and debug. Log format can
be specified with --log-type. The supported types are json, and text.
Contributions
Contributions to this project are always welcome! Please read our Contribution Guidelines before starting any work.