{"id":30695887,"url":"https://github.com/giterlizzi/nessus_exporter","last_synced_at":"2025-09-02T07:10:44.544Z","repository":{"id":308178020,"uuid":"1029989119","full_name":"giterlizzi/nessus_exporter","owner":"giterlizzi","description":"Prometheus Exporter for Tenable(R) Nessus(R) scanner","archived":false,"fork":false,"pushed_at":"2025-08-04T14:19:14.000Z","size":22,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-08-29T07:03:46.981Z","etag":null,"topics":["alerts","nessus","prometheus","prometheus-exporter","tenable"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/giterlizzi.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-31T22:59:12.000Z","updated_at":"2025-08-04T14:24:59.000Z","dependencies_parsed_at":"2025-08-04T18:27:32.850Z","dependency_job_id":null,"html_url":"https://github.com/giterlizzi/nessus_exporter","commit_stats":null,"previous_names":["giterlizzi/nessus_exporter"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/giterlizzi/nessus_exporter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giterlizzi%2Fnessus_exporter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giterlizzi%2Fnessus_exporter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giterlizzi%2Fnessus_exporter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giterlizzi%2Fnessus_exporter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/giterlizzi","download_url":"https://codeload.github.com/giterlizzi/nessus_exporter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/giterlizzi%2Fnessus_exporter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273245118,"owners_count":25071164,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alerts","nessus","prometheus","prometheus-exporter","tenable"],"created_at":"2025-09-02T07:10:42.228Z","updated_at":"2025-09-02T07:10:44.529Z","avatar_url":"https://github.com/giterlizzi.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# nessus_exporter\n\n## Overview\n\n`nessus_exporter` is a Prometheus exporter for Tenable® Nessus®, exposing real-time metrics such as server health, license status and utilization, Nessus version, active scans, and currently scanned hosts. These metrics enable integration with Prometheus-based monitoring and alerting systems.\n\n## Features\n\n- Connects to Nessus API\n- Exports Nessus server statistics (health, license, version, scan)\n\n## Installation\n\nYou can download the `nessus_exporter` from the [releases](https://github.com/giterlizzi/nessus_exporter/releases) page or install it using `go install`:\n\n```bash\ngo install github.com/giterlizzi/nessus_exporter@latest\n```\n\n## Usage\n\n```console\nusage: nessus_exporter [\u003cflags\u003e]\n\n\nFlags:\n -h, --[no-]help Show context-sensitive help (also try --help-long and --help-man).\n --web.listen-address=\":18834\" \n Address on which to expose metrics and web interface. ($LISTEN_ADDRESS)\n --web.telemetry-path=\"/metrics\" \n Path under which to expose metrics. ($TELEMETRY_PATH)\n --nessus.pid-file=NESSUS.PID-FILE \n Optional path to a file containing the nessusd PID for additional metrics. ($NESSUS_PID_FILE)\n --nessus.url=\"https://127.0.0.1:8834\" \n URL of the Tenable(R) Nessus(R) scanner. ($NESSUS_URL)\n --[no-]nessus.tls.insecure-skip-verify \n Skip server certificate verification ($NESSUS_SKIP_TLS_VERIFY)\n --nessus.auth.access-key=NESSUS.AUTH.ACCESS-KEY \n Access Key for the Tenable(R) Nessus(R) scanner. ($NESSUS_ACCESS_KEY)\n --nessus.auth.secret-key=NESSUS.AUTH.SECRET-KEY \n Secret Key for the Tenable(R) Nessus(R) scanner. ($NESSUS_SECRET_KEY)\n --log.level=info Only log messages with the given severity or above. One of: [debug, info, warn, error]\n --log.format=logfmt Output format of log messages. One of: [logfmt, json]\n --[no-]version Show application version.\n```\n\n| Flag | Description | Default |\n| ---------------------------------------- | ------------------------------------------------------------------------------- | -------------------------- |\n| `-h`, `--[no-]help` | Show context-sensitive help | — |\n| `--web.listen-address` | Address on which to expose metrics and web interface | `\":18834\"` |\n| `--web.telemetry-path` | Path under which to expose Prometheus metrics | `\"/metrics\"` |\n| `--nessus.pid-file` | Optional path to a file containing the Nessus daemon PID for additional metrics | `\"\"` |\n| `--nessus.url` | URL of the Tenable® Nessus® scanner | `\"https://127.0.0.1:8834\"` |\n| `--[no-]nessus.tls.insecure-skip-verify` | Skip TLS certificate verification (use with caution) | `false` |\n| `--nessus.auth.access-key` | Access Key for Nessus API authentication | `\"\"` |\n| `--nessus.auth.secret-key` | Secret Key for Nessus API authentication | `\"\"` |\n| `--log.level` | Minimum log level. One of: `debug`, `info`, `warn`, `error` | `\"info\"` |\n| `--log.format` | Log output format. One of: `logfmt`, `json` | `\"logfmt\"` |\n| `--[no-]version` | Show application version and exit | `false` |\n\n### Environment Variables\n\nSome command-line flags can alternatively be configured via environment variables:\n\n| Environment Variable | Equivalent Flag |\n| ------------------------ | -------------------------------------------------------------- |\n| `NESSUS_URL` | `--nessus.url` |\n| `NESSUS_ACCESS_KEY` | `--nessus.auth.access-key` |\n| `NESSUS_SECRET_KEY` | `--nessus.auth.secret-key` |\n| `NESSUS_PID_FILE` | `--nessus.pid-file` |\n| `NESSUS_SKIP_TLS_VERIFY` | `--nessus.tls.insecure-skip-verify` (set to `true` or `false`) |\n\nUsing environment variables is recommended in security-sensitive and containerized environments:\n\n- Prevents credentials from being exposed via process list (ps, docker logs, etc.)\n- Makes it easier to manage secrets via orchestration platforms (Kubernetes, Docker Compose, etc.)\n- Simplifies deployment scripts and CI/CD pipelines\n\n### Authentication\n\nTo authenticate with the Nessus API, you must generate an Access Key and Secret Key from the Nessus user interface.\n\n[Tenable Documentation – Generate an API Key](https://docs.tenable.com/nessus/Content/GenerateAnAPIKey.htm)\n\nOnce generated, set the keys via environment variables or command-line flags:\n\n```console\nexport NESSUS_ACCESS_KEY=\"your_access_key\"\nexport NESSUS_SECRET_KEY=\"your_secret_key\"\n./nessus_exporter \\\n [...]\n```\n\nAlternatively:\n\n```console\n./nessus_exporter \\\n --nessus.auth.access-key=your_access_key \\\n --nessus.auth.secret-key=your_secret_key \\\n [...]\n```\n\n**NOTE** For security, it's highly recommended to use environment variables instead of passing credentials directly in the CLI.\n\n## Configuration\n\n### Prometheus\n\nAdd the following job to your `prometheus.yml`:\n\n```yaml\nscrape_configs:\n - job_name: 'nessus'\n static_configs:\n - targets: ['localhost:18834']\n```\n\n### Alerting Rules\n\n`nessus_exporter` provides sample alerting rules in the [nessus_alert_rules.yml](nessus_alert_rules.yml) file.\n\nTo include these rules in your Prometheus configuration, copy the [nessus_alert_rules.yml](nessus_alert_rules.yml) file to your Prometheus configuration directory (e.g. `/etc/prometheus`) and add the following lines to your `prometheus.yml`:\n\n```yaml\nrule_files:\n - nessus_alert_rules.yml\n```\n\n| Alert | Description | Severity |\n|------------------------------|--------------------------------------------|----------|\n| NessusDown | Nessus exporter is down | critical |\n| NessusHighCPU | High Nessus CPU usage | warning |\n| NessusLowDiskSpace | Low disk space for Nessus data directory | warning |\n| NessusLicenseExpire | Nessus license expires in less than 7 days | warning |\n| NessusLicenseQuotaExceeded | Nessus IP license usage above 90% | warning |\n| NessusScanInProgress | Nessus scan in progress | info |\n| NessusPluginUpdatesAvailable | Nessus plugin updates available | info |\n| NessusPluginSetOutdated | Nessus plugin set is older than 30 days | warning |\n\n## Exported Metrics\n\n| Metric | Description | Type | Category |\n| ---------------------------- | ---------------------------------------------------- | ------- | -------- |\n| `nessus_exporter_build_info` | Build metadata (version, revision, Go runtime, etc.) | `gauge` | general |\n| `nessus_info` | Nessus info (version, type, platform, plugin set) | `gauge` | general |\n| `nessus_server_status` | Server readiness status (check type and status) | `gauge` | general |\n| `nessus_server_uuid` | Server UUID | `gauge` | general |\n\n### Health Metrics\n\n| Metric | Description | Type |\n| ------------------------------------------------ | --------------------------------------- | ------- |\n| `nessus_health_avg_dns_lookup_time` | Average DNS lookup time (ms) | `gauge` |\n| `nessus_health_avg_rdns_lookup_time` | Average reverse DNS lookup time (ms) | `gauge` |\n| `nessus_health_cpu_load_avg` | System load average or CPU usage | `gauge` |\n| `nessus_health_kbytes_received` | Total KB received by Nessus | `gauge` |\n| `nessus_health_kbytes_sent` | Total KB sent by Nessus | `gauge` |\n| `nessus_health_nessus_cpu` | CPU usage by Nessus (0–100%) | `gauge` |\n| `nessus_health_nessus_data_disk_free` | Free disk space in data directory (MB) | `gauge` |\n| `nessus_health_nessus_data_disk_total` | Total disk space in data directory (MB) | `gauge` |\n| `nessus_health_nessus_log_disk_free` | Free disk space in log directory (MB) | `gauge` |\n| `nessus_health_nessus_log_disk_total` | Total disk space in log directory (MB) | `gauge` |\n| `nessus_health_nessus_mem` | Real memory used by Nessus (MB) | `gauge` |\n| `nessus_health_nessus_vmem` | Virtual memory used by Nessus (MB) | `gauge` |\n| `nessus_health_num_dns_lookups` | DNS lookups performed | `gauge` |\n| `nessus_health_num_hosts` | Hosts currently being scanned | `gauge` |\n| `nessus_health_num_rdns_lookups` | Reverse DNS lookups performed | `gauge` |\n| `nessus_health_num_scans` | Number of running scans | `gauge` |\n| `nessus_health_num_tcp_sessions` | Open TCP connections | `gauge` |\n| `nessus_health_plugins_code_db_corrupted` | Code plugin DB corruption status | `gauge` |\n| `nessus_health_plugins_description_db_corrupted` | Description plugin DB corruption status | `gauge` |\n| `nessus_health_plugins_failed_to_compile_count` | Failed plugin compile count | `gauge` |\n| `nessus_health_sys_cores` | Number of CPU cores | `gauge` |\n| `nessus_health_sys_ram` | Total system RAM (MB) | `gauge` |\n| `nessus_health_temp_disk_free` | Free space in temp directory (MB) | `gauge` |\n| `nessus_health_temp_disk_total` | Total space in temp directory (MB) | `gauge` |\n\n### License Metrics\n\n| Metric | Description | Type |\n| --------------------------------------------- | -------------------------------- | ------- |\n| `nessus_license_info` | License info (name and type) | `gauge` |\n| `nessus_license_expiration_timestamp_seconds` | Expiration date (Unix timestamp) | `gauge` |\n| `nessus_license_agents_used` | Number of agents using license | `gauge` |\n| `nessus_license_ips_total` | Total IPs allowed by license | `gauge` |\n| `nessus_license_ips_used` | IPs currently in use | `gauge` |\n| `nessus_license_scanners_used` | Scanners using the license | `gauge` |\n\n### Scan Metrics\n\n| Metric | Description | Type |\n| --------------------------------- | ----------------------------- | ------- |\n| `nessus_scan_running_scan` | Number of running scans | `gauge` |\n| `nessus_scan_hosts_beign_scanned` | Hosts currently being scanned | `gauge` |\n\n### Plugins Metrics\n\n| Metric | Description | Type |\n| ------------------------------| ------------------------------------------------------------------------------------------------------------- | ------- |\n| `nessus_plugin_set_timestamp` | Timestamp (in seconds) of the last Tenable(R) Nessus(R) plugin set update. | `gauge` |\n| `nessus_plugin_family` | The total number of plugins available in each Tenable(R) Nessus(R) plugin family, labeled by the family name. | `gauge` |\n\n## License\n\nMIT\n\n## Disclaimer\n\nThis project is not affiliated with, endorsed by, or sponsored by Tenable, Inc. or the Nessus product. Nessus® and Tenable® are registered trademarks of Tenable, Inc. All rights to these trademarks, names, and products belong to their respective owners.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgiterlizzi%2Fnessus_exporter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgiterlizzi%2Fnessus_exporter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgiterlizzi%2Fnessus_exporter/lists"}