8ee9627a76dab2c8a7 · montereyharris · Sep 1, 2019 · Nov 14, 2019 · Nov 19, 2019 · Nov 19, 2019
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,4 @@
 # Don't check in the Output dir
 Output/
 .DS_Store
+launch.json
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # Change Log
 
+## [0.2.4] 2019-11-18
+
+- Add pagination support, add support for more than 5000 records, and code cleanup for Get-PSTenableSeverity. Thanks [@AaronG1234](https://github.com/AaronG1234)! [#12](https://github.com/jwmoss/PSTenable/issues/12)
+
+## [0.2.3] 2019-09-01
+
+- Code cleanup [#9](https://github.com/jwmoss/PSTenable/issues/9)
+
 ## [0.2.2] 2019-07-13
 
 - Fixed automatically retrieving token.

diff --git a/PSTenable/PSTenable.psd1 b/PSTenable/PSTenable.psd1
@@ -12,7 +12,7 @@
     RootModule        = 'PSTenable.psm1'
 
     # Version number of this module.
-    ModuleVersion     = '0.2.2'
+    ModuleVersion     = '0.2.5'
 
     # Supported PSEditions
     # CompatiblePSEditions = @()
@@ -77,7 +77,9 @@
         'Get-PSTenablePluginFamilyWindows',
         'Get-PSTenableSeverity',
         'Get-PSTenableWindowsServerJava'
-        'Invoke-PSTenableRest'
+        'Invoke-PSTenableRest',
+        'Get-PSTenableQuery',
+        'Get-PSTenableQueryAnalysis'
     )
 
     # Cmdlets to export from this module, for best performance, do not use wildcards and do not delete the entry, use an empty array if there are no cmdlets to export.

diff --git a/PSTenable/PSTenable.psm1 b/PSTenable/PSTenable.psm1
@@ -1,6 +1,12 @@
 # Dot source public/private functions
 $public  = @(Get-ChildItem -Path (Join-Path -Path $PSScriptRoot -ChildPath 'public/*.ps1')  -Recurse -ErrorAction Stop)
 $private = @(Get-ChildItem -Path (Join-Path -Path $PSScriptRoot -ChildPath 'private/*.ps1') -Recurse -ErrorAction Stop)
+
+Set-PSFconfig -Module PSTenable -Name Credential -Value $null -Initialize -Validation credential -Description "The credentials used for authenticating to the Tenable server"
+Set-PSFconfig -Module PSTenalbe -Name WebSession -Value $null -Initialize -Description "WebSession for Invoke Rest Method"
+Set-PSFconfig -Module PSTenalbe -Name Token -Value $null -Initialize -Validation string -Description "Token used with Tenable"
+Set-PSFconfig -Module PSTenalbe -Name Server -Value $null -Initialize -Validation string -Description "REST Tenable endpoint for Tenable Server"
+
 foreach ($import in @($public + $private)) {
     try {
         . $import.FullName

diff --git a/PSTenable/Private/Invoke-PSTenableRest.ps1 b/PSTenable/Private/Invoke-PSTenableRest.ps1
@@ -36,13 +36,35 @@ function Invoke-PSTenableRest {
 
     Begin {
 
-        $RestMethodParams = @{
-            URI         = $(Get-PSFConfigValue -FullName 'PSTenable.Server') + $Endpoint
-            Method      = $Method
-            Headers     = @{"X-SecurityCenter" = $(Get-PSFConfigValue -FullName 'PSTenable.Token') }
-            ContentType = "application/json"
-            ErrorAction = "Stop"
-            WebSession  = $(Get-PSFConfigValue -FullName "PSTenable.WebSession")
+        if((Get-PSFConfigValue -FullName "PSTenable.ApiKey" )){
+            #Check for API Key
+            $accessKey = Get-PSFConfigValue -FullName 'PSTenable.accesskey'
+            $secretkey= Get-PSFConfigValue -FullName 'PSTenable.secretkey'
+
+            $authString ="accesskey = $accessKey;secretkey=$secretkey;"
+
+            $headers = @{
+                "x-apikey" = $authString
+            }
+            $RestMethodParams = @{
+                URI         = $(Get-PSFConfigValue -FullName 'PSTenable.Server') + '/rest'+ $Endpoint
+                Method      = $Method
+                Headers     = $headers
+                ContentType = "application/json"
+                ErrorAction = "Stop"
+            }
+
+        }else{
+            $headers = @{"X-SecurityCenter" = $(Get-PSFConfigValue -FullName 'PSTenable.Token') }
+
+            $RestMethodParams = @{
+                URI         = $(Get-PSFConfigValue -FullName 'PSTenable.Server') + $Endpoint
+                Method      = $Method
+                Headers     = $headers
+                ContentType = "application/json"
+                ErrorAction = "Stop"
+                WebSession  = $(Get-PSFConfigValue -FullName "PSTenable.WebSession")
+            }
         }
 
         if ($PSBoundParameters.ContainsKey('Body')) {
@@ -62,6 +84,8 @@ function Invoke-PSTenableRest {
             [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_
         }
 
+        Write-Debug $RestMethodParams.uri
+
         Invoke-RestMethod @RestMethodParams
     }
 

diff --git a/PSTenable/Private/Invoke-PSTenableTokenStatus.ps1 b/PSTenable/Private/Invoke-PSTenableTokenStatus.ps1
@@ -19,28 +19,36 @@ Function Invoke-PSTenableTokenStatus {
 
     )
 
-    # Credentials
-    $APICredential = @{
-        username       = (Get-PSFConfigValue -FullName 'PSTenable.Credential').UserName
-        password       = (Get-PSFConfigValue -FullName 'PSTenable.Credential').GetNetworkCredential().Password
-        releaseSession = "FALSE"
-    }
+    $apiKeyStatus = Get-PSFConfigValue -FullName "PSTenable.ApiKey"
 
-    $SessionSplat = @{
-        URI             = "$(Get-PSFConfigValue -FullName 'PSTenable.Server')/token"
-        SessionVariable = "SCSession"
-        Method          = "Post"
-        ContentType     = "application/json"
-        Body            = (ConvertTo-Json $APICredential)
-        ErrorAction     = "Stop"
-    }
+    Write-Debug "$apikeystatus"
+
+    if($apiKeyStatus -eq $false){
 
-    $Session = Invoke-RestMethod @SessionSplat
+        # Credentials
+        $APICredential = @{
+            username       = (Get-PSFConfigValue -FullName 'PSTenable.Credential').UserName
+            password       = (Get-PSFConfigValue -FullName 'PSTenable.Credential').GetNetworkCredential().Password
+            releaseSession = "FALSE"
+        }
 
-    if ($Session.response.releaseSession -eq $true) {
-        Write-Output $true
-    } else {
+        $SessionSplat = @{
+            URI             = "$(Get-PSFConfigValue -FullName 'PSTenable.Server')/token"
+            SessionVariable = "SCSession"
+            Method          = "Post"
+            ContentType     = "application/json"
+            Body            = (ConvertTo-Json $APICredential)
+            ErrorAction     = "Stop"
+        }
+
+        $Session = Invoke-RestMethod @SessionSplat
+
+        if ($Session.response.releaseSession -eq $true) {
+            Write-Output $true
+        } else {
+            Write-Output $false
+        }
+    }else{
         Write-Output $false
     }
 }
-
diff --git a/PSTenable/Public/Connect-PSTenable.ps1 b/PSTenable/Public/Connect-PSTenable.ps1
@@ -15,6 +15,8 @@ function Connect-PSTenable {
         Tenable Server Name, tenable.domain.com/rest
     .PARAMETER Register
         If specified, this will cache the Credential, TenableServer, Token, and Web Session.
+    .PARAMETER ApiKey
+        If specfied PSCredential Object will be treated as a API Key.
     .INPUTS
         None
     .OUTPUTS
@@ -35,6 +37,10 @@ function Connect-PSTenable {
 
         [Parameter(Position = 2, mandatory = $false)]
         [switch]
+        $ApiKey,
+
+        [Parameter(Position = 3, mandatory = $false)]
+        [switch]
         $Register
     )
     begin {
@@ -43,50 +49,76 @@ function Connect-PSTenable {
 
     process {
 
-        # Credentials
-        $APICredential = @{
-            username       = $Credential.UserName
-            password       = $Credential.GetNetworkCredential().Password
-            releaseSession = "FALSE"
-        }
+        if($ApiKey){
 
-        $SessionSplat = @{
-            URI             = "$TenableServer/token"
-            SessionVariable = "SCSession"
-            Method          = "Post"
-            ContentType     = "application/json"
-            Body            = (ConvertTo-Json $APICredential)
-            ErrorAction     = "Stop"
-            ErrorVariable   = "TenableTokenError"
-        }
+            $accesskey = $Credential.UserName
+            $secretkey = $Credential.GetNetworkCredential().Password
 
-        $currentProgressPref = $ProgressPreference
-        $ProgressPreference = "SilentlyContinue"
-        $currentVersionTls = [Net.ServicePointManager]::SecurityProtocol
-        $currentSupportableTls = [Math]::Max($currentVersionTls.value__, [Net.SecurityProtocolType]::Tls.value__)
-        $availableTls = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -gt $currentSupportableTls }
-        $availableTls | ForEach-Object {
-            [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_
-        }
+        }Else{
+
+            # Credentials
+            $APICredential = @{
+                username       = $Credential.UserName
+                password       = $Credential.GetNetworkCredential().Password
+                releaseSession = "FALSE"
+            }
 
-        $Session = Invoke-RestMethod @SessionSplat
+            $SessionSplat = @{
+                URI             = "$TenableServer/token"
+                SessionVariable = "SCSession"
+                Method          = "Post"
+                ContentType     = "application/json"
+                Body            = (ConvertTo-Json $APICredential)
+                ErrorAction     = "Stop"
+                ErrorVariable   = "TenableTokenError"
+            }
 
-        [Net.ServicePointManager]::SecurityProtocol = $currentVersionTls
-        $ProgressPreference = $currentProgressPref
+            $currentProgressPref = $ProgressPreference
+            $ProgressPreference = "SilentlyContinue"
+            $currentVersionTls = [Net.ServicePointManager]::SecurityProtocol
+            $currentSupportableTls = [Math]::Max($currentVersionTls.value__, [Net.SecurityProtocolType]::Tls.value__)
+            $availableTls = [enum]::GetValues('Net.SecurityProtocolType') | Where-Object { $_ -gt $currentSupportableTls }
+            $availableTls | ForEach-Object {
+                [Net.ServicePointManager]::SecurityProtocol = [Net.ServicePointManager]::SecurityProtocol -bor $_
+            }
+
+            $Session = Invoke-RestMethod @SessionSplat
+
+            [Net.ServicePointManager]::SecurityProtocol = $currentVersionTls
+            $ProgressPreference = $currentProgressPref
+        }
     }
 
     end {
 
-        Set-PSFconfig -FullName "PSTenable.WebSession" -Value $SCSession
-        Set-PSFconfig -FullName "PSTenable.Token" -Value $Session.response.token
-        Set-PSFConfig -FullName "PSTenable.Server" -Value $TenableServer
-        Set-PSFconfig -FullName "PSTenable.Credential" -Value $Credential
+        if($ApiKey){
+
+            Set-PSFconfig -FullName "PSTenable.accesskey" -Value $accesskey
+            Set-PSFconfig -FullName "PSTenable.secretkey" -Value $secretkey
+            Set-PSFConfig -FullName "PSTenable.Server" -Value $TenableServer
+            Set-PSFConfig -FullName "PSTenable.ApiKey" -Value $true
+
+            if ($Register -eq $true) {
+                Register-PSFConfig -FullName "PSTenable.accesskey"
+                Register-PSFConfig -FullName "PSTenable.secretkey"
+                Register-PSFConfig -FullName "PSTenable.Server"
+                Register-PSFConfig -FullName "PSTenable.Apikey"
+            }
+
+        }Else{
+            Set-PSFconfig -FullName "PSTenable.WebSession" -Value $SCSession
+            Set-PSFconfig -FullName "PSTenable.Token" -Value $Session.response.token
+            Set-PSFConfig -FullName "PSTenable.Server" -Value $TenableServer
+            Set-PSFconfig -FullName "PSTenable.Credential" -Value $Credential
+            Set-PSFConfig -FullName  "PSTenable.ApiKey" -Value $false
 
-        if ($PSBoundParameters.ContainsKey('Register')) {
-            Register-PSFConfig -FullName "PSTenable.WebSession"
-            Register-PSFConfig -FullName "PSTenable.Token"
-            Register-PSFConfig -FullName "PSTenable.Server"
-            Register-PSFConfig -FullName "PSTenable.Token"
+            if ($Register -eq $true) {
+                Register-PSFConfig -FullName "PSTenable.WebSession"
+                Register-PSFConfig -FullName "PSTenable.Token"
+                Register-PSFConfig -FullName "PSTenable.Server"
+                Register-PSFConfig -FullName "PSTenable.Token"
+                Set-PSFConfig -FullName  "PSTenable.ApiKey"
+            }
         }
     }
 }
diff --git a/PSTenable/Public/Get-PSTenableAssetAnalysis.ps1 b/PSTenable/Public/Get-PSTenableAssetAnalysis.ps1
@@ -18,9 +18,8 @@ function Get-PSTenableAssetAnalysis {
     #>
     [CmdletBinding()]
     param (
-        [String]
         [Parameter(Position = 0, Mandatory = $true)]
-        [string]
+        [PSFComputer]
         $ComputerName
     )
 

diff --git a/PSTenable/Public/Get-PSTenableCVE.ps1 b/PSTenable/Public/Get-PSTenableCVE.ps1
@@ -24,7 +24,7 @@ function Get-PSTenableCVE {
         [parameter(Position = 0,
             mandatory = $true,
             ValueFromPipeline = $true)]
-        [string]
+        [string[]]
         $CVE
     )
 
@@ -74,13 +74,13 @@ function Get-PSTenableCVE {
         }
 
         ## Get the pluginID and then call Get-TenablePlugin, and then output those results
-        $Results = Foreach ($Plugin in $output.response.results.pluginid) {
+        Foreach ($Plugin in $output.response.results.pluginid) {
             Get-PSTenablePlugin -ID $Plugin
         }
 
     }
 
     end {
-        $Results
+
     }
 }
diff --git a/PSTenable/Public/Get-PSTenablePluginFamilyWindows.ps1 b/PSTenable/Public/Get-PSTenablePluginFamilyWindows.ps1
@@ -34,7 +34,7 @@ function Get-PSTenablePluginFamilyWindows {
             '29'
         )
 
-        $Output = Foreach ($plugin in $WindowsPlugins) {
+        Foreach ($plugin in $WindowsPlugins) {
 
             $query = @{
                 "tool"       = "vulnipdetail"
@@ -82,6 +82,6 @@ function Get-PSTenablePluginFamilyWindows {
     }
 
     end {
-        $output
+
     }
 }