如何通过nessus API 提交目标?
how to submit targets via the nessus API?
我正在尝试通过 API 在 Nessus (6.4) 中创建一个新的扫描文件。我设置了一个策略,创建扫描的代码是
import requests
headers = {
"X-ApiKeys": "accessKey = 8cc43676fe7e9046353fcd36c41c61f4f78f7a8df646653fbde4641e352d36d9; secretKey = ab7eeafbe3f9f544b10496ff63297f8f55692cc5f4dca3f3d74e0917b6ec2ed0;"
}
data = {
"uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
"settings": {
"name": "myscan1",
"policy_id": "4",
"enabled": "false",
"text_targets": "192.168.1.1"
}
}
r = requests.post('https://localhost:8834/scans', data=data, verify=False, headers=headers)
print(r.status_code, r.text)
这输出
(400, u'{"error":"Invalid \'targets\' field"}')
文档明确给出了 POST 正文的示例:
Below is a sample body for this request:
{
"uuid": {template_uuid},
"settings": {
"name": {string},
"description": {string},
"emails": {string},
"enabled": "true",
"launch": {string},
"folder_id": {integer},
"policy_id": {integer},
"scanner_id": {integer},
"text_targets": {string},
"use_dashboard": {boolean}
}
}
我检查了界面中的实际扫描创建,分析了 HTTPS 流量。 POST 主体以
开头
{
"uuid":"ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66",
"settings":{
"name":"test1",
"description":"",
"folder_id":"3",
"scanner_id":"1",
"text_targets":"192.168.1.1",
"file_targets":"",
(...)
看来目标提供正确。
知道关于 targets
字段还有什么要检查的吗??
我忘记了 json.dumps()
POST
有效载荷(并且可能在 header 中添加了 content-type
)。
下面的示例有效(这次身份验证是通过来自 /session
的令牌完成的,但同样适用于问题中的授权密钥)
headers = {
"X-Cookie": "token={token};".format(token=token),
"content-type": "application/json"
}
data = {
"uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
"settings": {
"name": "myscan1",
"policy_id": "4",
"enabled": "false",
"text_targets": "192.168.1.1",
}
}
r = requests.post('https://localhost:8834/scans', data=json.dumps(data), verify=False, headers=headers)
我正在尝试通过 API 在 Nessus (6.4) 中创建一个新的扫描文件。我设置了一个策略,创建扫描的代码是
import requests
headers = {
"X-ApiKeys": "accessKey = 8cc43676fe7e9046353fcd36c41c61f4f78f7a8df646653fbde4641e352d36d9; secretKey = ab7eeafbe3f9f544b10496ff63297f8f55692cc5f4dca3f3d74e0917b6ec2ed0;"
}
data = {
"uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
"settings": {
"name": "myscan1",
"policy_id": "4",
"enabled": "false",
"text_targets": "192.168.1.1"
}
}
r = requests.post('https://localhost:8834/scans', data=data, verify=False, headers=headers)
print(r.status_code, r.text)
这输出
(400, u'{"error":"Invalid \'targets\' field"}')
文档明确给出了 POST 正文的示例:
Below is a sample body for this request:
{ "uuid": {template_uuid}, "settings": { "name": {string}, "description": {string}, "emails": {string}, "enabled": "true", "launch": {string}, "folder_id": {integer}, "policy_id": {integer}, "scanner_id": {integer}, "text_targets": {string}, "use_dashboard": {boolean} } }
我检查了界面中的实际扫描创建,分析了 HTTPS 流量。 POST 主体以
开头{
"uuid":"ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66",
"settings":{
"name":"test1",
"description":"",
"folder_id":"3",
"scanner_id":"1",
"text_targets":"192.168.1.1",
"file_targets":"",
(...)
看来目标提供正确。
知道关于 targets
字段还有什么要检查的吗??
我忘记了 json.dumps()
POST
有效载荷(并且可能在 header 中添加了 content-type
)。
下面的示例有效(这次身份验证是通过来自 /session
的令牌完成的,但同样适用于问题中的授权密钥)
headers = {
"X-Cookie": "token={token};".format(token=token),
"content-type": "application/json"
}
data = {
"uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
"settings": {
"name": "myscan1",
"policy_id": "4",
"enabled": "false",
"text_targets": "192.168.1.1",
}
}
r = requests.post('https://localhost:8834/scans', data=json.dumps(data), verify=False, headers=headers)