Skip to content
/ nessrest Public
forked from xorrbit/nessrest

A python library for using the new Nessus REST API.

License

View license
0 stars 129 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tmap/nessrest

BranchesTags
 
 

Repository files navigation

ness6rest.py - a REST interface to Nessus 6

Build Status PyPI Version

Dependencies:

  • Nessus 6.4.x
  • Python 2.7+ or 3.3+
  • requests module (install via pip)
  • The dependencies can be satisfied via pip install -r requirements.txt

Quick Install

pip install nessrest

Features:

  • Logins

    scan = ness6rest.Scanner(url="https://nessusscanner:8834", login="username", password="password")

creds = [credentials.WindowsPassword(username="administrator", password="foobar"),
         credentials.WindowsPassword(username="administrator", password="barfoo"),
         credentials.SshPassword(username="nessususer", password="foobar")]

scan.policy_add_creds(credentials=creds)

  • Build policies

    scan.upload(upload_file="file.audit")
scan._policy_add_audit(category="Windows", filename="file.audit")
scan.policy_add(name="Scripted Scan", plugins="21156")

  • Launch scans

    scan.scan_add(targets="192.168.0.1")
scan.scan_run()

  • Schedule scans

    scan.scan_add(targets="192.168.0.1", start="YYYYMMDDTHHMMSS")

  • Parse scan results

    scan.scan_results()

  • Download KB for target

    kbs = scan.download_kbs()

for hostname in kbs.keys():
    f = open(hostname, "w")
    f.write(kbs[hostname])
    f.close()

  • Output for ticketing/wiki format

Feature Requests:

  • Deleting of a schedule
  • Ability to change "tag" from CLI via config/CLI arg
  • Enforce supported versions of Nessus

Notes:

  • Proxies are not supported, although transparent proxies should work... transparently

nessrest - an example client

Suggested installation:

  • Find the path to your "site-packages" with: python -c "import sys; print(sys.path)"
  • Symlink ness6rest.py in the Git repo in the "site-packages" or "dist-packages" directory.
  • Test by issuing import ness6rest inside the Python interactive interpreter.

Specifying a ca_bundle

If you are using a corporate or self-signed SSL certificate, you can specify the path to a ca_bundle to use for verification by passing it to the Scanner initializer:

scan = ness6rest.Scanner(url="https://nessusscanner:8834", login="username", password="password", ca_bundle="/path/to/ca_bundle.pem")

If you are using the ness_rest client, you can pass this path on the command line using the --ca_bundle option.

Self-signed certificates

If you're running Nessus with a self-signed certificate, and you wish to disable SSL certificate checking, you can pass insecure=True to the Scanner initializer:

scan = ness6rest.Scanner(url="https://nessusscanner:8834", login="username", password="password", insecure=True)

If you're using the nessrest example client, it has an --insecure option that will do this.

Note that this will disable invalid SSL cerficate errors and should be used with caution.

Configuration file:

  • Copy ness_rest.conf.example to ness_rest.conf and configure for your scanner.
  • There are several valid paths for the location of the config file(in order):
  • The path passed from the CLI with --config
  • A permanent config file is searched for in the following locations:
    • $HOME/.ness_rest.conf
    • $HOME/.ness_rest/ness_rest.conf
    • /etc/ness_rest.conf
    • /etc/ness_rest/ness_rest.conf
    • $PWD/ness_rest.conf

Building modules:

  • To build a package to install via pip or easy_install, execute:
    • python setup.py sdist
  • The resulting build will be in $PWD/dist/nessrest-<version>.tar.gz

About

A python library for using the new Nessus REST API.

Resources

Readme

License

View license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • Python 100.0%