diff --git a/configs/frameworks_example.ini b/configs/frameworks_example.ini index 20410cb..3529aeb 100755 --- a/configs/frameworks_example.ini +++ b/configs/frameworks_example.ini @@ -13,6 +13,8 @@ verbose=true enabled=true hostname=cloud.tenable.com port=443 +access_key= +secret_key= username=tenable.io_username password=tenable.io_password write_path=/opt/VulnWhisperer/data/tenable/ diff --git a/configs/test.ini b/configs/test.ini index 6cd5424..7bd5625 100755 --- a/configs/test.ini +++ b/configs/test.ini @@ -13,6 +13,8 @@ verbose=true enabled=true hostname=tenable port=443 +access_key= +secret_key= username=tenable.io_username password=tenable.io_password write_path=/opt/VulnWhisperer/data/tenable/ diff --git a/vulnwhisp/frameworks/nessus.py b/vulnwhisp/frameworks/nessus.py index 32c50ab..8c855f9 100755 --- a/vulnwhisp/frameworks/nessus.py +++ b/vulnwhisp/frameworks/nessus.py @@ -42,7 +42,7 @@ class NessusAPI(object): } SEVERITY_MAPPING = {'none': 0, 'low': 1, 'medium': 2, 'high': 3, 'critical': 4} - def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None): + def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None, access_key=None, secret_key=None): self.logger = logging.getLogger('NessusAPI') if verbose: self.logger.setLevel(logging.DEBUG) @@ -51,6 +51,9 @@ class NessusAPI(object): self.user = username self.password = password + self.api_keys = False + self.access_key = access_key + self.secret_key = secret_key self.base = 'https://{hostname}:{port}'.format(hostname=hostname, port=port) self.verbose = verbose self.profile = profile @@ -71,7 +74,13 @@ class NessusAPI(object): 'X-Cookie': None } + if self.profile == 'tenable' and all((self.access_key, self.secret_key)): + self.logger.debug('Using Tenable API keys') + self.api_keys = True + self.session.headers['X-ApiKeys'] = 'accessKey={}; secretKey={}'.format(self.access_key, self.secret_key) + else: self.login() + self.scans = self.get_scans() self.scan_ids = self.get_scan_ids() @@ -97,8 +106,10 @@ class NessusAPI(object): if url == self.base + self.SESSION: break try: - self.login() timeout += 1 + if self.api_keys: + continue + self.login() self.logger.info('Token refreshed') except Exception as e: self.logger.error('Could not refresh token\nReason: {}'.format(str(e))) @@ -144,6 +155,7 @@ class NessusAPI(object): req = self.request(query, data=json.dumps(data), method='POST', json_output=True) try: file_id = req['file'] + if not self.api_keys: token_id = req['token'] if 'token' in req else req['temp_token'] except Exception as e: self.logger.error('{}'.format(str(e))) diff --git a/vulnwhisp/vulnwhisp.py b/vulnwhisp/vulnwhisp.py index 2da3878..d15bc03 100755 --- a/vulnwhisp/vulnwhisp.py +++ b/vulnwhisp/vulnwhisp.py @@ -315,6 +315,8 @@ class vulnWhispererNessus(vulnWhispererBase): self.develop = True self.purge = purge + self.access_key = None + self.secret_key = None if config is not None: try: @@ -324,21 +326,30 @@ class vulnWhispererNessus(vulnWhispererBase): 'trash') try: - self.logger.info('Attempting to connect to nessus...') + self.access_key = self.config.get(self.CONFIG_SECTION,'access_key') + self.secret_key = self.config.get(self.CONFIG_SECTION,'secret_key') + except: + pass + + try: + self.logger.info('Attempting to connect to {}...'.format(self.CONFIG_SECTION)) self.nessus = \ NessusAPI(hostname=self.hostname, port=self.nessus_port, username=self.username, password=self.password, - profile=self.CONFIG_SECTION + profile=self.CONFIG_SECTION, + access_key=self.access_key, + secret_key=self.secret_key ) self.nessus_connect = True - self.logger.info('Connected to nessus on {host}:{port}'.format(host=self.hostname, + self.logger.info('Connected to {} on {host}:{port}'.format(self.CONFIG_SECTION, host=self.hostname, port=str(self.nessus_port))) except Exception as e: self.logger.error('Exception: {}'.format(str(e))) raise Exception( - 'Could not connect to nessus -- Please verify your settings in {config} are correct and try again.\nReason: {e}'.format( + 'Could not connect to {} -- Please verify your settings in {config} are correct and try again.\nReason: {e}'.format( + self.CONFIG_SECTION, config=self.config.config_in, e=e)) except Exception as e: @@ -641,7 +652,7 @@ class vulnWhispererQualys(vulnWhispererBase): if cleanup: self.logger.info('Removing report {} from Qualys Database'.format(generated_report_id)) cleaning_up = self.qualys_scan.qw.delete_report(generated_report_id) - # os.remove(self.path_check(str(generated_report_id) + '.csv')) + os.remove(self.path_check(str(generated_report_id) + '.csv')) self.logger.info('Deleted report from local disk: {}'.format(self.path_check(str(generated_report_id)))) else: self.logger.error('Could not process report ID: {}'.format(status)) @@ -1266,9 +1277,6 @@ class vulnWhisperer(object): if self.profile == 'nessus': vw = vulnWhispererNessus(config=self.config, - username=self.username, - password=self.password, - verbose=self.verbose, profile=self.profile) self.exit_code += vw.whisper_nessus() @@ -1282,9 +1290,6 @@ class vulnWhisperer(object): elif self.profile == 'tenable': vw = vulnWhispererNessus(config=self.config, - username=self.username, - password=self.password, - verbose=self.verbose, profile=self.profile) self.exit_code += vw.whisper_nessus()