Support tenable API keys
This commit is contained in:
pemontto
@ -42,7 +42,7 @@ class NessusAPI(object):
|
||||
}
|
||||
SEVERITY_MAPPING = {'none': 0, 'low': 1, 'medium': 2, 'high': 3, 'critical': 4}
|
||||
|
||||
def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None):
|
||||
def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None, access_key=None, secret_key=None):
|
||||
self.logger = logging.getLogger('NessusAPI')
|
||||
if verbose:
|
||||
self.logger.setLevel(logging.DEBUG)
|
||||
@ -51,6 +51,9 @@ class NessusAPI(object):
|
||||
|
||||
self.user = username
|
||||
self.password = password
|
||||
self.api_keys = False
|
||||
self.access_key = access_key
|
||||
self.secret_key = secret_key
|
||||
self.base = 'https://{hostname}:{port}'.format(hostname=hostname, port=port)
|
||||
self.verbose = verbose
|
||||
self.profile = profile
|
||||
@ -71,7 +74,13 @@ class NessusAPI(object):
|
||||
'X-Cookie': None
|
||||
}
|
||||
|
||||
if self.profile == 'tenable' and all((self.access_key, self.secret_key)):
|
||||
self.logger.debug('Using Tenable API keys')
|
||||
self.api_keys = True
|
||||
self.session.headers['X-ApiKeys'] = 'accessKey={}; secretKey={}'.format(self.access_key, self.secret_key)
|
||||
else:
|
||||
self.login()
|
||||
|
||||
self.scans = self.get_scans()
|
||||
self.scan_ids = self.get_scan_ids()
|
||||
|
||||
@ -97,8 +106,10 @@ class NessusAPI(object):
|
||||
if url == self.base + self.SESSION:
|
||||
break
|
||||
try:
|
||||
self.login()
|
||||
timeout += 1
|
||||
if self.api_keys:
|
||||
continue
|
||||
self.login()
|
||||
self.logger.info('Token refreshed')
|
||||
except Exception as e:
|
||||
self.logger.error('Could not refresh token\nReason: {}'.format(str(e)))
|
||||
@ -144,6 +155,7 @@ class NessusAPI(object):
|
||||
req = self.request(query, data=json.dumps(data), method='POST', json_output=True)
|
||||
try:
|
||||
file_id = req['file']
|
||||
if not self.api_keys:
|
||||
token_id = req['token'] if 'token' in req else req['temp_token']
|
||||
except Exception as e:
|
||||
self.logger.error('{}'.format(str(e)))
|
||||
|
||||
@ -315,6 +315,8 @@ class vulnWhispererNessus(vulnWhispererBase):
|
||||
|
||||
self.develop = True
|
||||
self.purge = purge
|
||||
self.access_key = None
|
||||
self.secret_key = None
|
||||
|
||||
if config is not None:
|
||||
try:
|
||||
@ -324,21 +326,30 @@ class vulnWhispererNessus(vulnWhispererBase):
|
||||
'trash')
|
||||
|
||||
try:
|
||||
self.logger.info('Attempting to connect to nessus...')
|
||||
self.access_key = self.config.get(self.CONFIG_SECTION,'access_key')
|
||||
self.secret_key = self.config.get(self.CONFIG_SECTION,'secret_key')
|
||||
except:
|
||||
pass
|
||||
|
||||
try:
|
||||
self.logger.info('Attempting to connect to {}...'.format(self.CONFIG_SECTION))
|
||||
self.nessus = \
|
||||
NessusAPI(hostname=self.hostname,
|
||||
port=self.nessus_port,
|
||||
username=self.username,
|
||||
password=self.password,
|
||||
profile=self.CONFIG_SECTION
|
||||
profile=self.CONFIG_SECTION,
|
||||
access_key=self.access_key,
|
||||
secret_key=self.secret_key
|
||||
)
|
||||
self.nessus_connect = True
|
||||
self.logger.info('Connected to nessus on {host}:{port}'.format(host=self.hostname,
|
||||
self.logger.info('Connected to {} on {host}:{port}'.format(self.CONFIG_SECTION, host=self.hostname,
|
||||
port=str(self.nessus_port)))
|
||||
except Exception as e:
|
||||
self.logger.error('Exception: {}'.format(str(e)))
|
||||
raise Exception(
|
||||
'Could not connect to nessus -- Please verify your settings in {config} are correct and try again.\nReason: {e}'.format(
|
||||
'Could not connect to {} -- Please verify your settings in {config} are correct and try again.\nReason: {e}'.format(
|
||||
self.CONFIG_SECTION,
|
||||
config=self.config.config_in,
|
||||
e=e))
|
||||
except Exception as e:
|
||||
@ -641,7 +652,7 @@ class vulnWhispererQualys(vulnWhispererBase):
|
||||
if cleanup:
|
||||
self.logger.info('Removing report {} from Qualys Database'.format(generated_report_id))
|
||||
cleaning_up = self.qualys_scan.qw.delete_report(generated_report_id)
|
||||
# os.remove(self.path_check(str(generated_report_id) + '.csv'))
|
||||
os.remove(self.path_check(str(generated_report_id) + '.csv'))
|
||||
self.logger.info('Deleted report from local disk: {}'.format(self.path_check(str(generated_report_id))))
|
||||
else:
|
||||
self.logger.error('Could not process report ID: {}'.format(status))
|
||||
@ -1266,9 +1277,6 @@ class vulnWhisperer(object):
|
||||
|
||||
if self.profile == 'nessus':
|
||||
vw = vulnWhispererNessus(config=self.config,
|
||||
username=self.username,
|
||||
password=self.password,
|
||||
verbose=self.verbose,
|
||||
profile=self.profile)
|
||||
self.exit_code += vw.whisper_nessus()
|
||||
|
||||
@ -1282,9 +1290,6 @@ class vulnWhisperer(object):
|
||||
|
||||
elif self.profile == 'tenable':
|
||||
vw = vulnWhispererNessus(config=self.config,
|
||||
username=self.username,
|
||||
password=self.password,
|
||||
verbose=self.verbose,
|
||||
profile=self.profile)
|
||||
self.exit_code += vw.whisper_nessus()
|
||||
|
||||
|
||||
Reference in New Issue
Block a user