Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support tenable API keys

Browse Source
This commit is contained in:
pemontto
2019-04-29 16:18:07 +01:00
parent b49dfbde89
commit b31d1b8098
4 changed files with 34 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configs/frameworks_example.ini
View File

@ -13,6 +13,8 @@ verbose=true
enabled=true enabled=true
hostname=cloud.tenable.com hostname=cloud.tenable.com
port=443 port=443
access_key=
secret_key=
username=tenable.io_username username=tenable.io_username
password=tenable.io_password password=tenable.io_password
write_path=/opt/VulnWhisperer/data/tenable/ write_path=/opt/VulnWhisperer/data/tenable/

2
configs/test.ini
View File

@ -13,6 +13,8 @@ verbose=true
enabled=true enabled=true
hostname=tenable hostname=tenable
port=443 port=443
access_key=
secret_key=
username=tenable.io_username username=tenable.io_username
password=tenable.io_password password=tenable.io_password
write_path=/opt/VulnWhisperer/data/tenable/ write_path=/opt/VulnWhisperer/data/tenable/

16
vulnwhisp/frameworks/nessus.py
View File

@ -42,7 +42,7 @@ class NessusAPI(object):
} }
SEVERITY_MAPPING = {'none': 0, 'low': 1, 'medium': 2, 'high': 3, 'critical': 4} SEVERITY_MAPPING = {'none': 0, 'low': 1, 'medium': 2, 'high': 3, 'critical': 4}
def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None): def __init__(self, hostname=None, port=None, username=None, password=None, verbose=True, profile=None, access_key=None, secret_key=None):
self.logger = logging.getLogger('NessusAPI') self.logger = logging.getLogger('NessusAPI')
if verbose: if verbose:
self.logger.setLevel(logging.DEBUG) self.logger.setLevel(logging.DEBUG)
@ -51,6 +51,9 @@ class NessusAPI(object):
self.user = username self.user = username
self.password = password self.password = password
self.api_keys = False
self.access_key = access_key
self.secret_key = secret_key
self.base = 'https://{hostname}:{port}'.format(hostname=hostname, port=port) self.base = 'https://{hostname}:{port}'.format(hostname=hostname, port=port)
self.verbose = verbose self.verbose = verbose
self.profile = profile self.profile = profile
@ -71,7 +74,13 @@ class NessusAPI(object):
'X-Cookie': None 'X-Cookie': None
} }
if self.profile == 'tenable' and all((self.access_key, self.secret_key)):
self.logger.debug('Using Tenable API keys')
self.api_keys = True
self.session.headers['X-ApiKeys'] = 'accessKey={}; secretKey={}'.format(self.access_key, self.secret_key)
else:
self.login() self.login()
self.scans = self.get_scans() self.scans = self.get_scans()
self.scan_ids = self.get_scan_ids() self.scan_ids = self.get_scan_ids()
@ -97,8 +106,10 @@ class NessusAPI(object):
if url == self.base + self.SESSION: if url == self.base + self.SESSION:
break break
try: try:
self.login()
timeout += 1 timeout += 1
if self.api_keys:
continue
self.login()
self.logger.info('Token refreshed') self.logger.info('Token refreshed')
except Exception as e: except Exception as e:
self.logger.error('Could not refresh token\nReason: {}'.format(str(e))) self.logger.error('Could not refresh token\nReason: {}'.format(str(e)))
@ -144,6 +155,7 @@ class NessusAPI(object):
req = self.request(query, data=json.dumps(data), method='POST', json_output=True) req = self.request(query, data=json.dumps(data), method='POST', json_output=True)
try: try:
file_id = req['file'] file_id = req['file']
if not self.api_keys:
token_id = req['token'] if 'token' in req else req['temp_token'] token_id = req['token'] if 'token' in req else req['temp_token']
except Exception as e: except Exception as e:
self.logger.error('{}'.format(str(e))) self.logger.error('{}'.format(str(e)))

27
vulnwhisp/vulnwhisp.py
View File

@ -315,6 +315,8 @@ class vulnWhispererNessus(vulnWhispererBase):
self.develop = True self.develop = True
self.purge = purge self.purge = purge
self.access_key = None
self.secret_key = None
if config is not None: if config is not None:
try: try:
@ -324,21 +326,30 @@ class vulnWhispererNessus(vulnWhispererBase):
'trash') 'trash')
try: try:
self.logger.info('Attempting to connect to nessus...') self.access_key = self.config.get(self.CONFIG_SECTION,'access_key')
self.secret_key = self.config.get(self.CONFIG_SECTION,'secret_key')
except:
pass
try:
self.logger.info('Attempting to connect to {}...'.format(self.CONFIG_SECTION))
self.nessus = \ self.nessus = \
NessusAPI(hostname=self.hostname, NessusAPI(hostname=self.hostname,
port=self.nessus_port, port=self.nessus_port,
username=self.username, username=self.username,
password=self.password, password=self.password,
profile=self.CONFIG_SECTION profile=self.CONFIG_SECTION,
access_key=self.access_key,
secret_key=self.secret_key
) )
self.nessus_connect = True self.nessus_connect = True
self.logger.info('Connected to nessus on {host}:{port}'.format(host=self.hostname, self.logger.info('Connected to {} on {host}:{port}'.format(self.CONFIG_SECTION, host=self.hostname,
port=str(self.nessus_port))) port=str(self.nessus_port)))
except Exception as e: except Exception as e:
self.logger.error('Exception: {}'.format(str(e))) self.logger.error('Exception: {}'.format(str(e)))
raise Exception( raise Exception(
'Could not connect to nessus -- Please verify your settings in {config} are correct and try again.\nReason: {e}'.format( 'Could not connect to {} -- Please verify your settings in {config} are correct and try again.\nReason: {e}'.format(
self.CONFIG_SECTION,
config=self.config.config_in, config=self.config.config_in,
e=e)) e=e))
except Exception as e: except Exception as e:
@ -641,7 +652,7 @@ class vulnWhispererQualys(vulnWhispererBase):
if cleanup: if cleanup:
self.logger.info('Removing report {} from Qualys Database'.format(generated_report_id)) self.logger.info('Removing report {} from Qualys Database'.format(generated_report_id))
cleaning_up = self.qualys_scan.qw.delete_report(generated_report_id) cleaning_up = self.qualys_scan.qw.delete_report(generated_report_id)
# os.remove(self.path_check(str(generated_report_id) + '.csv')) os.remove(self.path_check(str(generated_report_id) + '.csv'))
self.logger.info('Deleted report from local disk: {}'.format(self.path_check(str(generated_report_id)))) self.logger.info('Deleted report from local disk: {}'.format(self.path_check(str(generated_report_id))))
else: else:
self.logger.error('Could not process report ID: {}'.format(status)) self.logger.error('Could not process report ID: {}'.format(status))
@ -1266,9 +1277,6 @@ class vulnWhisperer(object):
if self.profile == 'nessus': if self.profile == 'nessus':
vw = vulnWhispererNessus(config=self.config, vw = vulnWhispererNessus(config=self.config,
username=self.username,
password=self.password,
verbose=self.verbose,
profile=self.profile) profile=self.profile)
self.exit_code += vw.whisper_nessus() self.exit_code += vw.whisper_nessus()
@ -1282,9 +1290,6 @@ class vulnWhisperer(object):
elif self.profile == 'tenable': elif self.profile == 'tenable':
vw = vulnWhispererNessus(config=self.config, vw = vulnWhispererNessus(config=self.config,
username=self.username,
password=self.password,
verbose=self.verbose,
profile=self.profile) profile=self.profile)
self.exit_code += vw.whisper_nessus() self.exit_code += vw.whisper_nessus()