diff --git a/configs/frameworks_example.ini b/configs/frameworks_example.ini index 3529aeb..61a8af5 100755 --- a/configs/frameworks_example.ini +++ b/configs/frameworks_example.ini @@ -2,6 +2,8 @@ enabled=true hostname=localhost port=8834 +access_key= +secret_key= username=nessus_username password=nessus_password write_path=/opt/VulnWhisperer/data/nessus/ diff --git a/configs/test.ini b/configs/test.ini index 7bd5625..ed73b36 100755 --- a/configs/test.ini +++ b/configs/test.ini @@ -2,6 +2,8 @@ enabled=true hostname=nessus port=443 +access_key= +secret_key= username=nessus_username password=nessus_password write_path=/opt/VulnWhisperer/data/nessus/ diff --git a/vulnwhisp/frameworks/nessus.py b/vulnwhisp/frameworks/nessus.py index 9be8103..4796c2b 100755 --- a/vulnwhisp/frameworks/nessus.py +++ b/vulnwhisp/frameworks/nessus.py @@ -74,8 +74,8 @@ class NessusAPI(object): 'X-Cookie': None } - if self.profile == 'tenable' and all((self.access_key, self.secret_key)): - self.logger.debug('Using Tenable API keys') + if all((self.access_key, self.secret_key)): + self.logger.debug('Using {} API keys'.format(self.profile)) self.api_keys = True self.session.headers['X-ApiKeys'] = 'accessKey={}; secretKey={}'.format(self.access_key, self.secret_key) else: @@ -155,7 +155,7 @@ class NessusAPI(object): req = self.request(query, data=json.dumps(data), method='POST', json_output=True) try: file_id = req['file'] - if not self.api_keys: + if self.profile == 'nessus': token_id = req['token'] if 'token' in req else req['temp_token'] except Exception as e: self.logger.error('{}'.format(str(e))) @@ -167,7 +167,7 @@ class NessusAPI(object): running = report_status['status'] != 'ready' sys.stdout.write('.') sys.stdout.flush() - if self.profile == 'tenable': + if self.profile == 'tenable' or self.api_keys: content = self.request(self.EXPORT_FILE_DOWNLOAD.format(scan_id=scan_id, file_id=file_id), method='GET', download=True) else: content = self.request(self.EXPORT_TOKEN_DOWNLOAD.format(token_id=token_id), method='GET', download=True)