ness6rest.py - a REST interface to Nessus 6
- Nessus 6.4.x
- Python 2.7+ or 3.3+
- requests module (install via pip)
- The dependencies can be satisfied via
pip install -r requirements.txt
pip install nessrest
scan = ness6rest.Scanner(url="https://nessusscanner:8834", login="username", password="password") creds = [credentials.WindowsPassword(username="administrator", password="foobar"), credentials.WindowsPassword(username="administrator", password="barfoo"), credentials.SshPassword(username="nessususer", password="foobar")] scan.policy_add_creds(credentials=creds)
scan.upload(upload_file="file.audit") scan._policy_add_audit(category="Windows", filename="file.audit") scan.policy_add(name="Scripted Scan", plugins="21156")
Parse scan results
Download KB for target
kbs = scan.download_kbs() for hostname in kbs.keys(): f = open(hostname, "w") f.write(kbs[hostname]) f.close()
Output for ticketing/wiki format
- Deleting of a schedule
- Ability to change "tag" from CLI via config/CLI arg
- Enforce supported versions of Nessus
- Proxies are not supported, although transparent proxies should work... transparently
nessrest - an example client
- Find the path to your "site-packages" with:
python -c "import sys; print(sys.path)"
ness6rest.pyin the Git repo in the "site-packages" or "dist-packages" directory.
- Test by issuing
import ness6restinside the Python interactive interpreter.
Specifying a ca_bundle
If you are using a corporate or self-signed SSL certificate, you can specify the path to a ca_bundle to use for verification by passing it to the Scanner initializer:
scan = ness6rest.Scanner(url="https://nessusscanner:8834", login="username", password="password", ca_bundle="/path/to/ca_bundle.pem")
If you are using the ness_rest client, you can pass this path on the command line using the --ca_bundle option.
If you're running Nessus with a self-signed certificate, and you wish to disable SSL certificate checking, you can pass insecure=True to the Scanner initializer:
scan = ness6rest.Scanner(url="https://nessusscanner:8834", login="username", password="password", insecure=True)
If you're using the nessrest example client, it has an --insecure option that will do this.
Note that this will disable invalid SSL cerficate errors and should be used with caution.
ness_rest.confand configure for your scanner.
- There are several valid paths for the location of the config file(in order):
- The path passed from the CLI with
- A permanent config file is searched for in the following locations:
- To build a package to install via
python setup.py sdist
- The resulting build will be in