1

我正在尝试通过文档后的 API 在 Nessus (6.4) 中创建新扫描。我设置了策略,创建扫描的代码是

import requests

headers = {
    "X-ApiKeys": "accessKey = 8cc43676fe7e9046353fcd36c41c61f4f78f7a8df646653fbde4641e352d36d9; secretKey = ab7eeafbe3f9f544b10496ff63297f8f55692cc5f4dca3f3d74e0917b6ec2ed0;"
}

data = {
    "uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
    "settings": {
        "name": "myscan1",
        "policy_id": "4",
        "enabled": "false",
        "text_targets": "192.168.1.1"
    }
}
r = requests.post('https://localhost:8834/scans', data=data, verify=False, headers=headers)
print(r.status_code, r.text)

这输出

(400, u'{"error":"Invalid \'targets\' field"}')

该文档明确给出了 POST 正文的示例:

以下是此请求的示例正文:

{
    "uuid": {template_uuid},
    "settings": {
        "name": {string},
        "description": {string},
        "emails": {string},
        "enabled": "true",
        "launch": {string},
        "folder_id": {integer},
        "policy_id": {integer},
        "scanner_id": {integer},
        "text_targets": {string},
        "use_dashboard": {boolean}
    }
}

我检查了界面中的实际扫描创建,分析了 HTTPS 流量。POST 正文以

{  
   "uuid":"ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66",
   "settings":{  
      "name":"test1",
      "description":"",
      "folder_id":"3",
      "scanner_id":"1",
      "text_targets":"192.168.1.1",
      "file_targets":"",
(...)

所以看起来目标提供正确。

targets知道关于该领域还有什么要检查的吗?

4

1 回答 1

2

我忘记json.dumps()了有效载荷(并且可能在标题中POST添加了一个)。content-type

下面的示例有效(这次身份验证是通过来自 的令牌完成的/session,但同样适用于问题中的授权密钥)

headers = {
    "X-Cookie": "token={token};".format(token=token),
    "content-type": "application/json"
}

data = {
    "uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
    "settings": {
        "name": "myscan1",
        "policy_id": "4",
        "enabled": "false",
        "text_targets": "192.168.1.1",
    }
}

r = requests.post('https://localhost:8834/scans', data=json.dumps(data), verify=False, headers=headers)
于 2015-07-11T15:00:37.327 回答