gremwell / pynessus Goto Github PK
View Code? Open in Web Editor NEWClient for the Nessus vulnerability scanner REST API.
License: Other
Client for the Nessus vulnerability scanner REST API.
License: Other
in some situations the script decides the scan is complete while it is not.
it appears to happen when scanning a large network with few fast hosts. when all responding hosts are scanned, but not all network is covered, the script stops polling and tries to download the report and fails horribly
To reproduce
abb@e6510x:/dvp/pynessus/scripts$ python skanner.py -c nessus.conf -i localhost -n test201411240745 -p "nonexistent"/dvp/pynessus/scripts$ echo $?
abb@e6510x:
0
Instead, the scanner should die (throw an exception for example) and return non-zero exit code.
perhaps provide an option to specify scan id, so the script can wait for it completition and download the report once scan is done. it means durijng the normal operation the scanner needs to display can id to the user
There are a error when i login using username, pass:
if server.login(User("admin", "admin")):
File "C:\Python27\lib\site-packages\pynessus\nessus.py", line 205, in login
response = self._api_request("POST", "/login", params)
File "C:\Python27\lib\site-packages\pynessus\nessus.py", line 157, in _api_request
response = json.loads(self._request(method, target, json.dumps(params)))
File "C:\Python27\lib\site-packages\pynessus\nessus.py", line 130, in _request
self._connection.request(method, target, params, self._headers if headers is None else headers)
File "C:\Python27\lib\httplib.py", line 1053, in request
self._send_request(method, url, body, headers)
File "C:\Python27\lib\httplib.py", line 1093, in _send_request
self.endheaders(body)
File "C:\Python27\lib\httplib.py", line 1049, in endheaders
self._send_output(message_body)
File "C:\Python27\lib\httplib.py", line 893, in _send_output
self.send(msg)
File "C:\Python27\lib\httplib.py", line 855, in send
self.connect()
File "C:\Python27\lib\httplib.py", line 1274, in connect
server_hostname=server_hostname)
File "C:\Python27\lib\ssl.py", line 352, in wrap_socket
_context=self)
File "C:\Python27\lib\ssl.py", line 579, in init
self.do_handshake()
File "C:\Python27\lib\ssl.py", line 808, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
There is potential division by zero in pynessus/nessus.py line 1232
def get_scan_progress(self, scan):
params = {"id" : scan.uuid}
response = self._api_request("POST", "/result/details", params)
current = 0.0
total = 0.0 if len(response["hosts"]) else 1.0
for host in response["hosts"]:
current += host["scanprogresscurrent"]
total += host["scanprogresstotal"]
return current/total*100.0
When creating a diff between two scans, downloading the nessus file always fail.
Please document the expected behavior of get_scan_progress() and get_scan_status() commands.
Strings returned by status() should be defined as constants, the client should never be able to compare the result of status() with something line Nessus.STATUS_RUNNING instead of using "running" string in their code.
operations like progress polling, report download should be retried couple times before giving up
My team uses Poetry to manage dependencies for a variety of reasons
The project looks like its exactly what we need but the PyPi for it hasn't been updated in a bit and the wheel build is failing
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-install-mcdn5pmj/python-nessus_b2a10e6af8d3490f96a6e989812f5243/setup.py", line 2, in <module>
VERSION = __import__("pynessus").__version__
File "/tmp/pip-install-mcdn5pmj/python-nessus_b2a10e6af8d3490f96a6e989812f5243/pynessus/__init__.py", line 2, in <module>
from nessus import Nessus, NessusAPIError
ModuleNotFoundError: No module named 'nessus'
@qkaiser would you mind updating that package, please? :)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.