Objective: use nessrest to login to server Nessus 6.7.0, to perform a scan.
Problem: Our python program can not log in.
We are currently using:
โข Python 3.4
โข Security Center 5.3.2
โข Nessus 6.7.0
Python Program: nessus_1.py
! /usr/local/bin/python
import json
import requests
from nessrest import ness6rest
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL")
print('Exit Program')
Run nessus_1.py python program
Traceback (most recent call last):
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 544, in urlopen
body=body, headers=headers)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 341, in _make_request
self._validate_conn(conn)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 762, in validate_conn
conn.connect()
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connection.py", line 238, in connect
ssl_version=resolved_ssl_version)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\util\ssl.py", line 256, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Python34\lib\ssl.py", line 364, in wrap_socket
_context=self)
File "C:\Python34\lib\ssl.py", line 578, in init
self.do_handshake()
File "C:\Python34\lib\ssl.py", line 805, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\adapters.py", line 370, in send
timeout=timeout
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 574, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 211, in action
verify=verify, headers=headers)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\api.py", line 49, in request
response = session.request(method=method, url=url, *_kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\sessions.py", line 461, in request
resp = self.send(prep, *_send_kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\adapters.py", line 431, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "E:\tenable\nessus_1.py", line 6, in
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL")
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 110, in init
self._login(login, password)
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 128, in _login
retry=False)
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 244, in action
raise SSLException('%s for %s.' % (ssl_error, url))
nessrest.ness6rest.SSLException: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598) for https://777.777.7.77:8834/session.
Python Program: nessus_2.py (Try insecure=True)
! /usr/local/bin/python
import json
import requests
from nessrest import ness6rest
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL", insecure=True)
print('Finish')
Run nessus_2.py python program
_START ERROR_
JSON :
{}
{}
HEADERS :
{'X-Cookie': 'token=b2c217df90e152226fe81df5c8f1f814ac0dd86c070d5a2b', 'Content-type': 'application/json', 'Accept': 'text/plain'}
URL : https://777.777.7.77:8834/scanners
METHOD : get
RESPONSE: 403
{
"error": "You are not authorized to perform this request"
}
_END ERROR_
Finish
Python Program: nessus_3.py (try disable SSL Certificate)
! /usr/local/bin/python
import json
import requests
from nessrest import ness6rest
dissable SSL Certificate
requests.packages.urllib3.disable_warnings()
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL", insecure=True)
print('Finish')
Run nessus_3.py python program
_START ERROR_
JSON :
{}
{}
HEADERS :
{'Content-type': 'application/json', 'Accept': 'text/plain', 'X-Cookie': 'token=9161ce642add6f95118b0e1f12328d611e7ca43de4a90120'}
URL : https://777.777.7.77:8834/scanners
METHOD : get
RESPONSE: 403
{
"error": "You are not authorized to perform this request"
}
_END ERROR_
Finish
Python Program: nessus_4.py (try using access_key and secret_key )
! /usr/local/bin/python
import json
import requests
from nessrest import ness6rest
access_key = '7777c8c98a1fdcb8a02dc2ccc2ad10d50f43a29ed2ee3f58a92b99ef2aeb74a3'
secret_key = '666664982d8aaf74f9351b544c5f06439a9a80a88f28cfeeb27105cda14b1da4'
headers = {'Content-type': 'application/json','X-ApiKeys': 'accessKey='+access_key+'; secretKey='+secret_key}
_dissable SSL Certificate
requests.packages.urllib3.disable_warnings()
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL")
print('Exit Program')
Run nessus_4.py python program
Traceback (most recent call last):
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 544, in urlopen
body=body, headers=headers)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 341, in _make_request
self._validate_conn(conn)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 762, in validate_conn
conn.connect()
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connection.py", line 238, in connect
ssl_version=resolved_ssl_version)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\util\ssl.py", line 256, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\Python34\lib\ssl.py", line 364, in wrap_socket
_context=self)
File "C:\Python34\lib\ssl.py", line 578, in init
self.do_handshake()
File "C:\Python34\lib\ssl.py", line 805, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\adapters.py", line 370, in send
timeout=timeout
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 574, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 211, in action
verify=verify, headers=headers)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\api.py", line 49, in request
response = session.request(method=method, url=url, *_kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\sessions.py", line 461, in request
resp = self.send(prep, *_send_kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\adapters.py", line 431, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "E:\tenable\nessus_4.py", line 12, in
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL")
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 110, in init
self._login(login, password)
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 128, in _login
retry=False)
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 244, in action
raise SSLException('%s for %s.' % (ssl_error, url))
nessrest.ness6rest.SSLException: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598) for https://777.777.7.77:8834/session.
Python Program: nessus_5.py (try using ca_bundle, PEM certificate in the same directory)
! /usr/local/bin/python
import json
import requests
from nessrest import ness6rest
_dissable SSL Certificate
requests.packages.urllib3.disable_warnings()
PEM certifcate is store same directory as program
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL", ca_bundle="neust_swt2.pem")
print('Exit Program')
Run nessus_5.py python program
Traceback (most recent call last):
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\util\ssl_.py", line 244, in ssl_wrap_socket
context.load_verify_locations(ca_certs)
FileNotFoundError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\adapters.py", line 370, in send
timeout=timeout
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 544, in urlopen
body=body, headers=headers)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 341, in _make_request
self._validate_conn(conn)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connectionpool.py", line 762, in validate_conn
conn.connect()
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\connection.py", line 238, in connect
ssl_version=resolved_ssl_version)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\packages\urllib3\util\ssl.py", line 246, in ssl_wrap_socket
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 211, in action
verify=verify, headers=headers)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\api.py", line 49, in request
response = session.request(method=method, url=url, *_kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\sessions.py", line 461, in request
resp = self.send(prep, *_send_kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\sessions.py", line 573, in send
r = adapter.send(request, **kwargs)
File "C:\Users\homersimpson\AppData\Roaming\Python\Python34\site-packages\requests\adapters.py", line 431, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 2] No such file or directory
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "E:\tenable\nessus_5.py", line 9, in
scan = ness6rest.Scanner(url="https://777.777.7.77:8834", login="bozoclown", password="!++6678awoL", ca_bundle="neust_swt2.pem")
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 110, in init
self._login(login, password)
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 128, in _login
retry=False)
File "C:\Python34\lib\site-packages\nessrest\ness6rest.py", line 244, in action
raise SSLException('%s for %s.' % (ssl_error, url))
nessrest.ness6rest.SSLException: [Errno 2] No such file or directory for https://777.777.7.77:8834/session.
We tried Tenable Support, but they know nothing.
The GitHub forum is are only hope.
Thank You for your time.