Python 2.7 如何使用NessRestAPI(python)以xml格式导出nessus扫描报告?
我正在尝试使用python自动运行和下载nessus扫描。我一直在使用NessRESTAPI for python,并且能够成功地运行扫描,但没有成功下载nessus格式的报告 你知道我该怎么做吗?我一直在使用模块scan_下载,但实际上在扫描完成之前就已经执行了Python 2.7 如何使用NessRestAPI(python)以xml格式导出nessus扫描报告?,python-2.7,nessus,Python 2.7,Nessus,我正在尝试使用python自动运行和下载nessus扫描。我一直在使用NessRESTAPI for python,并且能够成功地运行扫描,但没有成功下载nessus格式的报告 你知道我该怎么做吗?我一直在使用模块scan_下载,但实际上在扫描完成之前就已经执行了 提前谢谢你的帮助 回顾一下这个问题,下面是一个使用Nessrest API从nessus主机中提取CSV报告导出的示例 #!/usr/bin/python2.7 import sys import os import io from
提前谢谢你的帮助 回顾一下这个问题,下面是一个使用Nessrest API从nessus主机中提取CSV报告导出的示例
#!/usr/bin/python2.7
import sys
import os
import io
from nessrest import ness6rest
file_format = 'csv' # options: nessus, csv, db, html
dbpasswd = ''
scan = ness6rest.Scanner(url="https://nessus:8834", login="admin", password="P@ssword123", insecure=True)
scan.action(action='scans', method='get')
folders = scan.res['folders']
scans = scan.res['scans']
if scan:
scan.action(action='scans', method='get')
folders = scan.res['folders']
scans = scan.res['scans']
for f in folders:
if not os.path.exists(f['name']):
if not f['type'] == 'trash':
os.mkdir(f['name'])
for s in scans:
scan.scan_name = s['name']
scan.scan_id = s['id']
folder_name = next(f['name'] for f in folders if f['id'] == s['folder_id'])
folder_type = next(f['type'] for f in folders if f['id'] == s['folder_id'])
# skip trash items
if folder_type == 'trash':
continue
if s['status'] == 'completed':
file_name = '%s_%s.%s' % (scan.scan_name, scan.scan_id, file_format)
file_name = file_name.replace('\\','_')
file_name = file_name.replace('/','_')
file_name = file_name.strip()
relative_path_name = folder_name + '/' + file_name
# PDF not yet supported
# python API wrapper nessrest returns the PDF as a string object instead of a byte object, making writing and correctly encoding the file a chore...
# other formats can be written out in text mode
file_modes = 'wb'
# DB is binary mode
#if args.format == "db":
# file_modes = 'wb'
with io.open(relative_path_name, file_modes) as fp:
if file_format != "db":
fp.write(scan.download_scan(export_format=file_format))
else:
fp.write(scan.download_scan(export_format=file_format, dbpasswd=dbpasswd))
可以在这里看到更多示例
回顾一下这个问题,下面是一个使用Nessrest API从nessus主机中提取CSV报告导出的示例
#!/usr/bin/python2.7
import sys
import os
import io
from nessrest import ness6rest
file_format = 'csv' # options: nessus, csv, db, html
dbpasswd = ''
scan = ness6rest.Scanner(url="https://nessus:8834", login="admin", password="P@ssword123", insecure=True)
scan.action(action='scans', method='get')
folders = scan.res['folders']
scans = scan.res['scans']
if scan:
scan.action(action='scans', method='get')
folders = scan.res['folders']
scans = scan.res['scans']
for f in folders:
if not os.path.exists(f['name']):
if not f['type'] == 'trash':
os.mkdir(f['name'])
for s in scans:
scan.scan_name = s['name']
scan.scan_id = s['id']
folder_name = next(f['name'] for f in folders if f['id'] == s['folder_id'])
folder_type = next(f['type'] for f in folders if f['id'] == s['folder_id'])
# skip trash items
if folder_type == 'trash':
continue
if s['status'] == 'completed':
file_name = '%s_%s.%s' % (scan.scan_name, scan.scan_id, file_format)
file_name = file_name.replace('\\','_')
file_name = file_name.replace('/','_')
file_name = file_name.strip()
relative_path_name = folder_name + '/' + file_name
# PDF not yet supported
# python API wrapper nessrest returns the PDF as a string object instead of a byte object, making writing and correctly encoding the file a chore...
# other formats can be written out in text mode
file_modes = 'wb'
# DB is binary mode
#if args.format == "db":
# file_modes = 'wb'
with io.open(relative_path_name, file_modes) as fp:
if file_format != "db":
fp.write(scan.download_scan(export_format=file_format))
else:
fp.write(scan.download_scan(export_format=file_format, dbpasswd=dbpasswd))
可以在这里看到更多示例
下载之前,您必须“导出”报告。您可以使用/status API方法检查正在进行的扫描的状态。工作流应该如下所示:getToken()、startScan()、checkIfFinished()、export()、download()。在下载之前,您必须“导出”报表。您可以使用/status API方法检查正在进行的扫描的状态。工作流应该如下所示:getToken()、startScan()、checkIfFinished()、export()、download()