Unable to automate scan with Nessus 7 professional - rest

I am evaluating the product Nessus 7 to perform vulnerability scans on the systems in my network.I am able to perform the scans successfully, but I am unable to automate it with a python Nessrest client. The following error is thrown by the nessrest client. Please help me out with this issue. Thank you.
No Title
*****************START ERROR*****************
JSON :
{"uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40",
"settings": {"text_targets": "targetIp", "file_targets": "",
"folder_id": 82, "description": "Created with REST API", "filters": [],
"launch": "ON_DEMAND", "scanner_id": "1", "emails": "", "filter_type": "",
"name": ""}}
{}
HEADERS :
{'X-Cookie': 'token=1c1c4f11e325eb19440feaaf04706d1265f347d105a06f44',
'Content-type': 'application/json', 'Accept': 'text/plain'}
URL : https://ipaddress:8834/scans
METHOD : POST
RESPONSE: 412
{
"error": "API is not available"
}
******************END ERROR******************
Traceback (most recent call last):
File "nessrest.py", line 1, in <module>
import nessrest
File "C:\Users\ballalc\nessrest.py", line 8, in <module>
scan.scan_add(targets="ipaddress")
File "C:\Users\ballalc\ness6rest.py", line 705, in scan_add
self.scan_uuid = self.res["scan"]["uuid"]
KeyError: 'scan'

Nessus has stopped implicit API Support from 7.x. You should either be using their Free Version "Nessus Home" or licensed to "SecurityCenter or Tenable.io" to use API for automation.
If you were an existing licensee, you can still use API until December, 2018 provided you don't update to Nessus Pro v7
Nessus Update ScreenShot

I know you are willing to see copy/past solution here, but not that easy just read till the end.
Also suffer for API removal, but finally developed a small java workaround class to handle all the automation and bypass Nessus API restrictions. Do not want to publish it since if they see will block it as well. They no longer want people to use Nessus and actively forcing everyone to switch to tenable.io
I can send it to anyone personally or if needed explain how it's work.

Related

Seeks 'commentsResolvedState' API proposal, but it doesn't exist

[warning] Via 'product.json#extensionEnabledApiProposals' extension
'github.vscode-pull-request-github' wants API proposal
'commentsResolvedState' but that proposal DOES NOT EXIST. Likely, the
proposal has been finalized (check 'vscode.d.ts') or was abandoned.
I don't know what is this error msgs mean is it a bug on the current version of vscode 1.75.1?
I don't know why it's called extension even though I don't install any extension named github.vscode-pull-request-github
also I tried to (check 'vscode.d.ts') in my laptop. I dont find any file of it, there's only vscode.d. Well My code and project still works find but this error msg always appear every time I opened my vs code and kind of annoying to see. I use windows 11
This is what I found on github:
https://github.com/microsoft/vscode-pull-request-github/pull/4447/commits/f36acaff7b81f077db18e74a7c673cf249eba996
I tried to put the code in setting.json but it seems doesn't work. this is the code:
{
"name": "vscode-pull-request-github",
"displayName": "%displayName%",
"description": "%description%",
"icon": "resources/icons/github_logo.png",
"repository": {
"type": "git",
"url": "https://github.com/Microsoft/vscode-pull-request-github"
},
"bugs": {
"url": "https://github.com/Microsoft/vscode-pull-request-github/issues"
},
"enabledApiProposals": [
"tokenInformation",
"contribShareMenu",
"treeItemCheckbox",
"contribCommentPeekContext",

Script lab custom functions feature does not work

When I try to access script lab custom functions feature I am greeted with message.
Script lab -> funtions
So the issue is not even in some particular function, the whole feature does not work.
Error:
{
"stack": "RichApi.Error: There was an internal error while processing the request.\n at new n (https://appsforoffice.microsoft.com/lib/beta/hosted/excel-win32-16.01.js:26:235928)\n at n.o.processRequestExecutorResponseMessage (https://appsforoffice.microsoft.com/lib/beta/hosted/excel-win32-16.01.js:26:299150)\n at https://appsforoffice.microsoft.com/lib/beta/hosted/excel-win32-16.01.js:26:297255",
"message": "There was an internal error while processing the request.",
"name": "RichApi.Error",
"code": "GeneralException",
"traceMessages": [],
"innerError": null,
"debugInfo": {
"code": "GeneralException",
"message": "There was an internal error while processing the request.",
"errorLocation": "CustomFunctionManager.register",
"statement": "v.register(...);",
"surroundingStatements": [
"var workbook = context.workbook;",
"var v = Microsoft.ExcelServices.CustomFunctionManager.newObject();",
"// >>>>>",
"v.register(...);",
"// <<<<<"
],
"fullStatements": [
"Please enable config.extendedErrorLogging to see full statements."
]
},
"httpStatusCode": 500
}
I've had this issue. I think I've seen there are differences between 2019 standalone and Office 365 subscriptions and the office js scripts that run. In my case, I was logged into a 365 enterprise subscription which reproduces the same error described. So what I did as a work-around was simply log out. And then register the function, and then log back in again. The registered function continues to work after log in.

Unable to upload the talend job zip file from windows machine to tac through metaservlet api

Unable to call the associatePreGeneratedJob api endpoint. Keep getting the 180 error. Trying to upload the zip file from Windows machine to a tac server that is running on docker container
Talend documentation:
Command: associatePreGeneratedJob
Description : Create a new execution task with a pre-generated zip file
- targetConductor: could be [JOBCONDUCTOR, BIGDATA_STREAMING]. "JOBCONDUCTOR" is the default value.
- importType: the position where select the zip file from; 'Nexus' or 'File', default value is 'File'
Requires authentication : true
Since : 5.2
Sample :
{
"actionName": "associatePreGeneratedJob",
"active": true,
"authPass": "admin",
"authUser": "admin#company.com",
"contextName": "Default",
"description": "task1's description",
"executionServerName": "serv1",
"filePath": "'/home/talend/generatedJob.zip'",
"importType": "Nexus",
"logLevel": "Info",
"nexusArtifactId": "test",
"nexusGroupId": "org.example",
"nexusRepository": "snapshots",
"nexusVersion": "0.1.0-SNAPSHOT",
"onUnknownStateJob": "WAIT",
"pauseOnError": false,
"taskName": "task1",
"timeout": 3600
}
Specific error codes :
180: file is not a valid file or not exist
181: nexus parameters may be not correct
Reference:
Talend Metaservlet api documentation: https://help.talend.com/reader/oYf9gKhmYrkWCiSua4qLeg/SLiAyHyDTjuznLR_F~MiQQ
Have tried this.
MetaServletCaller.bat --tac-url=http://localhost:8080/org.talend.administrator/ --json-params="{"actionName":"associatePreGeneratedJob","active": true,"authPass": "admin","authUser": "admin#company.com","contextName": "Default","description":"New","executionServerName": "test", "filePath": "'C:\Users\st\Desktop\JOb\t1.zip'","logLevel": "Info","onUnknownStateJob": "WAIT","importType": "File","pauseOnError": false, "taskName": "task_new","taskType": "Normal","timeout": 3600}"
Job zip file should be uploaded to tac server
Going to the network logs and capturing the api request helped to decipher where the files were getting stored in the container. If zip files are somehow sent to that location in the container, that path can be passed to the api request
Ex path in container : /usr/local/tomcat/temp/test.zip

Smartsheet Python SDK Copy Workspace Fails

I am trying to copy a workspace to get around the 100 object limit.
Here's my code:
def rg_copy_workspace(workspace_id, new_ws_name, api_token, debug=False):
import smartsheet
smartsheet = smartsheet.Smartsheet(api_token)
smartsheet.errors_as_exceptions(True)
new_workspace = smartsheet.Workspaces.copy_workspace(
workspace_id,
smartsheet.models.ContainerDestination({
'new_name': new_ws_name
})
)
just like the example in the Python SDK.
I am testing on a workspace with a small number of objects (I started with only one Sheet)
I'm getting an error on the folder_obj. I have tried it with and without a folder, and when I have a folder with and without contents.
rg_copy_workspace(workspace_id, new_ws_name)
Traceback (most recent call last):
File "", line 1, in
rg_copy_workspace(workspace_id, new_ws_name)
File "", line 15, in rg_copy_workspace
'new_name': new_ws_name
File "(path-deleted)\workspaces.py", line 80, in copy_workspace
folder_obj = Folder({
File "(path-deleted)\smartsheet.py", line 210, in request
"""
File "(path-deleted)\smartsheet.py", line 278, in request_with_retry
if 200 <= response.status_code <= 299:
File "(path-deleted)\smartsheet.py", line 244, in _request
native = res.native(expected)
UnexpectedRequestError: (, None)
What am I doing wrong? I don't know how the code makes it to line 80 of workspaces.py.
I updated to latest version of SDK this morning (after receiving the error)
Craig
Reputation won't let me comment.
Your code seemed to execute fine for me on the updated 1.3 SDK.
The traceback locations look to lineup with sources from roughly a year ago, but linecache is pulling from the new source to build the traceback (smartsheet.py, line 210 is actually in a comment, so it's definitely not right). I'm not sure what all the situations are that could account for this but I'd guess there are compiled bytecode (.pyc) files somewhere that are stale.
Can you share a DEBUG level log near the relevant failure so that I can see what the API request looks like?

Rest API Testing from commandline

I am preparing a SDK, and SDK as of now, does not have CI system separately.
I want to test some REST endpoints which should be available when the user uses SDK to create the software and try to run with our framework.
I have written all the manual steps in shell script and planning to put the script as crontab to run it every few hours.
Now, for rest end point testing, I was thinking of just using curl and checking if we getting data back. but this can turn into a lot of work,as we expand the functionality. I looked into frisby framework which kind of suits my needs.
Is there any recommendation for allowing me to test rest services when the framework software is started.
Probably swat is exactly what you need. Reasons :
This is DSL for web, rest services test automation
it uses curl command line API to create http requests
it is both DSL and command line tool to run test scenarios written on DSL
it is configurable both from bash style scripts and general configs
it is very easy to start with
probably in your case curl based test cases could be easily converted into swat DSL format
(*) disclosure - I am the author of swat.
I have created a very small bash script to test JSON APIs which might be useful. It uses jq and curl as dependencies. curl for making request and jq for JSON processing.It is only designed to test JSON APIs.
Link: api-test
Every API call you want to run is stored in a JSON file with format below:
{
"name": "My API test",
"testCases": {
"test_case_1": {
"path": "/path_1",
"method": "POST",
"description": "Best POST api",
"body": {
"value": 1
},
"header": {
"X-per": "1"
}
},
}
"url": "http://myapi.com"
}
To run a test case:
api-test -f test.json run test_case_1
api-test -f test.json run all # run all API call at once.
It will produce output in an organized way
Running Case: test_case_1
Response:
200 OK
{
"name": "Ram",
"full_name": "Ram Shah"
}
META:
{
"ResponseTime": "0.078919s",
"Size": "235 Bytes"
}
It also supports automated testing of API with jq JSON comparison and normal equality/subset comparisons.