Nessus 6 has an exciting new API…. which means that systems that rely on the old XML API and things like Perl modules to encapsulate it are going to take a bit of work to port to the brave new world. My chum Niraj is looking at doing that here, but wanted an example of the new API in use that he could build on. Luckily I’ve done more Perl API hacking with JSON than a person should admit to, so it didn’t take long to knock one up for him. I thought I’d share it here for other people’s edification (and also to stop Gary, my boss, saying that I don’t blog enough).
Hopefully the comments will help explain what is going on, but the over view is that the code is in two parts really. The first part creates a session for a given username and password. This gets given a token by the Nessus API server to say, “Yes, you’ve logged in”. This token is then used in a Custom HTTP Header in the second part of the example to request a list of scans. These come back in JSON format so we turn them into a Perl data structure using the JSON.pm Perl module and then do whatever funky thing we intended to do with the data. I hope that’s clear! 🙂
#!/usr/bin/perl
use strict;
use LWP;
use LWP::UserAgent;
use JSON;
use Data::Dumper;
# This line is a hack to deal with the duff SSL certificates on the test server
BEGIN { $ENV{PERL_LWP_SSL_VERIFY_HOSTNAME} = 0 }
# Where we talk to
my $apibaseurl = 'https://nessus.example.com:8034/';
# Get the username and password to use
my $username = shift || 'mrtester';
my $password = shift || 'testytesting123';
# Create a user agent (web browser) to talk to the Nessus server
my $ua = LWP::UserAgent->new;
$ua->agent("LboroScanHack/0.1");
# Create the POST request that encodes the username and password
my $req = HTTP::Request->new(POST => $apibaseurl . 'session');
$req->content_type('application/x-www-form-urlencoded');
$req->content("username=$username&password=$password");
# Make the request of the Nessus server
my $res = $ua->request($req);
# See if it worked and if so, get the session token
my $NessusToken = '';
if ($res->is_success) {
my $result = from_json($res->content);
$NessusToken = $result->{'token'};
} else {
print $res->status_line, "\n";
print $res->content;
print "\n";
exit;
}
print "Got a token of $NessusToken\n";
# OK, at this point we have a valid session token. We can now use this
# to make more requests of the Nessus server. Lets get a list of scans as
# an example. For these we're going to need to create a custom HTTP Header
# in the request called X-Cookie that includes the token we've just got.
my $h = new HTTP::Headers;
$h->header('X-Cookie' => "token=$NessusToken;");
# Now create a new HTTP request object for the method/URL we want that
# includes this custom header
$req = HTTP::Request->new('GET' , $apibaseurl . 'scans', $h);
$req->content_type('application/json; charset=UTF-8');
# Make the request to the server including the token.
$res = $ua->request($req);
# Didn't work? Explain why and exit.
if (!$res->is_success) {
warn $res->status_line, "\n";
warn $res->content . "\n";
exit;
}
# Still going so the request worked - convert the JSON content into a Perl
# data structure.
my $scandata = from_json($res->content);
# Print it out
print Dumper($scandata);
# Do some funky stuff with the data
foreach my $thisfolder (@{$scandata->{'folders'}}) {
print "$thisfolder->{'name'} is a $thisfolder->{'type'} with ID $thisfolder->{'id'}\n";
}