如何通過nessus API提交目標？

Question

我想通過API在文檔中創建Nessus（6.4）中的新掃描。我有一個政策，建立和創建掃描代碼

import requests 

headers = { 
    "X-ApiKeys": "accessKey = 8cc43676fe7e9046353fcd36c41c61f4f78f7a8df646653fbde4641e352d36d9; secretKey = ab7eeafbe3f9f544b10496ff63297f8f55692cc5f4dca3f3d74e0917b6ec2ed0;" 
} 

data = { 
    "uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40", 
    "settings": { 
     "name": "myscan1", 
     "policy_id": "4", 
     "enabled": "false", 
     "text_targets": "192.168.1.1" 
    } 
} 
r = requests.post('https://localhost:8834/scans', data=data, verify=False, headers=headers) 
print(r.status_code, r.text) 

此輸出

(400, u'{"error":"Invalid \'targets\' field"}') 

的文件明確給出了POST體的例子：

下面是一個請求樣本：

{ 
    "uuid": {template_uuid}, 
    "settings": { 
     "name": {string}, 
     "description": {string}, 
     "emails": {string}, 
     "enabled": "true", 
     "launch": {string}, 
     "folder_id": {integer}, 
     "policy_id": {integer}, 
     "scanner_id": {integer}, 
     "text_targets": {string}, 
     "use_dashboard": {boolean} 
    } 
} 

我在界面中檢查了實際的掃描創建，分析了HTTPS流量。 POST正文開始於

{ 
    "uuid":"ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66", 
    "settings":{ 
     "name":"test1", 
     "description":"", 
     "folder_id":"3", 
     "scanner_id":"1", 
     "text_targets":"192.168.1.1", 
     "file_targets":"", 
(...) 

因此它看起來像提供了正確的目標。

任何想法還有什麼要檢查targets字段？

Answer 1

我忘了json.dumps()有效負載POST（並可能在標頭中添加content-type）。

以下作品（這次認證通過令牌從/session完成的，但同樣的工作與授權密鑰的問題）的例子

headers = { 
    "X-Cookie": "token={token};".format(token=token), 
    "content-type": "application/json" 
} 

data = { 
    "uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40", 
    "settings": { 
     "name": "myscan1", 
     "policy_id": "4", 
     "enabled": "false", 
     "text_targets": "192.168.1.1", 
    } 
} 

r = requests.post('https://localhost:8834/scans', data=json.dumps(data), verify=False, headers=headers)