如何通过nessus API提交目标？

Question

我想通过API在文档中创建Nessus（6.4）中的新扫描。我有一个政策，建立和创建扫描代码

import requests 

headers = { 
    "X-ApiKeys": "accessKey = 8cc43676fe7e9046353fcd36c41c61f4f78f7a8df646653fbde4641e352d36d9; secretKey = ab7eeafbe3f9f544b10496ff63297f8f55692cc5f4dca3f3d74e0917b6ec2ed0;" 
} 

data = { 
    "uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40", 
    "settings": { 
     "name": "myscan1", 
     "policy_id": "4", 
     "enabled": "false", 
     "text_targets": "192.168.1.1" 
    } 
} 
r = requests.post('https://localhost:8834/scans', data=data, verify=False, headers=headers) 
print(r.status_code, r.text) 

此输出

(400, u'{"error":"Invalid \'targets\' field"}') 

的文件明确给出了POST体的例子：

下面是一个请求样本：

{ 
    "uuid": {template_uuid}, 
    "settings": { 
     "name": {string}, 
     "description": {string}, 
     "emails": {string}, 
     "enabled": "true", 
     "launch": {string}, 
     "folder_id": {integer}, 
     "policy_id": {integer}, 
     "scanner_id": {integer}, 
     "text_targets": {string}, 
     "use_dashboard": {boolean} 
    } 
} 

我在界面中检查了实际的扫描创建，分析了HTTPS流量。 POST正文开始于

{ 
    "uuid":"ad629e16-03b6-8c1d-cef6-ef8c9dd3c658d24bd260ef5f9e66", 
    "settings":{ 
     "name":"test1", 
     "description":"", 
     "folder_id":"3", 
     "scanner_id":"1", 
     "text_targets":"192.168.1.1", 
     "file_targets":"", 
(...) 

因此它看起来像提供了正确的目标。

任何想法还有什么要检查targets字段？

Answer 1

我忘了json.dumps()有效负载POST（并可能在标头中添加content-type）。

以下作品（这次认证通过令牌从/session完成的，但同样的工作与授权密钥的问题）的例子

headers = { 
    "X-Cookie": "token={token};".format(token=token), 
    "content-type": "application/json" 
} 

data = { 
    "uuid": "ab4bacd2-05f6-425c-9d79-3ba3940ad1c24e51e1f403febe40", 
    "settings": { 
     "name": "myscan1", 
     "policy_id": "4", 
     "enabled": "false", 
     "text_targets": "192.168.1.1", 
    } 
} 

r = requests.post('https://localhost:8834/scans', data=json.dumps(data), verify=False, headers=headers)