As a follow-up to Automating Scans on Nessus 4.2, I’ve posted a sample Nessus login Ruby script that connects to the scanner using an HTTP POST request containing the username and password you supply as constants in the script and display a login token. You can then use this token in other scripts to do other, more useful things such as executing a scan, downloading a report etc.
Of course, this is kind of rough but it works. It doesn’t rely on any external library/gem and uses the standard Net::HTTP and URI libs. The code is commented so even if you are not familiar with Ruby, you can understand what’s going on. I’ve tested it on RHEL 5 with ruby 1.8.5 (default version provided with RHEL 5).
If you want to build an (almost) fully-automated environment around Nessus 4.2, this is the first building block. In my case, I integrated similar code in modules/methods for my own automation needs.
Sample run:
$ ruby nessus-connect.rb
e4b692b1d0ffdf69f619561fe7dd22639b7d7fbdc3865b66
If you have comments, please let me know.
