Added API Token authentication support #23
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Woot!! Hope one of my ex-coworkers at Tenable will merge these soon
…Sent from my iPhone
On Mar 13, 2018, at 5:11 PM, Connor Griffin ***@***.***> wrote:
Made changes to Session.ps1 and Posh-Nessus.psm1 to support the use of API Secretkey/Accesskey authentication in addition to username/password authentication.
Example (using invalid/discarded API key):
> New-NessusSession -ComputerName 'scanner1.local' -Port 8834 -AccessKey '0472a87ffa7e3acc01e5c864bbf008a6bdc84de2af
27dd343a513187ce423093' -SecretKey 'aa7762a5b13ef6cb90ef852755f884ab8cd959944e9dbebdc51bfc8483927d4d'
SessionId : 1
URI : https://scanner1.local:8834
Token : {SecretKey, AccessKey}
Listing my Credential session and my API session. Both can be used by specifying the respective SessionID. No changes have been made to the way existing functions are used. Technically the API session is not a 'session', but it was the simplest way to add API support without completely rewriting the existing authentication framework:
> Get-NessusSession
SessionId : 0
URI : https://adsprscan02.az.int:8834
Token : 42bde0e16fa5638413d12840813aef72f7abede094e1a6c0
SessionId : 1
URI : https://adsprscan02.az.int:8834
Token : {SecretKey, AccessKey}
You can view, comment on, or merge this pull request online at:
#23
Commit Summary
Added support for API key authentication
Matched previous formatting
File Changes
M Posh-Nessus.psm1 (21)
M Session.ps1 (111)
Patch Links:
https://github.com/tenable/Posh-Nessus/pull/23.patch
https://github.com/tenable/Posh-Nessus/pull/23.diff
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Merge please :D |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Made changes to Session.ps1 and Posh-Nessus.psm1 to support the use of API Secretkey/Accesskey authentication in addition to username/password authentication.
Example (using invalid/discarded API key):
Listing my Credential session and my API session. Both can be used by specifying the respective SessionID. No changes have been made to the way existing functions are used. Technically the API session is not a 'session', but it was the simplest way to add API support without completely rewriting the existing authentication framework: