SoftLayer漏洞扫描Python [英] SoftLayer Vulnerability Scan Python
问题描述
我正在尝试使用SoftLayer的Python库运行自动漏洞扫描.不幸的是,我得到以下异常:
I'm trying to use SoftLayer's Python library to run automated vulnerability scans. Unfortunately I get the following exception:
SoftLayerAPIError:SoftLayerAPIError(SoftLayer_Exception):无法创建类型为SoftLayer_Network_Security_Scanner_Request_Nessus的新对象.确保身份验证方法正确.
SoftLayerAPIError: SoftLayerAPIError(SoftLayer_Exception): Unable to create a new object of type SoftLayer_Network_Security_Scanner_Request_Nessus. Make sure the authentication method is correct.
我使用的代码如下所示.
The code I use can be seen below.
import SoftLayer
USERNAME="" # I put valid value in here
APIKEY="" # I put valid value in here
TARGET="" # I put valid value in here
client = SoftLayer.create_client_from_env(
username=USERNAME,
api_key=APIKEY
)
""" ALTERNATE I TRIED ALSO FROM DOCUMENTATION:
client = SoftLayer.Client(
username=USERNAME,
api_key=APIKEY
)
"""
account = client['Account'].getObject()
scanner = client.call(
"SoftLayer_Network_Security_Scanner_Request",
"createObject", {
"accountId": account.get('id'),
"ipAddress": TARGET
})
Python库发送的HTTP请求如下:
The HTTP request being sent by the Python library look like:
POST /xmlrpc/v3.1/SoftLayer_Network_Security_Scanner_Request HTTP/1.1
Host: api.softlayer.com
Connection: keep-alive
Accept: */*
Content-Type: application/xml
Content-Length: 798
<?xml version='1.0'?>
<methodCall>
<methodName>createObject</methodName>
<params>
<param>
<value><struct>
<member>
<name>headers</name>
<value><struct>
<member>
<name>authenticate</name>
<value><struct>
<member>
<name>username</name>
<value><string>***USERNAME_HERE***</string></value>
</member>
<member>
<name>apiKey</name>
<value><string>***API_KEY_HERE***</string></value>
</member>
</struct></value>
</member>
</struct></value>
</member>
</struct></value>
</param>
<param>
<value><struct>
<member>
<name>ipAddress</name>
<value><string>***TARGET_IP_HERE***</string></value>
</member>
<member>
<name>accountId</name>
<value><int>***ACCOUNT_ID_HERE***</int></value>
</member>
</struct></value>
</param>
</params>
</methodCall>
收到的HTTP响应是:
The HTTP response received is:
HTTP/1.1 200 OK
Date: Thu, 09 Feb 2017 12:47:17 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml
Content-Length: 495
<?xml version="1.0" encoding="iso-8859-1"?>
<methodResponse>
<fault>
<value>
<struct>
<member>
<name>faultCode</name>
<value>
<string>SoftLayer_Exception</string>
</value>
</member>
<member>
<name>faultString</name>
<value>
<string>Unable to create a new object of type SoftLayer_Network_Security_Scanner_Request_Nessus. Make sure the authentication method is correct.</string>
</value>
</member>
</struct>
</value>
</fault>
</methodResponse>
有人可以帮助我,看看代码,因为我不知道问题出在哪里. 您还可以提供此功能正常运行所需的最低权限列表吗?
Could someone please help me out and have a look at the code as I could not figure out where the issue could be. Could you please also provide the minimum list of permissions that is needed for this to work?
注意:我尝试启用了所有可能的调试权限,但没有运气
Note: I tried with all possible permissions enabled for debugging but no luck
推荐答案
这看起来像API的问题,它仅在指定需要指定hardwareId(用于裸机服务器)或guestId(虚拟访客服务器)
this looks like an issue with the API, it does not work only specifying the IP addres you need to specify the hardwareId (for bare metal servers) or guestId (for virtual guest servers)
因此,请尝试以下代码:
so try this code:
import SoftLayer
USERNAME="set me" # I put valid value in here
APIKEY="set me" # I put valid value in here
TARGET="set me" # I put valid value in here
client = SoftLayer.create_client_from_env(
username=USERNAME,
api_key=APIKEY
)
account = client['Account'].getObject()
server = client['Virtual_Guest'].findByIpAddress(TARGET)
if (server) :
request = {
"accountId": account["id"],
"guestId": server["id"]
}
else:
server = client['Hardware_Server'].findByIpAddress(TARGET)
if (server):
request = {
"accountId": account["id"],
"hardwareId": server["id"]
}
else:
print ("server does not exist.")
exit
scanner = client['Network_Security_Scanner_Request'].createObject(request)
这篇关于SoftLayer漏洞扫描Python的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
