pyTenable
pyTenable copied to clipboard
tenable
Nessus Pro scan diff endpoint support
Hey all, I am trying to get the Nessus Pro API to return diff results between two historical scans but am running into strange inconsistencies (in both functionality & documentation). It seems that to get a valid return from the GET /scans/{scan_id}?diff_id={diff_id}&history_id={history_id}, one has to first log onto the literal WebUI and perform a diff manually before the endpoint returns the diff results in the payload body. If you do not do this then the API returns with the body below (ERROR 404 not found)
{
"error": "The requested file was not found."
}
Using Nessus 10.1.2 (#68) LINUX and sending requests via Postman for testing. Headers include my generated api & secret key (as other requests that require auth work fine such as the regular /scans/{scan_id}?history_id={history_id} endpoint).
Note:
When observing the WebUI network traffic, I can see that requesting a diff first issues a POST /scans/{scan_id}/diff?history_id={history_id} w/ a body:
{
"diff_id": {diff_id}
}
& THEN issues the GET /scans/{scan_id}?diff_id={diff_id}&history_id={history_id} request. When trying this manually (via Postman), I get a HTTP 412 Precondition Failed error w/ body:
{
"error": "API is not available"
}
Does anyone have any insight to whether this is an actual bug or limitation of Nessus pro, etc...?
This is likely a limitation tothe publicly documented APIs in Nessus. I would suggest that you contact Tenable support and request that this process be properly documented/supported.
@jmehrs Have you provided the X-API-TOKEN and X-Cookie in the Header of your request?
