3 Replies Latest reply: Jun 19, 2017 9:52 AM by neyland RSS

Properly formed XML output

neyland Novice

I've tried the built in file download method from the Python nessusrest as well as manually issuing a GET command to download an export.

 

dwn_url = "scans/"+str(myscanid)+"/export/"+str(file_id)+"/download"

content = scan.action(dwn_url, method="GET", download=True)

 

and

 

content = str(scan.download_scan(export_format="nessus"))

 

In both situations the "content" is not well formed XML that can be consumed by other sources.  It is quoted as a full string with /n in place of carriage returns and line feeds.

 

I've attempted to replace /n with /r/n to see if that fixes the problem.

 

content.replace('\n','\r\n')


However, this doesn't seem to work.  The output file remains the same.

 

I'm trying to get the same formated .Nessus file that comes from the GUI.

 

Thanks for any assistance.

  • Re: Properly formed XML output
    neyland Novice

    So it appears that Python 3.5 wasn't properly converting the write() output to the OS, or was having an issue with Tenable's result string.  The Tenable output sting in Python contained escaped /n.  The write would remove the escape characters but leave the /n.

     

    So far I've solved this by creating a list split on /n and then iterating through adding /r/n to each file line.  I had to manually fix the first and last elements of the list to deal with improper XML characters.

     

    alist = content.split("\\n")

    alist[0] = "<?xml version=\"1.0\" ?>"

    alist.pop()

     

    outfile = open(output_path, "w")

     

    for outline in alist:

         write(str(outline) + "\r\n")

    outfile.close()

     

    This has resulted in an XML file that was able to be consumed by MS SQL Server OPENXML

     

    If there's a better method, I'm all ears. While my method seems to work.. it feels very oafish.

    • Re: Re: Properly formed XML output
      cstreck Guru

      Here is what I was able to do, and XML appeared to be formatted well in Chrome.

       

      url = 'https://127.0.0.1:8834'
      accessKey = 'xxxxxxxx'
      secretKey = 'xxxxxxxx'
      headers = { 'X-ApiKeys': 'accessKey={}; secretKey={};'.format(accessKey, secretKey) }
      
      scanid = 16
      
      req_export = requests.post('{}/scans/{}/export'.format(url, scanid),
                                data={ 'format': 'nessus' },
                                headers=headers,
                                verify=False)
      fileid = req_export.json()['file']
      
      while (requests.get('{}/scans/{}/export/{}/status'.format(url, scanid, fileid),
                          headers=headers,
                          verify=False).json()['status'] != 'ready'):
        time.sleep(1)
      
      req_download = requests.get('{}/scans/{}/export/{}/download'.format(url, scanid, fileid),
                                  headers=headers,
                                  verify=False)
      content = req_download.text
      
      with open('/tmp/outfile.xml', 'w') as outfile:
        outfile.write(content.strip() + '\n')
      

       

      -chad