issue with nessus 6 on centos

[obayesshelton]

Hey,

I am having a little issue. I have setup nesuus on centos and made it available by going to locally https://nessus.dev which does a nginx proxy pass to the IP and Port nessus is running on. I can login fine but when it goes to scan it get's the following error:

`Fatal error: Uncaught exception 'Nessus\Exception\FailedNessusRequest' with message 'Client error response [status code] 400 [reason phrase] Bad Request [url] https://nessus.dev/scans/' in /www/sec-tools/src/Nessus/Nessus/Call.php:151 Stack trace:

0 /www/sec-tools/src/Nessus/Client.php(310): Nessus\Nessus\Call->call('post', Object(Nessus\Client))

1 /www/sec-tools/examples/scans.php(91): Nessus\Client->via('post')

2 {main}

thrown in /www/sec-tools/src/Nessus/Nessus/Call.php on line 151`

I am convinced it is because when I go to nessus is has append to the url /nessus6.html# then /scans

Do I need to configure nessus or something in the api ?

Any help would be amazing

[leonjza]

From the stack trace it looks like you are doing a POST (Nessus\Client->via('post')) to /scans ([url] https://nessus.dev/scans/). If what you want to do is list scans, you need to use the GET HTTP Method. Eg:

$nessus_object->scans()->via('get')

You can see the Nessus API documentation for details about which verbs to use:

Let me know if this helps.

[leonjza]

@obayesshelton did you manage to nail the problem?

[obayesshelton]

not really, I was using your example and I just ran scan.php and got the issue. I didn't change any of the code other than the host name. But I thought it would just be easier to close it.

[leonjza]

Care to share the code you are using? Does this after instantiation fail?

[leonjza]

Also, could you try talking to Nessus directly without the Nginx reverse proxy, just to eliminate that as a potential problem?

[obayesshelton]

So all I did was git clone changes the host within scans.php and than on cli I ran php scans.php and I got the above error. it seems to be failing when it get's the status of the scan just before it tries to delete it.

[leonjza]

The example is not really meant to just run on any installation. I think it assumes too much. Its more to demonstrate sample usage/syntax for your integration :) Ill suggest you start blank and progress with instantiation, then move on to listing scans, exporting them etc.

[obayesshelton]

ahhhh, I was just running it expecting it would do it all. sorry my bad :+1:

[leonjza]

:+1: