tenable_light.py is a lightweight, dependency free, wrapper for interacting with Tenable APIs.
tenable_light follows these principles:
- No external dependencies. Follow Python's "batteries included" motto. All requests leverage Python's native urllib.
- Work with system installs of Python 3. No need to create Python virtual environments.
- All functions are provided in a single file for easy portability.
- Provide authentication functions for Tenable APIs.
- API key authentication.
- Username / password authentication including a
logout()
function.
- Provide a single raw API request function.
See Tenable's pyTenable for a full featured API library.
- Python3
Place tenable_light.py in the same directory as your program.
$ git clone https://github.com/andrewspearson/tenable_light.git
$ curl https://raw.githubusercontent.com/andrewspearson/tenable_light/main/tenable_light.py -O
NOTE: macOS users running Python 3.6+ will need to install certificates.
TLDR, run this command:
$ /Applications/Python {version}/Install Certificates.command
This seems to only be an issue on macOS.
import tenable_light
Authentication information may be passed directly or through an INI file. See tenable.ini
for INI file usage.
Tenable Downloads client reading Bearer token directly
downloads = tenable_light.Downloads('BEARER_TOKEN')
Tenable Downloads client reading Bearer token through an INI file
downloads = tenable_light.Downloads()
Tenable.IO client reading API keys directly
tio = tenable_light.TenableIO('ACCESS_KEY', 'SECRET_KEY')
Tenable.IO client reading username / password directly
tio = tenable_light.TenableIO(username='USERNAME', password='PASSWORD')
Tenable.IO client reading API keys through an INI file
tio = tenable_light.TenableIO()
Tenable.SC client reading API keys directly
tsc = tenable_light.TenableSC('ACCESS_KEY', 'SECRET_KEY')
Tenable.SC client reading username / password directly
tsc = tenable_light.TenableSC(username='USERNAME', password='PASSWORD')
Tenable.SC client reading API keys through an INI file
tsc = tenable_light.TenableSC()
If connection data is entered directly and through an INI, then connection data will be honored in the following order:
- API keys passed directly
- Username and password passed directly
- API keys passed via INI file
In order to avoid unexpected behavior, you cannot mix data from multiple sources. For example, if API keys are passed directly then options in the INI file will be ignored.
HTTPS proxy proxy=
and SSL verification verify=
options are also available to every client.
After a client is established, you can use the API request function.
Full example
import tenable_light
import json
# Create client
tio = tenable_light.TenableIO('ACCESS_KEY', 'SECRET_KEY')
# GET example
response = tio.request('GET', '/scans')
for scan in json.load(response)['scans']:
print(scan['name'] + ': ' + scan['status'])
# POST example
scan_id = str(100)
response = tio.request(
method='POST',
endpoint='/scans/' + scan_id + '/export',
data={
"format": "csv"
}
)