From dbe90e24ad821f05adf3c98efc9d9577e706c42a Mon Sep 17 00:00:00 2001 From: Aaron Meihm Date: Tue, 15 Nov 2016 14:52:27 -0600 Subject: [PATCH] add some docs --- README.rst | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 README.rst diff --git a/README.rst b/README.rst new file mode 100644 index 0000000..af2e616 --- /dev/null +++ b/README.rst @@ -0,0 +1,56 @@ +scanapi +======= + +scanapi is a small REST API that exposes functionality of a Nessus server to +users or applications. This interface can be used to primarily execute scans +using the Nessus server, and fetch results. The primary intent is provided a +more limited / restricted interface than is possible communicating directly +with the Nessus API, and simplify creating scans and fetching results. + +.. code + + < users > --------> < scanapi > --------> < nessus > + +Installation +------------ + +Fetch code +~~~~~~~~~~ + +.. code :: bash + + $ git clone https://github.com/mozilla/scanapi.git + $ cd scanapi + $ virtualenv myenv + $ source myenv/bin/active + $ pip install -r requirements.txt + +Configure scanapi +~~~~~~~~~~~~~~~~~ + +Copy scanapi.yml.example and edit it as required. + +.. code :: bash + + $ cd scanapi + $ cp scanapi.yml.example scanapi.yml + +You will need to create a user in your Nessus server that scanapi will authenticate +to Nessus as, and you need to create API keys for that user. These should be added to +the scanapi configuration file. + +The ``appkeys`` section can be used to specify application keys, one of which +must be sent in the SCANAPIKEY header to authenticate when making requests to the +API. If no ``appkeys`` section is present, no authentication against scanapi will +occur. + +Run scanapi +~~~~~~~~~~~ + +scanapi can be run directly for testing. + +.. code :: bash + + $ ./scanapi.py + +For actual use, you would generally configure it with nginx and uwsgi.