Ejemplo n.º 1
0
#!/usr/bin/env python
from securitycenter import SecurityCenter

# Please fill out the information below
username = '******'
password = '******'
host = 'HOSTNAME OR IP ADDRESS'

sc = SecurityCenter(host, username, password)

assets = sc.assets()

print 'Repositories\n------------'
for repo in assets['repositories']:
    print repo['id'], repo['name']

print '\nAssets\n------'
for asset in assets['assets']:
    print asset['id'], asset['name']
Ejemplo n.º 2
0
from securitycenter import SecurityCenter
import time
import re

username = '******'
password = '******'
hostname = 'HOSTNAME'
days = 7

sc = SecurityCenter(hostname, username, password)

queries = [{
    'eventName': 'Unique_Windows_Executable',
    'regex': re.compile(r'invoked \'(.*?)\''),
    'regex_type': 'single',
}, {
    'eventName': 'Daily_Command_Summary',
    'regex': re.compile(r'day: (.*?) \('),
    'regex_type': 'multiple',
}]

procs = set()

for query in queries:
    data = sc.query('syslog',
                    source='lce',
                    eventName=query['eventName'],
                    endtime=int(time.time()),
                    starttime=(int(time.time()) - (86400 * days)))
    for item in data:
        values = query['regex'].findall(item['message'])
Ejemplo n.º 3
0
    {
        'asset_id': 28,
        'filters': {
            'sensor': 'HomeNet_Snort',
            'endtime': int(time.time()),
            'starttime': (int(time.time()) - 86400),
        },
    },
    {
        'asset_id': 29,
        'filters': {
            'type': 'nbs',
            'endtime': int(time.time()),
            'starttime': (int(time.time()) - 86400),
        },
    },
]

host = 'HOST'
username = '******'
password = '******'

sc = SecurityCenter(host, username, password)

for update in update_list:
    events = sc.query('sumip', source='lce', **update['filters'])
    ips = []
    for event in events:
        ips.append(event['address'])
    sc.asset_update(update['asset_id'], ips=ips)
Ejemplo n.º 4
0
#   6: Offline                          4853         89.72M     120.97M
#   7: Traceroutes                         0          1.06M       0.00M
from securitycenter import SecurityCenter
import os

# Define the needed information to login to the api
username = '******'
password = '******'
hostname = 'localhost'
convert = 1024 * 1024               # This will convert bytes to Megabytes
                                    #   in base 1024.
unit = 'M'                          # The unit notation (if any)
path = '/opt/sc4/repositories'      # Base path for repositories

# Here we will instantiate the Security Center module
sc = SecurityCenter(hostname, username, password)

# Before we do anything, lets print the header information.
print ' ' * 40 + 'IP Count\t Raw Size\t NSR Size'
print ' ' * 40 + '--------\t---------\t---------'

# First we will get the list of repositories that SC4 is aware of, then
# iterate through them.
for repo in sc.repositories()['repositories']:
    # First we get the filesize of the raw database in bytes.
    raw_size = os.path.getsize('%s/%s/hdb.raw' % (path, repo['id']))

    # Next is the filesize of the nsr file in bytes.  As it is possible for the
    # NSR file to not exist, if there is no file, we will just set it to 0 bytes
    try:
        nsr_size = os.path.getsize('%s/%s/hdb.nsr' % (path, repo['id']))
Ejemplo n.º 5
0
def main():
    configfile = os.path.join(os.path.dirname(os.path.abspath(__file__)), '..',
                              'config.conf')
    config = ConfigParser()
    populate = False
    report = False

    try:
        opts, args = getopt.getopt(sys.argv[1:], "pr", ["populate", "report"])
    except getopt.GetoptError:
        print 'reporter.py -p -r'
        sys.exit(2)
    for opt, arg in opts:
        if opt in ('-p', '--populate'):
            populate = True
        elif opt in ('-r', '--report'):
            report = True

    if not os.path.exists(configfile):
        s = models.Session()
        # Well there wasn't a config file located along side the downloader
        # script, so we should create a new one.
        config.add_section('SecurityCenter')
        config.set('SecurityCenter', 'host',
                   raw_input('SecurityCenter Address : '))
        config.set('SecurityCenter', 'user',
                   raw_input('SecurityCenter Username : '******'SecurityCenter', 'pass',
                   b64encode(getpass.getpass('SecurityCenter Password : '******'SecurityCenter', 'expire',
                   raw_input('Expiration Threshhold (in days) : '))
        config.set('SecurityCenter', 'path',
                   raw_input('Folder to place reports : '))
        marker = True
        assets = []
        while marker:
            aid = raw_input('Asset List ID to Restrict to : ')
            rname = raw_input('Report Name? : ')
            if aid is not '' and rname is not '':
                s.add(models.AssetList(id=int(aid), name=rname))
                assets.append(aid)
            else:
                marker = False
        config.set('SecurityCenter', 'asset_ids', ','.join(assets))
        s.commit()
        s.close()
        with open(configfile, 'wb') as fobj:
            config.write(fobj)
    else:
        config.read(configfile)

    if populate:
        sc = SecurityCenter(config.get('SecurityCenter', 'host'))
        sc.login(config.get('SecurityCenter', 'user'),
                 b64decode(config.get('SecurityCenter', 'pass')))
        for asset_id in config.get('SecurityCenter', 'asset_ids').split(','):
            population.gen(sc, int(asset_id),
                           config.getint('SecurityCenter', 'expire'))
    if report:
        for asset_id in config.get('SecurityCenter', 'asset_ids').split(','):
            reporter.generate_html_report(config.get('SecurityCenter', 'path'),
                                          int(asset_id))
Ejemplo n.º 6
0
# Verison: Build 042
# Date: 05/01/2012

import sccsv
from securitycenter import SecurityCenter
import json
import os
from ConfigParser import ConfigParser

conf = ConfigParser()
conf.read('csv_gen.conf')

sccsv.debug.DEBUG = conf.getboolean('Settings', 'debug')

sc = SecurityCenter(conf.get('Settings', 'address'),
                    conf.get('Settings', 'username'),
                    conf.get('Settings', 'password'),
                    port=conf.getint('Settings', 'port'))


def build_and_email(section):
    # The first thing that we need to do is get all of the email configuration
    # stuff loaded up.  This will involve some minor parsing and in some cases
    # we will need to check to see if there is a local variable set to override
    # the global one that is set in the Settings stanza.
    email_to = conf.get(section, 'email_to').split(',')
    email_from = conf.get('Settings', 'email_from')
    email_host = conf.get('Settings', 'smtp_host')
    if conf.has_option(section, 'email_msg'):
        email_msg = conf.get(section, 'email_msg')
    else:
        email_msg = conf.get('Settings', 'email_msg')
Ejemplo n.º 7
0
#Get IP To SCAN
if len(sys.argv) != 2:
    print("Error: specify an IP to connect to!")
    exit(0)

ip = sys.argv[1]

checkip = sys.argv[1]

#Ignore TLS Cert Error
if hasattr(ssl, '_create_unverified_context'):
    ssl._create_default_https_context = ssl._create_unverified_context

# Instantiate a Security Center instance and login with the credentials provided
sc = SecurityCenter(host, username, password)

#
vulns = sc.query('vulndetails',
                 exploitAvailable='true',
                 pluginType='active',
                 severity='3,4',
                 ip=checkip)

# Set IP Address:
ips = {}
if not vulns:
    print '\nYou Probably Cant Hack %s. Congrats!  : ) \n' % ip
else:
    for vuln in vulns:
        if vuln['ip'] not in ips:
Ejemplo n.º 8
0
    print("Error: specify an IP to connect to!")
    exit(0)

ip = sys.argv[1]

checkip = sys.argv[1]


#Ignore TLS Cert Error
if hasattr(ssl, '_create_unverified_context'):
	ssl._create_default_https_context = ssl._create_unverified_context



# Instantiate a Security Center instance and login with the credentials provided
sc = SecurityCenter(host, username, password)

#
vulns = sc.query('vulndetails', exploitAvailable='true', pluginType='active', severity='3,4', ip=checkip)

# Set IP Address:
ips ={}
if not vulns:
    print '\nYou Probably Cant Hack %s. Congrats!  : ) \n' % ip
else:
    for vuln in vulns:
        if vuln['ip'] not in ips:
            ips[vuln['ip']] = []
        ips[vuln['ip']].append(vuln)

# Now to print the output to the screen.  This could easily be rewritten to
Ejemplo n.º 9
0
update_list = [{
    'asset_id': 28,
    'filters': {
        'sensor': 'HomeNet_Snort',
        'endtime': int(time.time()),
        'starttime': (int(time.time()) - 86400),
        },
    },{
    'asset_id': 29,
    'filters': {
        'type': 'nbs',
        'endtime': int(time.time()),
        'starttime': (int(time.time()) - 86400),
        },
    },
]

host = 'HOST'
username = '******'
password = '******'

sc = SecurityCenter(host, username, password)

for update in update_list:
    events = sc.query('sumip', source='lce', **update['filters'])
    ips = []
    for event in events:
        ips.append(event['address'])
    sc.asset_update(update['asset_id'], ips=ips)
Ejemplo n.º 10
0
from securitycenter import SecurityCenter
import time
import re

username = '******'
password = '******'
hostname = 'HOSTNAME'
days = 7

sc = SecurityCenter(hostname, username, password)

queries = [{
    'eventName': 'Unique_Windows_Executable',
    'regex': re.compile(r'invoked \'(.*?)\''),
    'regex_type': 'single',
    },{
    'eventName': 'Daily_Command_Summary',
    'regex': re.compile(r'day: (.*?) \('),
    'regex_type': 'multiple',
    }
]

procs = set()

for query in queries:
    data = sc.query('syslog', source='lce',
                    eventName=query['eventName'],
                    endtime=int(time.time()),
                    starttime=(int(time.time()) - (86400 * days))
                   )
    for item in data:
Ejemplo n.º 11
0
#   6: Offline                          4853         89.72M     120.97M
#   7: Traceroutes                         0          1.06M       0.00M
from securitycenter import SecurityCenter
import os

# Define the needed information to login to the api
username = '******'
password = '******'
hostname = 'localhost'
convert = 1024 * 1024  # This will convert bytes to Megabytes
#   in base 1024.
unit = 'M'  # The unit notation (if any)
path = '/opt/sc4/repositories'  # Base path for repositories

# Here we will instantiate the Security Center module
sc = SecurityCenter(hostname, username, password)

# Before we do anything, lets print the header information.
print ' ' * 40 + 'IP Count\t Raw Size\t NSR Size'
print ' ' * 40 + '--------\t---------\t---------'

# First we will get the list of repositories that SC4 is aware of, then
# iterate through them.
for repo in sc.repositories()['repositories']:
    # First we get the filesize of the raw database in bytes.
    raw_size = os.path.getsize('%s/%s/hdb.raw' % (path, repo['id']))

    # Next is the filesize of the nsr file in bytes.  As it is possible for the
    # NSR file to not exist, if there is no file, we will just set it to 0 bytes
    try:
        nsr_size = os.path.getsize('%s/%s/hdb.nsr' % (path, repo['id']))
Ejemplo n.º 12
0
#!/usr/bin/env python
# SecurityCenter DNS File Uploader
# Version 1.0
# Date: 02/11/2015
from securitycenter import SecurityCenter
import getpass


def update(sc, filename, asset_id):
    '''
    Updates a DNS Asset List with the contents of the filename.  The assumed
    format of the file is 1 entry per line.  This function will convert the
    file contents into an array of entries and then upload that array into
    SecurityCenter.
    '''
    addresses = []
    with open(filename) as hostfile:
        for line in hostfile.readlines():
            addresses.append(line.strip('\n'))
    sc.asset_update(asset_id, dns=addresses)

if __name__ == '__main__':
    host = raw_input('SecurityCenter Address : ')
    username = raw_input('Username : '******'Password : '******'DNS Asset List File : ')
    asset_id = raw_input('Asset List ID : ')
    sc = SecurityCenter(host, username, password)
    update(sc, filename, asset_id)