コード例 #1
0
ファイル: PopulateAssetGroup.py プロジェクト: afurze/Rapid7
def initialize_api(password):
    config = rapid7vmconsole.Configuration(name='Rapid7')
    config.username = '******'
    config.password = password
    config.host = ''
    config.verify_ssl = False
    config.assert_hostname = False
    config.proxy = None
    config.ssl_ca_cert = None
    config.connection_pool_maxsize = None
    config.cert_file = None
    config.key_file = None
    config.safe_chars_for_path_param = ''

    # Logging
    logger = logging.getLogger()
    logger.setLevel(logging.DEBUG)
    ch = logging.StreamHandler(sys.stdout)
    ch.setLevel(logging.INFO)
    logger.addHandler(ch)
    config.debug = False

    auth = "%s:%s" % (config.username, config.password)
    auth = base64.b64encode(auth.encode('ascii')).decode()
    client = rapid7vmconsole.ApiClient(configuration=config)
    client.default_headers['Authorization'] = "Basic %s" % auth

    return client
コード例 #2
0
def generate_report():
    config = rapid7vmconsole.Configuration(name='Rapid7')
    config.username = '******'
    config.password = '******'
    config.host = 'https://localhost:3780'
    config.verify_ssl = False
    config.assert_hostname = False
    config.proxy = None
    config.ssl_ca_cert = None
    config.connection_pool_maxsize = None
    config.cert_file = None
    config.key_file = None
    config.safe_chars_for_path_param = ''

    auth = "%s:%s" % (config.username, config.password)
    auth = base64.b64encode(auth.encode('ascii')).decode()
    client = rapid7vmconsole.ApiClient(configuration=config)
    client.default_headers['Authorization'] = "Basic %s" % auth
    report_client = rapid7vmconsole.ReportApi(client)

    report_id = create_report_sql(report_client, 'Assets',
                                  'select * from dim_asset')
    print(report_id)

    report_instance_id = run_report(report_client, report_id)
    print(report_instance_id)

    report = download_report(report_client, report_id, report_instance_id)
    print(report)

    delete_report(report_client, report_id)
コード例 #3
0
    def __init__(self):
        self.nexpose_config = rapid7vmconsole.Configuration(name='Scanner')
        self.nexpose_config.username = config['USERNAME']
        self.nexpose_config.password = config['PASSWORD']
        self.nexpose_config.host = config['HOST']
        self.nexpose_config.assert_hostname = False
        self.nexpose_config.verify_ssl = False
        self.nexpose_config.ssl_ca_cert = None
        self.nexpose_config.connection_pool_maxsize = None
        self.nexpose_config.proxy = None
        self.nexpose_config.cert_file = None
        self.nexpose_config.key_file = None
        self.nexpose_config.safe_chars_for_path_param = ''

        auth_token = f'{config["USERNAME"]}:{config["PASSWORD"]}'
        auth_token = base64.b64encode(auth_token.encode('ascii')).decode()

        api_client = rapid7vmconsole.ApiClient(
            configuration=self.nexpose_config)
        api_client.default_headers['Authorization'] = f'Basic {auth_token}'

        self.nexpose_admin = rapid7vmconsole.AdministrationApi(api_client)
        self.nexpose = rapid7vmconsole.ScanApi(api_client)
        self.nexpose_site = rapid7vmconsole.SiteApi(api_client)
        self.nexpose_assets = rapid7vmconsole.AssetApi(api_client)
        self.nexpose_report = rapid7vmconsole.ReportApi(api_client)
        self.storage_service = StorageService()
コード例 #4
0
ファイル: get_reports.py プロジェクト: vvlsystems/bmc
from __future__ import print_function
import sys
sys.path.append(r'/opt/bmc/rapid7/vm-console-client-python')
import rapid7vmconsole
import base64
import logging
import sys
import time
import json
import re
from rapid7vmconsole.rest import ApiException
from pprint import pprint


config = rapid7vmconsole.Configuration(name='Rapid7')
config.username = '******'******'
config.host = 'https://<RAPID7-FQDN>:<PORT>'
config.verify_ssl = False
config.assert_hostname = False
config.proxy = None
config.ssl_ca_cert = None
config.connection_pool_maxsize = None
config.cert_file = None
config.key_file = None
config.safe_chars_for_path_param = ''

# Logging
logger = logging.getLogger()
logger.setLevel(logging.DEBUG)
コード例 #5
0
ファイル: test-nexpose.py プロジェクト: vs4vijay/MultiScanner
#!/usr/bin/env python3

import base64

import rapid7vmconsole
from bs4 import BeautifulSoup
from terminaltables import AsciiTable, SingleTable, DoubleTable


config = {
    'HOST': 'https://life.do:3780',
    'USERNAME': '',
    'PASSWORD': ''
}

nexpose_config = rapid7vmconsole.Configuration(name='Scanner')
nexpose_config.username = config['USERNAME']
nexpose_config.password = config['PASSWORD']
nexpose_config.host = config['HOST']
nexpose_config.assert_hostname = False
nexpose_config.verify_ssl = False
nexpose_config.ssl_ca_cert = None
nexpose_config.connection_pool_maxsize = None
nexpose_config.proxy = None
nexpose_config.cert_file = None
nexpose_config.key_file = None
nexpose_config.safe_chars_for_path_param = ''

auth = f'{config["USERNAME"]}:{config["PASSWORD"]}'
auth = base64.b64encode(auth.encode('ascii')).decode()
api_client = rapid7vmconsole.ApiClient(configuration=nexpose_config)
コード例 #6
0
ファイル: nexpose.py プロジェクト: dabinscheon/SOAR
def generate_report():
    config = rapid7vmconsole.Configuration(name='Rapid7')
    #There is no OAuth. We know this is dumb. For demo purposes
    config.username = '******'
    config.password = '******'
    config.host = '<insert field>'
    config.verify_ssl = False
    config.assert_hostname = False
    config.proxy = None
    config.ssl_ca_cert = None
    config.connection_pool_maxsize = None
    config.cert_file = None
    config.key_file = None
    config.safe_chars_for_path_param = ''

    auth = "%s:%s" % (config.username, config.password)
    auth = base64.b64encode(auth.encode('ascii')).decode()
    client = rapid7vmconsole.ApiClient(configuration=config)
    client.default_headers['Authorization'] = "Basic %s" % auth
    report_client = rapid7vmconsole.ReportApi(client)

    report_id = create_report_sql(
        report_client, 'vulnReport', '''
    select da.asset_id, da.mac_address, da.ip_address, das.port, dv.vulnerability_id, 
        dv.title, dv.description, dv.severity, dv.cvss_score, dv.exploits, dv.nexpose_id
    from fact_asset_vulnerability_finding as fpr 
    join dim_vulnerability as dv on fpr.vulnerability_id = dv.vulnerability_id 
    join dim_asset as da on fpr.asset_id = da.asset_id 
    join dim_asset_service as das on fpr.asset_id = das.asset_id''')

    #print(report_id)

    report_instance_id = run_report(report_client, report_id)
    #print(report_instance_id)

    report = download_report(report_client, report_id, report_instance_id)
    with open('nexpose_vul_report1.txt', 'w') as f:
        f.write(report)

    reader = csv.DictReader(StringIO(report))
    reader.next()
    critical_vulns = []

    for row in reader:
        try:
            if float(row['cvss_score']) > 9.5 and int(row['exploits']) >= 1:
                critical_vulns.append(row)
        except Exception as e:
            print(e)
    """with open('test', 'w') as a:
        vulnCount = 0
        for row in reader:
            try:
                if float(row['cvss_score']) > 9.5 and int(row['exploits']) >= 1:
                    a.write(json.dumps(row, indent=4))
                    vulnCount += 1
            except Exception as e:
                print(e)
        print(vulnCount) """

    delete_report(report_client, report_id)
    return critical_vulns