def initialize_api(password): config = rapid7vmconsole.Configuration(name='Rapid7') config.username = '******' config.password = password config.host = '' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' # Logging logger = logging.getLogger() logger.setLevel(logging.DEBUG) ch = logging.StreamHandler(sys.stdout) ch.setLevel(logging.INFO) logger.addHandler(ch) config.debug = False auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth return client
def generate_report(): config = rapid7vmconsole.Configuration(name='Rapid7') config.username = '******' config.password = '******' config.host = 'https://localhost:3780' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth report_client = rapid7vmconsole.ReportApi(client) report_id = create_report_sql(report_client, 'Assets', 'select * from dim_asset') print(report_id) report_instance_id = run_report(report_client, report_id) print(report_instance_id) report = download_report(report_client, report_id, report_instance_id) print(report) delete_report(report_client, report_id)
def __init__(self): self.nexpose_config = rapid7vmconsole.Configuration(name='Scanner') self.nexpose_config.username = config['USERNAME'] self.nexpose_config.password = config['PASSWORD'] self.nexpose_config.host = config['HOST'] self.nexpose_config.assert_hostname = False self.nexpose_config.verify_ssl = False self.nexpose_config.ssl_ca_cert = None self.nexpose_config.connection_pool_maxsize = None self.nexpose_config.proxy = None self.nexpose_config.cert_file = None self.nexpose_config.key_file = None self.nexpose_config.safe_chars_for_path_param = '' auth_token = f'{config["USERNAME"]}:{config["PASSWORD"]}' auth_token = base64.b64encode(auth_token.encode('ascii')).decode() api_client = rapid7vmconsole.ApiClient( configuration=self.nexpose_config) api_client.default_headers['Authorization'] = f'Basic {auth_token}' self.nexpose_admin = rapid7vmconsole.AdministrationApi(api_client) self.nexpose = rapid7vmconsole.ScanApi(api_client) self.nexpose_site = rapid7vmconsole.SiteApi(api_client) self.nexpose_assets = rapid7vmconsole.AssetApi(api_client) self.nexpose_report = rapid7vmconsole.ReportApi(api_client) self.storage_service = StorageService()
from __future__ import print_function import sys sys.path.append(r'/opt/bmc/rapid7/vm-console-client-python') import rapid7vmconsole import base64 import logging import sys import time import json import re from rapid7vmconsole.rest import ApiException from pprint import pprint config = rapid7vmconsole.Configuration(name='Rapid7') config.username = '******'******' config.host = 'https://<RAPID7-FQDN>:<PORT>' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' # Logging logger = logging.getLogger() logger.setLevel(logging.DEBUG)
#!/usr/bin/env python3 import base64 import rapid7vmconsole from bs4 import BeautifulSoup from terminaltables import AsciiTable, SingleTable, DoubleTable config = { 'HOST': 'https://life.do:3780', 'USERNAME': '', 'PASSWORD': '' } nexpose_config = rapid7vmconsole.Configuration(name='Scanner') nexpose_config.username = config['USERNAME'] nexpose_config.password = config['PASSWORD'] nexpose_config.host = config['HOST'] nexpose_config.assert_hostname = False nexpose_config.verify_ssl = False nexpose_config.ssl_ca_cert = None nexpose_config.connection_pool_maxsize = None nexpose_config.proxy = None nexpose_config.cert_file = None nexpose_config.key_file = None nexpose_config.safe_chars_for_path_param = '' auth = f'{config["USERNAME"]}:{config["PASSWORD"]}' auth = base64.b64encode(auth.encode('ascii')).decode() api_client = rapid7vmconsole.ApiClient(configuration=nexpose_config)
def generate_report(): config = rapid7vmconsole.Configuration(name='Rapid7') #There is no OAuth. We know this is dumb. For demo purposes config.username = '******' config.password = '******' config.host = '<insert field>' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth report_client = rapid7vmconsole.ReportApi(client) report_id = create_report_sql( report_client, 'vulnReport', ''' select da.asset_id, da.mac_address, da.ip_address, das.port, dv.vulnerability_id, dv.title, dv.description, dv.severity, dv.cvss_score, dv.exploits, dv.nexpose_id from fact_asset_vulnerability_finding as fpr join dim_vulnerability as dv on fpr.vulnerability_id = dv.vulnerability_id join dim_asset as da on fpr.asset_id = da.asset_id join dim_asset_service as das on fpr.asset_id = das.asset_id''') #print(report_id) report_instance_id = run_report(report_client, report_id) #print(report_instance_id) report = download_report(report_client, report_id, report_instance_id) with open('nexpose_vul_report1.txt', 'w') as f: f.write(report) reader = csv.DictReader(StringIO(report)) reader.next() critical_vulns = [] for row in reader: try: if float(row['cvss_score']) > 9.5 and int(row['exploits']) >= 1: critical_vulns.append(row) except Exception as e: print(e) """with open('test', 'w') as a: vulnCount = 0 for row in reader: try: if float(row['cvss_score']) > 9.5 and int(row['exploits']) >= 1: a.write(json.dumps(row, indent=4)) vulnCount += 1 except Exception as e: print(e) print(vulnCount) """ delete_report(report_client, report_id) return critical_vulns