def initialize_api(password): config = rapid7vmconsole.Configuration(name='Rapid7') config.username = '******' config.password = password config.host = '' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' # Logging logger = logging.getLogger() logger.setLevel(logging.DEBUG) ch = logging.StreamHandler(sys.stdout) ch.setLevel(logging.INFO) logger.addHandler(ch) config.debug = False auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth return client
def generate_report(): config = rapid7vmconsole.Configuration(name='Rapid7') config.username = '******' config.password = '******' config.host = 'https://localhost:3780' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth report_client = rapid7vmconsole.ReportApi(client) report_id = create_report_sql(report_client, 'Assets', 'select * from dim_asset') print(report_id) report_instance_id = run_report(report_client, report_id) print(report_instance_id) report = download_report(report_client, report_id, report_instance_id) print(report) delete_report(report_client, report_id)
def __init__(self): self.nexpose_config = rapid7vmconsole.Configuration(name='Scanner') self.nexpose_config.username = config['USERNAME'] self.nexpose_config.password = config['PASSWORD'] self.nexpose_config.host = config['HOST'] self.nexpose_config.assert_hostname = False self.nexpose_config.verify_ssl = False self.nexpose_config.ssl_ca_cert = None self.nexpose_config.connection_pool_maxsize = None self.nexpose_config.proxy = None self.nexpose_config.cert_file = None self.nexpose_config.key_file = None self.nexpose_config.safe_chars_for_path_param = '' auth_token = f'{config["USERNAME"]}:{config["PASSWORD"]}' auth_token = base64.b64encode(auth_token.encode('ascii')).decode() api_client = rapid7vmconsole.ApiClient( configuration=self.nexpose_config) api_client.default_headers['Authorization'] = f'Basic {auth_token}' self.nexpose_admin = rapid7vmconsole.AdministrationApi(api_client) self.nexpose = rapid7vmconsole.ScanApi(api_client) self.nexpose_site = rapid7vmconsole.SiteApi(api_client) self.nexpose_assets = rapid7vmconsole.AssetApi(api_client) self.nexpose_report = rapid7vmconsole.ReportApi(api_client) self.storage_service = StorageService()
config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' # Logging logger = logging.getLogger() logger.setLevel(logging.DEBUG) ch = logging.StreamHandler(sys.stdout) ch.setLevel(logging.INFO) logger.addHandler(ch) config.debug = False auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth # create an instance of the API class api_instance = rapid7vmconsole.ReportApi(client) page = 0 # int | The index of the page (zero-based) to retrieve. (optional) (default to 0) size = 1000 # int | The number of records per page to retrieve. (optional) (default to 10) sort = ['name[,ASC]'] # list[str] | The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters. (optional) #sort = ['sort_example'] # list[str] | The criteria to sort the records by, in the format: `property[,ASC|DESC]`. The default sort order is ascending. Multiple sort criteria can be specified using multiple sort query parameters. (optional) try: # Reports api_response = api_instance.get_reports(page=page, size=size, sort=sort) #pprint(api_response) test = api_response.resources
nexpose_config = rapid7vmconsole.Configuration(name='Scanner') nexpose_config.username = config['USERNAME'] nexpose_config.password = config['PASSWORD'] nexpose_config.host = config['HOST'] nexpose_config.assert_hostname = False nexpose_config.verify_ssl = False nexpose_config.ssl_ca_cert = None nexpose_config.connection_pool_maxsize = None nexpose_config.proxy = None nexpose_config.cert_file = None nexpose_config.key_file = None nexpose_config.safe_chars_for_path_param = '' auth = f'{config["USERNAME"]}:{config["PASSWORD"]}' auth = base64.b64encode(auth.encode('ascii')).decode() api_client = rapid7vmconsole.ApiClient(configuration=nexpose_config) api_client.default_headers['Authorization'] = f'Basic {auth}' nexpose_report = rapid7vmconsole.ReportApi(api_client) nexpose_site = rapid7vmconsole.SiteApi(api_client) scan_name='sixyfive7' nexpose_id=1 report_config_scope = rapid7vmconsole.ReportConfigScopeResource(scan=nexpose_id) ### HTML # report_config = rapid7vmconsole.Report(name=f'{scan_name}-html-Report', format='html', template='audit-report', scope=report_config_scope) # report = nexpose_report.create_report(report=report_config) # report_instance = nexpose_report.generate_report(report.id) # hh = nexpose_report.download_report(report.id, report_instance.id)
def generate_report(): config = rapid7vmconsole.Configuration(name='Rapid7') #There is no OAuth. We know this is dumb. For demo purposes config.username = '******' config.password = '******' config.host = '<insert field>' config.verify_ssl = False config.assert_hostname = False config.proxy = None config.ssl_ca_cert = None config.connection_pool_maxsize = None config.cert_file = None config.key_file = None config.safe_chars_for_path_param = '' auth = "%s:%s" % (config.username, config.password) auth = base64.b64encode(auth.encode('ascii')).decode() client = rapid7vmconsole.ApiClient(configuration=config) client.default_headers['Authorization'] = "Basic %s" % auth report_client = rapid7vmconsole.ReportApi(client) report_id = create_report_sql( report_client, 'vulnReport', ''' select da.asset_id, da.mac_address, da.ip_address, das.port, dv.vulnerability_id, dv.title, dv.description, dv.severity, dv.cvss_score, dv.exploits, dv.nexpose_id from fact_asset_vulnerability_finding as fpr join dim_vulnerability as dv on fpr.vulnerability_id = dv.vulnerability_id join dim_asset as da on fpr.asset_id = da.asset_id join dim_asset_service as das on fpr.asset_id = das.asset_id''') #print(report_id) report_instance_id = run_report(report_client, report_id) #print(report_instance_id) report = download_report(report_client, report_id, report_instance_id) with open('nexpose_vul_report1.txt', 'w') as f: f.write(report) reader = csv.DictReader(StringIO(report)) reader.next() critical_vulns = [] for row in reader: try: if float(row['cvss_score']) > 9.5 and int(row['exploits']) >= 1: critical_vulns.append(row) except Exception as e: print(e) """with open('test', 'w') as a: vulnCount = 0 for row in reader: try: if float(row['cvss_score']) > 9.5 and int(row['exploits']) >= 1: a.write(json.dumps(row, indent=4)) vulnCount += 1 except Exception as e: print(e) print(vulnCount) """ delete_report(report_client, report_id) return critical_vulns