#!/usr/bin/env python
from securitycenter import SecurityCenter
# Please fill out the information below
username = '******'
password = '******'
host = 'HOSTNAME OR IP ADDRESS'
sc = SecurityCenter(host, username, password)
assets = sc.assets()
print 'Repositories\n------------'
for repo in assets['repositories']:
print repo['id'], repo['name']
print '\nAssets\n------'
for asset in assets['assets']:
print asset['id'], asset['name']
from securitycenter import SecurityCenter
import time
import re
username = '******'
password = '******'
hostname = 'HOSTNAME'
days = 7
sc = SecurityCenter(hostname, username, password)
queries = [{
'eventName': 'Unique_Windows_Executable',
'regex': re.compile(r'invoked \'(.*?)\''),
'regex_type': 'single',
}, {
'eventName': 'Daily_Command_Summary',
'regex': re.compile(r'day: (.*?) \('),
'regex_type': 'multiple',
}]
procs = set()
for query in queries:
data = sc.query('syslog',
source='lce',
eventName=query['eventName'],
endtime=int(time.time()),
starttime=(int(time.time()) - (86400 * days)))
for item in data:
values = query['regex'].findall(item['message'])
{
'asset_id': 28,
'filters': {
'sensor': 'HomeNet_Snort',
'endtime': int(time.time()),
'starttime': (int(time.time()) - 86400),
},
},
{
'asset_id': 29,
'filters': {
'type': 'nbs',
'endtime': int(time.time()),
'starttime': (int(time.time()) - 86400),
},
},
]
host = 'HOST'
username = '******'
password = '******'
sc = SecurityCenter(host, username, password)
for update in update_list:
events = sc.query('sumip', source='lce', **update['filters'])
ips = []
for event in events:
ips.append(event['address'])
sc.asset_update(update['asset_id'], ips=ips)
# 6: Offline 4853 89.72M 120.97M
# 7: Traceroutes 0 1.06M 0.00M
from securitycenter import SecurityCenter
import os
# Define the needed information to login to the api
username = '******'
password = '******'
hostname = 'localhost'
convert = 1024 * 1024 # This will convert bytes to Megabytes
# in base 1024.
unit = 'M' # The unit notation (if any)
path = '/opt/sc4/repositories' # Base path for repositories
# Here we will instantiate the Security Center module
sc = SecurityCenter(hostname, username, password)
# Before we do anything, lets print the header information.
print ' ' * 40 + 'IP Count\t Raw Size\t NSR Size'
print ' ' * 40 + '--------\t---------\t---------'
# First we will get the list of repositories that SC4 is aware of, then
# iterate through them.
for repo in sc.repositories()['repositories']:
# First we get the filesize of the raw database in bytes.
raw_size = os.path.getsize('%s/%s/hdb.raw' % (path, repo['id']))
# Next is the filesize of the nsr file in bytes. As it is possible for the
# NSR file to not exist, if there is no file, we will just set it to 0 bytes
try:
nsr_size = os.path.getsize('%s/%s/hdb.nsr' % (path, repo['id']))
def main():
configfile = os.path.join(os.path.dirname(os.path.abspath(__file__)), '..',
'config.conf')
config = ConfigParser()
populate = False
report = False
try:
opts, args = getopt.getopt(sys.argv[1:], "pr", ["populate", "report"])
except getopt.GetoptError:
print 'reporter.py -p -r'
sys.exit(2)
for opt, arg in opts:
if opt in ('-p', '--populate'):
populate = True
elif opt in ('-r', '--report'):
report = True
if not os.path.exists(configfile):
s = models.Session()
# Well there wasn't a config file located along side the downloader
# script, so we should create a new one.
config.add_section('SecurityCenter')
config.set('SecurityCenter', 'host',
raw_input('SecurityCenter Address : '))
config.set('SecurityCenter', 'user',
raw_input('SecurityCenter Username : '******'SecurityCenter', 'pass',
b64encode(getpass.getpass('SecurityCenter Password : '******'SecurityCenter', 'expire',
raw_input('Expiration Threshhold (in days) : '))
config.set('SecurityCenter', 'path',
raw_input('Folder to place reports : '))
marker = True
assets = []
while marker:
aid = raw_input('Asset List ID to Restrict to : ')
rname = raw_input('Report Name? : ')
if aid is not '' and rname is not '':
s.add(models.AssetList(id=int(aid), name=rname))
assets.append(aid)
else:
marker = False
config.set('SecurityCenter', 'asset_ids', ','.join(assets))
s.commit()
s.close()
with open(configfile, 'wb') as fobj:
config.write(fobj)
else:
config.read(configfile)
if populate:
sc = SecurityCenter(config.get('SecurityCenter', 'host'))
sc.login(config.get('SecurityCenter', 'user'),
b64decode(config.get('SecurityCenter', 'pass')))
for asset_id in config.get('SecurityCenter', 'asset_ids').split(','):
population.gen(sc, int(asset_id),
config.getint('SecurityCenter', 'expire'))
if report:
for asset_id in config.get('SecurityCenter', 'asset_ids').split(','):
reporter.generate_html_report(config.get('SecurityCenter', 'path'),
int(asset_id))
# Verison: Build 042
# Date: 05/01/2012
import sccsv
from securitycenter import SecurityCenter
import json
import os
from ConfigParser import ConfigParser
conf = ConfigParser()
conf.read('csv_gen.conf')
sccsv.debug.DEBUG = conf.getboolean('Settings', 'debug')
sc = SecurityCenter(conf.get('Settings', 'address'),
conf.get('Settings', 'username'),
conf.get('Settings', 'password'),
port=conf.getint('Settings', 'port'))
def build_and_email(section):
# The first thing that we need to do is get all of the email configuration
# stuff loaded up. This will involve some minor parsing and in some cases
# we will need to check to see if there is a local variable set to override
# the global one that is set in the Settings stanza.
email_to = conf.get(section, 'email_to').split(',')
email_from = conf.get('Settings', 'email_from')
email_host = conf.get('Settings', 'smtp_host')
if conf.has_option(section, 'email_msg'):
email_msg = conf.get(section, 'email_msg')
else:
email_msg = conf.get('Settings', 'email_msg')
#Get IP To SCAN
if len(sys.argv) != 2:
print("Error: specify an IP to connect to!")
exit(0)
ip = sys.argv[1]
checkip = sys.argv[1]
#Ignore TLS Cert Error
if hasattr(ssl, '_create_unverified_context'):
ssl._create_default_https_context = ssl._create_unverified_context
# Instantiate a Security Center instance and login with the credentials provided
sc = SecurityCenter(host, username, password)
#
vulns = sc.query('vulndetails',
exploitAvailable='true',
pluginType='active',
severity='3,4',
ip=checkip)
# Set IP Address:
ips = {}
if not vulns:
print '\nYou Probably Cant Hack %s. Congrats! : ) \n' % ip
else:
for vuln in vulns:
if vuln['ip'] not in ips:
print("Error: specify an IP to connect to!")
exit(0)
ip = sys.argv[1]
checkip = sys.argv[1]
#Ignore TLS Cert Error
if hasattr(ssl, '_create_unverified_context'):
ssl._create_default_https_context = ssl._create_unverified_context
# Instantiate a Security Center instance and login with the credentials provided
sc = SecurityCenter(host, username, password)
#
vulns = sc.query('vulndetails', exploitAvailable='true', pluginType='active', severity='3,4', ip=checkip)
# Set IP Address:
ips ={}
if not vulns:
print '\nYou Probably Cant Hack %s. Congrats! : ) \n' % ip
else:
for vuln in vulns:
if vuln['ip'] not in ips:
ips[vuln['ip']] = []
ips[vuln['ip']].append(vuln)
# Now to print the output to the screen. This could easily be rewritten to
update_list = [{
'asset_id': 28,
'filters': {
'sensor': 'HomeNet_Snort',
'endtime': int(time.time()),
'starttime': (int(time.time()) - 86400),
},
},{
'asset_id': 29,
'filters': {
'type': 'nbs',
'endtime': int(time.time()),
'starttime': (int(time.time()) - 86400),
},
},
]
host = 'HOST'
username = '******'
password = '******'
sc = SecurityCenter(host, username, password)
for update in update_list:
events = sc.query('sumip', source='lce', **update['filters'])
ips = []
for event in events:
ips.append(event['address'])
sc.asset_update(update['asset_id'], ips=ips)
from securitycenter import SecurityCenter
import time
import re
username = '******'
password = '******'
hostname = 'HOSTNAME'
days = 7
sc = SecurityCenter(hostname, username, password)
queries = [{
'eventName': 'Unique_Windows_Executable',
'regex': re.compile(r'invoked \'(.*?)\''),
'regex_type': 'single',
},{
'eventName': 'Daily_Command_Summary',
'regex': re.compile(r'day: (.*?) \('),
'regex_type': 'multiple',
}
]
procs = set()
for query in queries:
data = sc.query('syslog', source='lce',
eventName=query['eventName'],
endtime=int(time.time()),
starttime=(int(time.time()) - (86400 * days))
)
for item in data:
# 6: Offline 4853 89.72M 120.97M
# 7: Traceroutes 0 1.06M 0.00M
from securitycenter import SecurityCenter
import os
# Define the needed information to login to the api
username = '******'
password = '******'
hostname = 'localhost'
convert = 1024 * 1024 # This will convert bytes to Megabytes
# in base 1024.
unit = 'M' # The unit notation (if any)
path = '/opt/sc4/repositories' # Base path for repositories
# Here we will instantiate the Security Center module
sc = SecurityCenter(hostname, username, password)
# Before we do anything, lets print the header information.
print ' ' * 40 + 'IP Count\t Raw Size\t NSR Size'
print ' ' * 40 + '--------\t---------\t---------'
# First we will get the list of repositories that SC4 is aware of, then
# iterate through them.
for repo in sc.repositories()['repositories']:
# First we get the filesize of the raw database in bytes.
raw_size = os.path.getsize('%s/%s/hdb.raw' % (path, repo['id']))
# Next is the filesize of the nsr file in bytes. As it is possible for the
# NSR file to not exist, if there is no file, we will just set it to 0 bytes
try:
nsr_size = os.path.getsize('%s/%s/hdb.nsr' % (path, repo['id']))
#!/usr/bin/env python
# SecurityCenter DNS File Uploader
# Version 1.0
# Date: 02/11/2015
from securitycenter import SecurityCenter
import getpass
def update(sc, filename, asset_id):
'''
Updates a DNS Asset List with the contents of the filename. The assumed
format of the file is 1 entry per line. This function will convert the
file contents into an array of entries and then upload that array into
SecurityCenter.
'''
addresses = []
with open(filename) as hostfile:
for line in hostfile.readlines():
addresses.append(line.strip('\n'))
sc.asset_update(asset_id, dns=addresses)
if __name__ == '__main__':
host = raw_input('SecurityCenter Address : ')
username = raw_input('Username : '******'Password : '******'DNS Asset List File : ')
asset_id = raw_input('Asset List ID : ')
sc = SecurityCenter(host, username, password)
update(sc, filename, asset_id)