Scripting Scenario: Exporting scan ranges to CSV

Document created by S Tempest Employee on Apr 4, 2014Last modified by S Tempest Employee on Apr 4, 2014
Version 2Show Document
  • View in full screen mode

(TL;DR: Click here to see the finished script.)

 

The head honcho of security engineer Bob's company charges into Bob's office. He demands proof that the most important assets used to handle sensitive financial data, such as the printer, are being scanned.

 

Fortunately, with his Nexpose Gem skills, Bob comes up with a script to produce the report.

 

As with any API script this begins with loading the Nexpose Gem into the script:

 

require 'nexpose'


 

And then logging into Nexpose with the following information:

 

  • A user ID = Bob
  • Password = IamSuperCool
  • The Nexpose hostname or IP address = localhost

 

 

@host = 'localhost'
@userid = 'bob'
@password = 'IamSuperCool'


nsc = Nexpose::Connection.new(@host, @userid, @password)
puts 'Logging into Nexpose'
nsc.login
puts 'Logged into Nexpose'


 

After logging in, Bob's script will get the list of all of the sites in Nexpose:

 

sites = nsc.list_sites


 

Next, Bob's script will open a new CSV file named 'ip-ranges.csv' and then iterate through each site, writing their IP ranges into a new row of the CSV file:

 

 

CSV.open('ip-ranges.csv', "wb") do |csv|
  csv << ["Site ID", "Site Name", "Range Start", "Range End"]
  sites.each do |site|
    site = Nexpose::Site.load(nsc, site.id)
    puts "Getting defined assets for #{site.name}"
    site.assets.each do |asset|
      if asset.respond_to? :from
        puts "IP range #{asset.from} - #{asset.to}"
        csv << ["#{site.id}", "#{site.name}", "#{asset.from}", "#{asset.to}"]
      else
        puts "Host #{asset.host}"
        csv << ["#{site.id}", "#{site.name}", "#{asset.host}"]
      end
    end
  end
end


 

Finally, Bob's script will log out of Nexpose:

 

puts 'Logging out'
nsc.logout
exit


 

 

Bob is able to produce a CSV report and hand the big boss a neatly organized Excel spreadsheet showing all the assets in the financial network are indeed being scanned. Appeased and impressed, the CEO gives Bob a raise and lunch at Souplantation.

 

This time, Bob posts his own code on the Rapid 7 community site, Security Street. Bob is now a security hero.

 

 

Thanks to Gavin Schneider and ospannero

2 people found this helpful

Attachments

    Outcomes