Scripting example: Ad hoc scanning and reporting

Document created by S Tempest Employee on Apr 4, 2014Last modified by S Tempest Employee on Apr 4, 2014
Version 2Show Document
  • View in full screen mode

BY STEVE

 

This is a sample script that:

 

  1. Logs in to Nexpose.
  2. Creates a site.
  3. Scans with the default template.
  4. Runs a report based on a SQL query.
  5. Exports the results to a CSV file.
  6. Deletes the site.
  7. Logs out of Nexpose.

 

For an example scenario, check out: Scripting Scenario: Ad hoc scanning and reporting

 

 

#!/usr/bin/env ruby

require 'nexpose'
require 'csv'

@host = 'localhost'
@userid = 'bob'
@password = 'IamSuperCool'

@name = 'BobsTemporarySite'
@device_hostname = 'www.foo.com'
@device_ip_address = '192.168.1.2'
@device_ip_range_start = '10.0.0.1'
@device_ip_range_end = '10.0.0.25'

nsc = Nexpose::Connection.new(@host, @userid, @password)
puts 'Logging into Nexpose'
nsc.login
puts 'Logged into Nexpose'

puts "Creating site #{@name}"
site = Nexpose::Site.new(@name)
site.add_host(@device_hostname)
site.add_ip_range(@device_ip_range_start, @device_ip_range_end)
site.add_ip(@device_ip_address)
site.save(nsc)
puts 'Created site successfully'

puts 'Starting scan'
scan = site.scan(nsc)

begin
  sleep(15)
  status = nsc.scan_status(scan.id)
  puts "Current scan status: #{status.to_s}"
end while status == Nexpose::Scan::Status::RUNNING

query = "
  SELECT DISTINCT ip_address, mac_address, host_name, title, date_published, severity, riskscore, summary, fix

  FROM fact_asset_scan_vulnerability_finding
   JOIN dim_asset USING (asset_id)
   JOIN dim_vulnerability USING (vulnerability_id)
   JOIN dim_vulnerability_solution USING (vulnerability_id)
   JOIN dim_solution_highest_supercedence USING (solution_id)
   JOIN dim_solution ds ON superceding_solution_id = ds.solution_id"

if status == Nexpose::Scan::Status::FINISHED
  puts 'Scan complete, generating report'
  report = Nexpose::AdhocReportConfig.new(nil, 'sql')
  report.add_filter('version', '1.1.0')
  report.add_filter('query', query)
  report.add_filter('site', site.id)
  report_output = report.generate(nsc)
  csv_output = CSV.parse(report_output.chomp, { :headers => :first_row })
  CSV.open('nexpose-export.csv', 'w') do |csv_file|
    csv_file << csv_output.headers
    csv_output.each do |row|
      csv_file << row
    end
  end
else
  puts "Help me, Bob Kenobi, you're my only hope! It failed!"
  site.delete(nsc)
  nsc.logout
  exit 1
end

puts 'Report completed and saved, deleting site'
site.delete(nsc)

puts 'Site deleted, logging out'
nsc.logout
exit




 

 

Thanks to Gavin Schneider and ospannero

1 person found this helpful

Attachments

    Outcomes