From a84576b551a14df6f3199d92963fc24b8301b1f3 Mon Sep 17 00:00:00 2001
From: qmontal <qmontal@protonmail.com>
Date: Fri, 10 Aug 2018 01:39:57 +0200
Subject: [PATCH] No need to specify section to run (#88)

* Add Qualys vulnerability scans

* Use non-zero exit codes for failures

* Convert to strings for Logstash

* Update logstash config for vulnerability scans

* Update README

* Grab all scans statuses

* Add Qualys vulnerability scans

* Use non-zero exit codes for failures

* Convert to strings for Logstash

* Update logstash config for vulnerability scans

* Update README

* Grab all scans statuses

* Fix error: "Cannot convert non-finite values (NA or inf) to integer"

When trying to download the results of Qualys Vulnerability Management scans, the following error pops up:

[FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer

This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through.

Taking out the last line solves the issue.

Also adding the qualys_vuln scheme to the frameworks_example.ini

* No need to specify section to run

Until now it vulnwhisperer was not running if a section was not specified,
but there is the variable "enabled" on each module config, so now it will
check which modules are enabled and run them sequentialy.

Made mainly in order to be able to automate with docker-compose instance,
as the docker with vulnwhisperer (https://github.com/HASecuritySolutions/docker_vulnwhisperer)
has that command run at the end.

* added to readme + detectify
---
 README.md                |  3 +++
 bin/vuln_whisperer       | 22 +++++++++++++++++++---
 vulnwhisp/base/config.py | 10 +++++++++-
 3 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index aaba3a5..c3bd36b 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ Currently Supports
 - [X] [Qualys Vulnerability Management](https://www.qualys.com/apps/vulnerability-management/)
 - [X] [OpenVAS](http://www.openvas.org/)
 - [X] [Tenable.io](https://www.tenable.com/products/tenable-io)
+- [ ] [Detectify](https://detectify.com/)
 - [ ] [Nexpose](https://www.rapid7.com/products/nexpose/)
 - [ ] [Insight VM](https://www.rapid7.com/products/insightvm/)
 - [ ] [NMAP](https://nmap.org/)
@@ -176,6 +177,8 @@ or
 vuln_whisperer -c configs/frameworks_example.ini -s qualys
 
 ```
+If no section is specified (e.g. -s nessus), vulnwhisperer will check on the config file for the modules that have the property enabled=true and run them sequentially.
+
 <p align="center" style="width:300px"><img src="https://github.com/austin-taylor/vulnwhisperer/blob/master/docs/source/running_vuln_whisperer.png" style="width:400px"></p>
 Next you'll need to import the visualizations into Kibana and setup your logstash config. A more thorough README is underway with setup instructions.
 
diff --git a/bin/vuln_whisperer b/bin/vuln_whisperer
index 5c4645e..ee77ab6 100644
--- a/bin/vuln_whisperer
+++ b/bin/vuln_whisperer
@@ -5,6 +5,7 @@ __author__ = 'Austin Taylor'
 
 from vulnwhisp.vulnwhisp import vulnWhisperer
 from vulnwhisp.utils.cli import bcolors
+from vulnwhisp.base.config import vwConfig
 import os
 import argparse
 import sys
@@ -31,10 +32,25 @@ def main():
 
     try:
         if args.config and not args.section:
-            print('{red} ERROR: {error}{endc}'.format(red=bcolors.FAIL,
-                                                      error='Please specify a section using -s. \
+	    
+            print('{yellow}WARNING: {warning}{endc}'.format(yellow=bcolors.WARNING,
+                                                      warning='No section was specified, vulnwhisperer will scrape enabled modules from config file. \
+						      \nPlease specify a section using -s. \
                                                       \nExample vuln_whisperer -c config.ini -s nessus',
                                                       endc=bcolors.ENDC))
+	    config = vwConfig(config_in=args.config)
+	    enabled_sections = config.get_enabled()
+		
+	    for section in enabled_sections:
+		vw = vulnWhisperer(config=args.config,
+                               profile=section,
+                               verbose=args.verbose,
+                               username=args.username,
+                               password=args.password)
+
+            	vw.whisper_vulnerabilities()
+	    sys.exit(1)
+
         else:
             vw = vulnWhisperer(config=args.config,
                                profile=args.section,
@@ -52,4 +68,4 @@ def main():
 
 
 if __name__ == '__main__':
-    main()
\ No newline at end of file
+    main()
diff --git a/vulnwhisp/base/config.py b/vulnwhisp/base/config.py
index 3a7d40d..3adacb1 100644
--- a/vulnwhisp/base/config.py
+++ b/vulnwhisp/base/config.py
@@ -19,4 +19,12 @@ class vwConfig(object):
         return self.config.get(section, option)
 
     def getbool(self, section, option):
-        return self.config.getboolean(section, option)
\ No newline at end of file
+        return self.config.getboolean(section, option)
+
+    def get_enabled(self):
+	enabled = []
+	check = ["true", "True", "1"]
+	for section in self.config.sections():
+	    if self.get(section, "enabled") in check:
+		enabled.append(section)	
+	return enabled