Cyberdefense/VulnWhisperer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Column update for scans and N/A cleanup

Browse Source
This commit is contained in:
Austin Taylor
2017-12-28 22:47:58 -05:00
parent d03ba15772
commit c041693018
2 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
vulnwhisp/frameworks/qualys.py
View File

@ -321,7 +321,7 @@ class qualysReportFields:
GROUP_HEADER = ['GROUP', 'Name', 'Category'] GROUP_HEADER = ['GROUP', 'Name', 'Category']
OWASP_HEADER = ['OWASP', 'Code', 'Name'] OWASP_HEADER = ['OWASP', 'Code', 'Name']
WASC_HEADER = ['WASC', 'Code', 'Name'] WASC_HEADER = ['WASC', 'Code', 'Name']
SCAN_META = ['Web Application Name', 'URL', 'Owner', 'Operating System', 'Scope'] SCAN_META = ['Web Application Name', 'URL', 'Owner', 'Scope', 'Operating System']
CATEGORY_HEADER = ['Category', 'Severity', 'Level', 'Description'] CATEGORY_HEADER = ['Category', 'Severity', 'Level', 'Description']
@ -742,6 +742,8 @@ class qualysScanReport:
merged_df = pd.merge(merged_df, df_dict['CATEGORY_HEADER'], how='left', left_on=['Category', 'Severity Level'], merged_df = pd.merge(merged_df, df_dict['CATEGORY_HEADER'], how='left', left_on=['Category', 'Severity Level'],
right_on=['Category', 'Severity'], suffixes=('Severity', 'CatSev')) right_on=['Category', 'Severity'], suffixes=('Severity', 'CatSev'))
merged_df = merged_df.fillna('')
try: try:
merged_df = \ merged_df = \
merged_df[~merged_df.Title.str.contains('Links Crawled|External Links Discovered' merged_df[~merged_df.Title.str.contains('Links Crawled|External Links Discovered'
@ -750,9 +752,9 @@ class qualysScanReport:
print(e) print(e)
return merged_df return merged_df
def download_file(self, file_id): def download_file(self, path='', file_id=None):
report = self.qw.download_report(file_id) report = self.qw.download_report(file_id)
filename = str(file_id) + '.csv' filename = path + str(file_id) + '.csv'
file_out = open(filename, 'w') file_out = open(filename, 'w')
for line in report.splitlines(): for line in report.splitlines():
file_out.write(line + '\n') file_out.write(line + '\n')
@ -763,10 +765,10 @@ class qualysScanReport:
def remove_file(self, filename): def remove_file(self, filename):
os.remove(filename) os.remove(filename)
def process_data(self, file_id, cleanup=True): def process_data(self, path='', file_id=None, cleanup=True):
"""Downloads a file from qualys and normalizes it""" """Downloads a file from qualys and normalizes it"""
download_file = self.download_file(file_id) download_file = self.download_file(path=path, file_id=file_id)
print('[ACTION] - Downloading file ID: %s' % file_id) print('[ACTION] - Downloading file ID: %s' % file_id)
report_data = self.grab_sections(download_file) report_data = self.grab_sections(download_file)
merged_data = self.data_normalizer(report_data) merged_data = self.data_normalizer(report_data)

5
vulnwhisp/vulnwhisp.py
View File

@ -408,7 +408,7 @@ class vulnWhispererQualys(vulnWhispererBase):
debug=False, debug=False,
username=None, username=None,
password=None, password=None,
): ):
super(vulnWhispererQualys, self).__init__(config=config, ) super(vulnWhispererQualys, self).__init__(config=config, )
self.qualys_scan = qualysScanReport(config=config) self.qualys_scan = qualysScanReport(config=config)
@ -466,7 +466,8 @@ class vulnWhispererQualys(vulnWhispererBase):
generated_report_id = root.data.Report.id generated_report_id = root.data.Report.id
print('{info} - New Report ID: %s'.format(info=bcolors.INFO) \ print('{info} - New Report ID: %s'.format(info=bcolors.INFO) \
% generated_report_id) % generated_report_id)
vuln_ready = self.qualys_scan.process_data(generated_report_id)
vuln_ready = self.qualys_scan.process_data(path=self.write_path, file_id=generated_report_id)
vuln_ready.to_csv(self.path_check(report_name), index=False, header=True) # add when timestamp occured vuln_ready.to_csv(self.path_check(report_name), index=False, header=True) # add when timestamp occured
print('{success} - Report written to %s'.format(success=bcolors.SUCCESS) \ print('{success} - Report written to %s'.format(success=bcolors.SUCCESS) \