a84576b551
* Add Qualys vulnerability scans * Use non-zero exit codes for failures * Convert to strings for Logstash * Update logstash config for vulnerability scans * Update README * Grab all scans statuses * Add Qualys vulnerability scans * Use non-zero exit codes for failures * Convert to strings for Logstash * Update logstash config for vulnerability scans * Update README * Grab all scans statuses * Fix error: "Cannot convert non-finite values (NA or inf) to integer" When trying to download the results of Qualys Vulnerability Management scans, the following error pops up: [FAIL] - Could not process scan/xxxxxxxxxx.xxxxx - Cannot convert non-finite values (NA or inf) to integer This error is due to pandas operating with the scan results json file, as the last element from the json doesn't fir with the rest of the response's scheme: that element is "target_distribution_across_scanner_appliances", which contains the scanners used and the IP ranges that each scanner went through. Taking out the last line solves the issue. Also adding the qualys_vuln scheme to the frameworks_example.ini * No need to specify section to run Until now it vulnwhisperer was not running if a section was not specified, but there is the variable "enabled" on each module config, so now it will check which modules are enabled and run them sequentialy. Made mainly in order to be able to automate with docker-compose instance, as the docker with vulnwhisperer (https://github.com/HASecuritySolutions/docker_vulnwhisperer) has that command run at the end. * added to readme + detectify
72 lines
2.9 KiB
Python
72 lines
2.9 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
__author__ = 'Austin Taylor'
|
|
|
|
|
|
from vulnwhisp.vulnwhisp import vulnWhisperer
|
|
from vulnwhisp.utils.cli import bcolors
|
|
from vulnwhisp.base.config import vwConfig
|
|
import os
|
|
import argparse
|
|
import sys
|
|
|
|
def isFileValid(parser, arg):
|
|
if not os.path.exists(arg):
|
|
parser.error("The file %s does not exist!" % arg)
|
|
else:
|
|
return arg
|
|
|
|
def main():
|
|
|
|
parser = argparse.ArgumentParser(description=""" VulnWhisperer is designed to create actionable data from\
|
|
your vulnerability scans through aggregation of historical scans.""")
|
|
parser.add_argument('-c', '--config', dest='config', required=False, default='frameworks.ini',
|
|
help='Path of config file', type=lambda x: isFileValid(parser, x.strip()))
|
|
parser.add_argument('-s', '--section', dest='section', required=False,
|
|
help='Section in config')
|
|
parser.add_argument('-v', '--verbose', dest='verbose', action='store_true', default=True,
|
|
help='Prints status out to screen (defaults to True)')
|
|
parser.add_argument('-u', '--username', dest='username', required=False, default=None, type=lambda x: x.strip(), help='The NESSUS username')
|
|
parser.add_argument('-p', '--password', dest='password', required=False, default=None, type=lambda x: x.strip(), help='The NESSUS password')
|
|
args = parser.parse_args()
|
|
|
|
try:
|
|
if args.config and not args.section:
|
|
|
|
print('{yellow}WARNING: {warning}{endc}'.format(yellow=bcolors.WARNING,
|
|
warning='No section was specified, vulnwhisperer will scrape enabled modules from config file. \
|
|
\nPlease specify a section using -s. \
|
|
\nExample vuln_whisperer -c config.ini -s nessus',
|
|
endc=bcolors.ENDC))
|
|
config = vwConfig(config_in=args.config)
|
|
enabled_sections = config.get_enabled()
|
|
|
|
for section in enabled_sections:
|
|
vw = vulnWhisperer(config=args.config,
|
|
profile=section,
|
|
verbose=args.verbose,
|
|
username=args.username,
|
|
password=args.password)
|
|
|
|
vw.whisper_vulnerabilities()
|
|
sys.exit(1)
|
|
|
|
else:
|
|
vw = vulnWhisperer(config=args.config,
|
|
profile=args.section,
|
|
verbose=args.verbose,
|
|
username=args.username,
|
|
password=args.password)
|
|
|
|
vw.whisper_vulnerabilities()
|
|
sys.exit(1)
|
|
|
|
except Exception as e:
|
|
if args.verbose:
|
|
print('{red} ERROR: {error}{endc}'.format(red=bcolors.FAIL, error=e, endc=bcolors.ENDC))
|
|
sys.exit(2)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|