-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathQualysScanLaunch.py
142 lines (122 loc) · 4.36 KB
/
QualysScanLaunch.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
'''
Qualys API Sample Script
Author Siggi Bjarnason Copyright 2017
Website http://www.ipcalc.us/ and http://www.icecomputing.com
Description:
This is script where I start to explore Qualys API calls, parsing the XML responses, etc.
Following packages need to be installed as administrator
pip install requests
pip install xmltodict
'''
# Import libraries
import sys
import requests
import json
import os
import string
import time
import xmltodict
import urllib.parse as urlparse
# End imports
strConf_File = "QualysConf.ini"
dictParams = {}
dictParams["action"] = "launch"
dictParams["scan_title"] = "PCF Test Scan"
dictParams["target_from"] = "assets"
dictParams["iscanner_id"] = 18014
dictParams["option_id"] = 759776
dictParams["ip"] = "10.93.120.204"
print ("This is a Qualys API Sample script. This is running under Python Version {0}.{1}.{2}".format(sys.version_info[0],sys.version_info[1],sys.version_info[2]))
now = time.asctime()
print ("The time now is {}".format(now))
if os.path.isfile(strConf_File):
print ("Configuration File exists")
else:
print ("Can't find configuration file {}, make sure it is the same directory as this script".format(strConf_File))
sys.exit(4)
strLine = " "
print ("Reading in configuration")
objINIFile = open(strConf_File,"r")
strLines = objINIFile.readlines()
objINIFile.close()
for strLine in strLines:
strLine = strLine.strip()
if "=" in strLine:
strConfParts = strLine.split("=")
if strConfParts[0] == "APIBaseURL":
strBaseURL = strConfParts[1]
if strConfParts[0] == "APIRequestHeader":
strHeadReq = strConfParts[1]
if strConfParts[0] == "QUserID":
strUserName = strConfParts[1]
if strConfParts[0] == "QUserPWD":
strPWD = strConfParts[1]
if strConfParts[0] == "APIFunction":
strScanAPI = strConfParts[1]
print ("calculating stuff ...")
strHeader={'X-Requested-With': strHeadReq}
if strBaseURL[-1:] != "/":
strBaseURL += "/"
if strScanAPI[-1:] != "/":
strScanAPI += "/"
def MakeAPICall (strURL, strHeader, strUserName,strPWD, strMethod):
print ("Doing a {} to URL: \n {}\n".format(strMethod,strURL))
iErrCode = ""
iErrText = ""
try:
if strMethod.lower() == "get":
WebRequest = requests.get(strURL, headers=strHeader, auth=(strUserName, strPWD))
if strMethod.lower() == "post":
WebRequest = requests.post(strURL, headers=strHeader, auth=(strUserName, strPWD))
except Exception as err:
print ("Issue with API call. {}".format(err))
raise
sys.exit(7)
if isinstance(WebRequest,requests.models.Response)==False:
print ("response is unknown type")
sys.exit(5)
if WebRequest.text[:6].lower()=="<html>":
print (WebRequest.text)
iErrCode = "Unknown"
iErrText = "Unexpected error"
if iErrCode != "" or WebRequest.status_code !=200:
return "There was a problem with your request. HTTP error {} code {} {}".format(WebRequest.status_code,iErrCode,iErrText)
else:
dictResponse = xmltodict.parse(WebRequest.text)
if isinstance(dictResponse,dict):
if "SIMPLE_RETURN" in dictResponse:
try:
if "CODE" in dictResponse["SIMPLE_RETURN"]["RESPONSE"]:
iErrCode = dictResponse["SIMPLE_RETURN"]["RESPONSE"]["CODE"]
iErrText = dictResponse["SIMPLE_RETURN"]["RESPONSE"]["TEXT"]
except KeyError as e:
print ("KeyError: {}".format(e))
print (WebRequest.text)
iErrCode = "Unknown"
iErrText = "Unexpected error"
else:
print ("Response not a dictionary")
sys.exit(8)
if iErrCode != "" or WebRequest.status_code !=200:
return "There was a problem with your request. HTTP error {} code {} {}".format(WebRequest.status_code,iErrCode,iErrText)
else:
return dictResponse
strListScans = urlparse.urlencode(dictParams)
strURL = strBaseURL + strScanAPI +"?" + strListScans
APIResponse = MakeAPICall(strURL,strHeader,strUserName,strPWD,"post")
if isinstance(APIResponse,str):
print(APIResponse)
if isinstance(APIResponse,dict):
if "SIMPLE_RETURN" in APIResponse:
if "RESPONSE" in APIResponse["SIMPLE_RETURN"]:
if "TEXT" in APIResponse["SIMPLE_RETURN"]["RESPONSE"]:
print (APIResponse["SIMPLE_RETURN"]["RESPONSE"]["TEXT"])
if "ITEM_LIST" in APIResponse["SIMPLE_RETURN"]["RESPONSE"]:
for item in APIResponse["SIMPLE_RETURN"]["RESPONSE"]["ITEM_LIST"]["ITEM"]:
print ("{}: {}".format(item["KEY"],item["VALUE"]))
else:
print ("No further details")
else:
print ("Don't understand this reponse: {}".format(APIResponse))
else:
print ("Don't understand this reponse: {}".format(APIResponse))