On 06/11/2011 02:10 PM, Jim Halfpenny wrote:
> Has anyone ever looked into scripting/automating community or commercial
> > security scanners? Are there utilities which anyone found helpful to support
> > this? How effective and what aspects of automation have you been able to
> > achieve, auto execution of regularly-scheduled scans, or creation and
> > modification of new scans, targets, and outputs of reports?
> > Anatoly
You'll want to take a look at the nexpose, nessus, and openvas API
wrappers in the Metasploit Framework. You'll find them directly under
the lib directory. Props to their creators, (hdm/jabra, zate, and Vlatko
Kosturjak respectively) i'm only conveying the usage info.
There's a number of ways you can integrate this code into your own
workflow:
1) Directly use the libraries in your own ruby scripts -
For the nexpose library, specifically take a look at the
cmd_nexpose_scan function, this should give you 80% of what you need to
start running scans via ruby.
The nessus lib has some nice usage examples directly in the library:
require 'nessus-xmlrpc'
n=NessusXMLRPC::NessusXMLRPC.new('https://localhost:8834','user','pass');
if n.logged_in
id,name = n.policy_get_first
puts "using policy ID: " + id + " with name: " + name
uid=n.scan_new(id,"textxmlrpc","127.0.0.1")
puts "status: " + n.scan_status(uid)
while not n.scan_finished(uid)
sleep 10
end
content=n.report_file_download(uid)
File.open('report.xml', 'w') {|f| f.write(content) }
end
Take a look at the plugins/ directory for more examples of how to use
the libraries. If you're not familiar w/ ruby, irb is an awesome way to
play around w/ a library while getting familiar with it. Nessus library
has some nice usage in the library:
jcran@disko$: irb -r openvas-omp.rb
irb> vas = OpenVASOMP.new(user=>'openvas',password=>'[password]')
## connect to localhost:9390
irb> vas.version_get ## return the OpenVAS version
irb>
fwiw, the openVAS api seems somewhat unnecessarily complicated to me
2) Use framework RC scripts to drive the code (which in turn, drives the
vulnscanner API)
This is a quick way to hammer out a couple working scripts you can stick
in a cronjob, but it also gives you the least control. Depends on what
you're looking for. Here's an example of an RC file that connects to
nexpose & runs a scan:
# Connect to a postgres db so we can save / auto-import results
db_connect msf3:[password]@localhost:5432/msf3
# Load the Nexpose Plugin
load nexpose
# Connect to the host
nexpose_connect nxadmin:[password]@sob ok
# Run a scan w/ default settings
nexpose_scan 10.0.0.0/24
# say bye bye!
exit -y
you could then create a .sh which calls the rc:
#!/bin/bash
/path/to/framework/msfconsole -r nexpose_scan.rc
3) Use the command line client (nessus-only)
The nessus plugin / library also includes cli interface (hell yeah)
which is pretty sexy if you're looking to quick way to automate stuff --
and there's some great examples of usage in the README:
./nessus-cli.rb --user user --password pass --scan localhost-scan --wait
5 -D --output report-localhost.xml --target 127.0.0.1 --verbose --policy
mypolicy --url https://localhost:8834
Hope it helps!
jcran
--
Jonathan Cran
[email protected]
515.890.0070
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
