A Security Tool which scans a target using OpenVAS, Zap, and Nexpose. And consolidates the scan results.
./main.py --scan-name <scan-name> --target <url>
./main.py --scan-name <scan-name>
./main.py --scan-name <scan-name> --pause
./main.py --scan-name <scan-name> --resume
Scanner Options:
Scanner Report:
Final Output:
- Python 3
- Zap
- Nexpose
- OpenVAS
pip3 install -r requirements.txt
OR
Run in Virtual Env:
python3 -m venv .venv
source .venv/bin/activate
pip3 install -r requirements.txt
The configuration of scanners will be in Environment File .env
. There is sample .env.example
file in the codebase, update the values with the proper API Keys and Credentials details before using. Rename it to .env
.
- Dockerize
- Add Nessus
- Error Stack
- auto reload
- Remove logs
- Save to CSV
- Make it interactive
- OOPs
- Improve Scan Results and Output
- Color logging
- start
- scan
- get_scan_status
- get_scan_results
- is_valid_scan
- list_scans
- pause
- resume
- stop
pprint(core.htmlreport())
# address = rapid7vmconsole.Address(ip=target)
# asset = rapid7vmconsole.Asset(addresses=[address])
scan_targets = rapid7vmconsole.IncludedScanTargets(addresses=[target])
asset = rapid7vmconsole.StaticSite(included_targets=scan_targets)
scan_scope = rapid7vmconsole.ScanScope(assets=asset)
site_create_resource = rapid7vmconsole.SiteCreateResource(name=scan_name, scan=scan_scope)
site = self.nexpose_site.create_site(site=site_create_resource)
print('Site Created', site)
adhoc_scan = rapid7vmconsole.AdhocScan(hosts=[target])
print('adhoc_scan', adhoc_scan)
site_id = site.id
scan = self.nexpose.start_scan(site_id, scan=adhoc_scan)
print('start scan response id', scan.id)
# scan['vulnerabilities']
pprint(scan)
if shutdownOnceFinished:
# Shutdown ZAP once finished
pprint('Shutdown ZAP -> ' + core.shutdown())
report_config_scope = rapid7vmconsole.ReportConfigScopeResource(scan=nexpose_id)
report_config_categories = rapid7vmconsole.ReportConfigCategoryFilters(included=[])
report_config_filters = rapid7vmconsole.ReportConfigFiltersResource(categories=report_config_categories)
report_config = rapid7vmconsole.Report(name=f'{scan_name}-Report', template='audit-report', format='csv-export', scope=report_config_scope)
report_config = rapid7vmconsole.Report(name=f'{scan_name}-Report', format='sql-query', query='select * from dim_asset', version='2.3.0')
report_config = rapid7vmconsole.Report(name=f'{scan_name}-SampleXML-Report', format='nexpose-simple-xml', scope=report_config_scope)
report = nexpose_report.create_report(report=report_config)
report_instance = nexpose_report.generate_report(report.id)
nexpose_report.download_report(report.id, report_instance.id)
report_config = rapid7vmconsole.Report(name=f'{scan_name}-sml2-Report', format='xml-export-v2', scope=report_config_scope)
report = nexpose_report.create_report(report=report_config)
report_instance = nexpose_report.generate_report(report.id)
dd = nexpose_report.download_report(report.id, report_instance.id)
report_config = rapid7vmconsole.Report(name=f'{scan_name}-html-Report', format='html', template='audit-report', scope=report_config_scope)
report = nexpose_report.create_report(report=report_config)
report_instance = nexpose_report.generate_report(report.id)
dd = nexpose_report.download_report(report.id, report_instance.id)
report_config.id = 42
report_config.timezone = 'Asia/Calcutta'
report_config.language = 'en-US'
report_config.owner = 1
report_config.organization = 'Organization'
# report_config.component = 'Component'
# report_config.email = rapid7vmconsole.ReportEmail(additional_recipients=['[email protected]'])
# print('self.zap.spider.results', self.zap.spider.results(scan_id))
# Retrieve all tasks
tasks = gmp.get_tasks()
# Get names of tasks
task_names = tasks.xpath('task/name/text()')
pretty_print(task_names)