Powershell Post #1

File uploaded by Busby on Mar 9, 2015Last modified by Busby on May 1, 2015
Version 2Show Document
  • View in full screen mode

Powershell:API:Part 1

 

When I started working with the Qualys API I was doing a lot of my interactions with the API via BASH or PERL in Linux.

But to ease some development, maintenance and other issues I decided to try Powershell for this but was disappointed by the seeming lack of examples of this in the community; maybe I can’t search.

So I wrote my own code to do something I thought useful and my ever helpful TAM thought this could benefit the community.

I plan on doing several parts although I am not sure how many and I am going to attempt to give you the “Building Blocks” to rolling your own stuff.

Should you have questions; please let me know and always use at your own risk.

 

Let’s get started.

Problem: Users need to perform a scan of a single IP Address but don’t have a login to Qualys.

Below is the code to do the first few steps of just connecting to Qualys and then logging out; if you forget to logout you could exceed the number of connections allowed for your user.  Most of my comments are in the code itself.  Next post will expand on this to launching a scan which will probably be a big post.

#param ([Parameter(Mandatory=$true)][String]$targetip,[Parameter(Mandatory=$true)][String]$Requestor,[Parameter(Mandatory=$true)][int]$ScanProfile=440426)

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted

Clear-Host

 

<#

       $CookieJar - this is where we will store the cookie that Qualys will issue so you don't need to relogin everytime.

       The Set-Location function is part of Powershell and should be set to where your running this script; shortcut later.

       Your path to CURL will be relative to this.

#>

 

[String]$CookieJar = "$ScriptName.cookies"

Set-Location -Path "D:\Documents\Security\Qualys_Community"

 

function Get-QualysAPIAccountCred {

<#

.SYNOPSIS

Returns a PSObject of Credentials

.DESCRIPTION

Creates a PSObject and puts the Qualys Credentails in it.

.PARAMETER NONE

.NOTES

       Should encrypt later.

.EXAMPLE

[PSObject]$Cred = Get-QualysAPIAccountCred

#>

       $CredentialObj  = New-Object -Type PSObject

       $CredentialObj | Add-Member -MemberType NoteProperty -Name username -Value 'QUALYSUSERID' -Force

       $CredentialObj | Add-Member -MemberType NoteProperty -Name password -Value 'QUALYSPASSWORD' -Force

       return [PSObject]$CredentialObj

}

 

function LoginQualys(){

<#

.SYNOPSIS

Login to the Qualys Platform

.DESCRIPTION

Login to the Qualys Platform.

A custom User Agent string could be used for other things and monitoring so I use custom ones for my tools. hint; so do malware authors.

The Get-QualysAPIAccountCred will call a function to return an Object with the credentials to login into Qualys.

We then create the Session String

And finally Invoke the full command. The results of the command go to the Result Object "xml" which you can parse later for other details.

.PARAMETER NONE

.EXAMPLE

LoginQualys

#>

       [PSObject]$myCred = Get-QualysAPIAccountCred

       [String]$SUrl= 'https://qualysapi.qualys.com:443/api/2.0/fo/session/'

       [String]$UA = """X-Requested-With: Powershell"""

       [String]$CURL = ".\curl.exe"

       [String]$SessionLogin = " $CURL --header $UA --dump-header `""+$CookieJar+"`" --insecure --data `"action=login&username="+$myCred.username+"&password="+$myCred.password+"`" `""+$SUrl+"`" "

       [System.Object]$Result = Invoke-Expression $SessionLogin

}

 

function LogoutQualys(){

<#

.SYNOPSIS

Logout of the Qualys Platform

.DESCRIPTION

Logout of the Qualys Platform

.PARAMETER NONE

.EXAMPLE

LogoutQualys

#>

       [String]$CURL = ".\curl.exe"

       [String]$UA = """X-Requested-With: Powershell"""

       [String]$SUrl= 'https://qualysapi.qualys.com:443/api/2.0/fo/session/'

       [String]$SessionLogout = " $CURL --header $UA --cookie `""+$CookieJar+"`" --insecure --data `"action=logout`" `""+$SUrl+" `""

       [System.Object]$Result = Invoke-Expression $SessionLogout

}

 

function Clean-up {

<#

       Here we just clean up the Cookiejar by testing to see if it is present then remove it.

#>

       if(Test-Path $CookieJar){Remove-Item -Force $CookieJar}

}

 

function Main {

       LoginQualys

       LogoutQualys

       Clean-up

}

 

. Main

Attachments

Outcomes