Q Nimbus

One step WAS

Discussion created by Q Nimbus on Apr 20, 2012
Latest reply on Apr 20, 2012 by Eric Perraudeau

In essence, what we want is to ask for a website url, and have QualysGuard scan it.  Since this is a "one-step" solution, we will only be asking for the url, making this an unauthenticated vulnerability scan.

 

import base64, urllib2
from lxml import objectify
# Credentials.
webapp_profile_id = 'INSERT_WAS_OPTION_PROFILE_ID_HERE'
username = 'QUALYSGUARD_USERNAME'
password = 'QUALYSGUARD_PASSWORD'
base64string = base64.encodestring('%s:%s' % (username, password))[:-1]
# What web app to scan?
webappurl = raw_input("webappurl = ")
# Setup request to create web app.
query_uri = 'https://qualysapi.qualys.com/qps/rest/3.0/create/was/webapp'
data = '''<ServiceRequest> 
    <data>
        <WebApp> 
            <name>%s</name> 
            <url>%s</url>
        </WebApp> 
    </data>
</ServiceRequest>''' % (webappurl, webappurl)
req = urllib2.Request(query_uri, data)
# Force add creds.
req.add_header("Authorization", "Basic %s" % base64string)
# Let API know type of content in POST.  This is REQUIRED.
req.add_header("Content-Type", "text/xml")
# Make request
result = urllib2.urlopen(req)
response = result.read()
# Check if web app already exists.
root = objectify.fromstring(response)
if root.responseCode == 'INVALID_REQUEST':
    # Web app already exists. Find existing id.
    query_uri = 'https://qualysapi.qualys.com/qps/rest/3.0/search/was/webapp'
    data = '''<ServiceRequest> 
        <filters>
            <Criteria field="name" operator="EQUALS">%s</Criteria>
        </filters>
    </ServiceRequest>''' % (webappurl)
    req = urllib2.Request(query_uri, data)
    # Force add creds.
    req.add_header("Authorization", "Basic %s" % base64string)
    # Let API know type of content in POST.  This is REQUIRED.
    req.add_header("Content-Type", "text/xml")
    # Make request
    result = urllib2.urlopen(req)
    response = result.read()
    root = objectify.fromstring(response)
    webappurl_id = root.data.WebApp.id
else:
    # Successfully created web app.
    webappurl_id = root.data.WebApp.id
# Setup request to scan web app.
query_uri = 'https://qualysapi.qualys.com/qps/rest/3.0/launch/was/wasscan'
webappurl = 'Qnimbus API scan'
scan_type = 'VULNERABILITY'
data = '''<ServiceRequest>
    <data>
        <WasScan>
            <name>%s</name>
            <type>%s</type> 
            <target>
                <webApp>
                    <id>%s</id>
                </webApp>
            </target>
            <profile>
                <id>%s</id>
            </profile>
        </WasScan>
    </data>
</ServiceRequest>''' % (webappurl, scan_type, webappurl_id, webapp_profile_id)
# Set request.
req = urllib2.Request(query_uri, data)
# Force add creds.
req.add_header("Authorization", "Basic %s" % base64string)
# Let API know type of content in POST.  This is REQUIRED.
req.add_header("Content-Type", "text/xml")
# Make request
result = urllib2.urlopen(req)
response = result.read()
print response

 

For additional background, check out full blog post.

Outcomes