-
Notifications
You must be signed in to change notification settings - Fork 103
Creating a Scan Template of Recent Vulnerability Checks
Here's a walk-through of how to create a Scan Template which only runs vulnerability checks recently published in Nexpose. It is valid as of version 0.5.3.
In order to keep verbosity to a minimum, all of the examples assume that the Nexpose module has been included:
include NexposeAs with all uses of the gem, in order to interact with a Nexpose console you will need an active, valid connection. The following line can be assumed for all code below:
nsc = Connection.new('10.2.0.1', 'nxadmin', 'secret-password')
nsc.loginWe can get a list of all the recent checks by searching by date. To add these as checks to a template, though, they need to be converted to the vulnerability IDs used by Scan Templates.
recent_vulns = nsc.find_vulns_by_date('2013-09-01', '2013-09-30')
vuln_ids = []
recent_vulns.each do |v|
vuln_ids += nsc.find_vuln_check(v.title).map { |c| c.check_id }
endHere we create a new scan template, adding in the checks we've just gathered. Call uniq on the list of vulnerability check IDs because there could be duplicates.
template = ScanTemplate.load(nsc)
template.name = 'september 2013 vulns'
template.description = 'Vulnerability scan against vulnerability checks published in Nexpose in September 2013.'
vuln_ids.uniq.each do |vuln|
template.enable_vuln_check(vuln)
end
template.web_spidering = false
template.policy_scanning = false
template.save(nsc)Now we can run a scan using this newly created template. One bit of warning: changing scan templates on a site will change the vulnerability profile of the assets scanned. This can make it look like vulnerabilities have disappeared, when really they just haven't been scanned.
site = Site.load(nsc, 142)
site.scan_template_id = template.id
site.save(nsc)
site.scan(nsc)Project Home 🔹 Release Notes 🔹 Wiki 🔹 Issues 🔹 Pull Requests