-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathQualys-API.psm1
237 lines (198 loc) · 6.82 KB
/
Qualys-API.psm1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
$Global:Session
$Global:X_Requested_With = 'Qualys API, MyCorp.Local'
$Global:ApiRootRoute = 'https://qualysapi.qualys.com/api/2.0/fo'
<#
.Synopsis
Authenticate to the Qualys API and store the resulting session variable for later use.
Vasken Houdoverdov
.Description
Provide an X-Requested-With header with a call to this function, and also every subsequent function call within this module.
The session variable returned from a successful authentication will be stored for later use in subsequent function calls.
.Example
Login-Qualys
#>
function Login-Qualys
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='login';username='vh';password='password'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/session/"
}
<#
.Synopsis
End an existing Qualys API session.
Vasken Houdoverdov
.Description
This function should be the last function called in any sequence of function calls from this module.
This prevents the user account configured for Qualys API access from being locked out.
.Example
Logout-Qualys
#>
function Logout-Qualys
{
$PostParameters = @{action='logout'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/session/"
}
<#
.Synopsis
Extract the set of IP addresses configured under a given Qualys account for ETL purposes.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of IP addresses which Qualys is allowed to scan.
.Example
Extract-AccountIPAddresses
#>
function Extract-AccountIPAddresses
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='list'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/asset/ip/"
}
<#
.Synopsis
Extract the set of host assets configured within the given Qualys accounts.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of host assets defined.
.Example
Extract-HostAssets
#>
function Extract-HostAssets
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='list';echo_request=1;show_args=1;show_op=1}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/scan/"
}
<#
.Synopsis
Extract the set of historical vulnerability scans performed for a given Qualys account.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of historical vulnerability scans which have taken place.
.Example
Extract-Scans
#>
function Extract-Scans
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='list'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/asset/host/"
}
<#
.Synopsis
Extract the set of scheduled vulnerability scans configured for a given Qualys account.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of scheduled vulnerability scans.
.Example
Extract-ScheduledScans
#>
function Extract-ScheduledScans
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
Invoke-WebRequest -Method GET -SessionVariable $Session -Uri "$ApiRootRoute/schedule/scan/?action=list"
}
<#
.Synopsis
Extract the set of Unix authentnication records for a given Qualys account.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of configured Unix authentication records.
.Example
Extract-UnixAuthRecords
#>
function Extract-UnixAuthRecords
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='list'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/auth/unix/"
}
<#
.Synopsis
Extract the set of Windows authentnication records for a given Qualys account.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of configured Windows authentication records.
.Example
Extract-WindowsAuthRecords
#>
function Extract-WindowsAuthRecords
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='list'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/auth/windows/"
}
<#
.Synopsis
Extract the set of asset groups for a given Qualys account.
Vasken Houdoverdov
.Description
ETL function for use with the Qualys API. For the given Qualys account, pull a list of configured asset groups.
.Example
Extract-AssetGroups
#>
function Extract-AssetGroups
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='list'}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/asset/group/"
}
<#
.Synopsis
Launch a vulnerability scan.
Vasken Houdoverdov
.Description
Within a given Qualys account, launch a vulnerability scan.
.Example
Launch-VulnerabilityScan
#>
function Launch-VulnerabilityScan
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='launch';scan_title=$ScanTitle;ip=$TargetIP;option_title=$OptionTitle;iscanner_name=$ScannerName}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/scan/"
}
<#
.Synopsis
Cancel a vulnerability scan.
Vasken Houdoverdov
.Description
For a given Qualys vulnerability scan, cancel the scan.
.Example
Cancel-VulnerabilityScan
#>
function Cancel-VulnerabilityScan
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='cancel';scan_ref=$ScanReference}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/scan/"
}
<#
.Synopsis
Pause a vulnerability scan.
Vasken Houdoverdov
.Description
For a given Qualys vulnerability scan, pause the scan.
.Example
Pause-VulnerabilityScan
#>
function Pause-VulnerabilityScan
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='pause';scan_ref=$ScanReference}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/scan/"
}
<#
.Synopsis
Resume a vulnerability scan.
Vasken Houdoverdov
.Description
For a given Qualys vulnerability scan, resume the scan.
.Example
Resume-VulnerabilityScan
#>
function Resume-VulnerabilityScan
{
$Headers = @{"X-Requested-With"=$X_Requested_With}
$PostParameters = @{action='resume';scan_ref=$ScanReference}
Invoke-WebRequest -Method POST -Body $PostParameters -SessionVariable $Session -Uri "$ApiRootRoute/scan/"
}