Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/vs4vijay/scanmaster

A security tool designed to perform thorough scans on a target using OpenVAS, Zap, and Nexpose. It seamlessly consolidates and integrates the scan results, providing a comprehensive overview of the security vulnerabilities identified.
https://github.com/vs4vijay/scanmaster

application-security cli nexpose openvas openvas-cli openvas-reports owasp owasp-top owasp-zap security-audit security-scanner security-testing security-tools security-vulnerability web-application-security zap

Last synced: 2 days ago
JSON representation

A security tool designed to perform thorough scans on a target using OpenVAS, Zap, and Nexpose. It seamlessly consolidates and integrates the scan results, providing a comprehensive overview of the security vulnerabilities identified.

Awesome Lists containing this project

README 

        
# ScanMaster



A security tool designed to perform thorough scans on a target using OpenVAS, Zap, and Nexpose. It seamlessly consolidates and integrates the scan results, providing a comprehensive overview of the security vulnerabilities identified.



---



## Usage



### Start a scan against a Target



`./main.py --scan-name  --target `



### Get scan result



`./main.py --scan-name `



### Pause/Resume a scan result



- `./main.py --scan-name  --pause`

- `./main.py --scan-name  --resume`



---



## Screenshots



Scanner Options:



![Scanner Options](/screenshots/screenshot_0.png)



Scanner Report:



![Scanner Report](/screenshots/screenshot_1.png)



Final Output:



![Final Output](/screenshots/screenshot_2.png)



---



## Prerequisites



- Python 3

- Zap

- Nexpose

- OpenVAS



---



## Installation



`pip3 install -r requirements.txt`



OR



Run in Virtual Env:



```console

python3 -m venv .venv



source .venv/bin/activate



pip3 install -r requirements.txt

```



---



## Configuration



The configuration of scanners will be in Environment File `.env`. There is sample `.env.example` file in the codebase, update the values with the proper API Keys and Credentials details before using. Rename it to `.env`.



---



## Targets to Test

- http://scanme.nmap.org

- http://webscantest.com



---



## ToDo

- [ ] Dockerize

- [ ] Add Nessus

- [ ] Error Stack

- [ ] auto reload

- [ ] Remove logs

- [ ] Save to CSV

- [ ] Make it interactive

- [ ] OOPs

- [ ] Improve Scan Results and Output

- [ ] Color logging



---



### Scanner Interface:



- start

- scan

- get_scan_status

- get_scan_results

- is_valid_scan

- list_scans

- pause

- resume

- stop



### Development Notes



```python3



        pprint(core.htmlreport())



        # address = rapid7vmconsole.Address(ip=target)

        # asset = rapid7vmconsole.Asset(addresses=[address])



        scan_targets = rapid7vmconsole.IncludedScanTargets(addresses=[target])



        asset = rapid7vmconsole.StaticSite(included_targets=scan_targets)



        scan_scope = rapid7vmconsole.ScanScope(assets=asset)



        site_create_resource = rapid7vmconsole.SiteCreateResource(name=scan_name, scan=scan_scope)



        site = self.nexpose_site.create_site(site=site_create_resource)



        print('Site Created', site)



        adhoc_scan = rapid7vmconsole.AdhocScan(hosts=[target])

        print('adhoc_scan', adhoc_scan)



        site_id = site.id



        scan = self.nexpose.start_scan(site_id, scan=adhoc_scan)

        print('start scan response id', scan.id)

        # scan['vulnerabilities']

        pprint(scan)



if shutdownOnceFinished:

    # Shutdown ZAP once finished

    pprint('Shutdown ZAP -> ' + core.shutdown())



report_config_scope = rapid7vmconsole.ReportConfigScopeResource(scan=nexpose_id)



report_config_categories = rapid7vmconsole.ReportConfigCategoryFilters(included=[])



report_config_filters = rapid7vmconsole.ReportConfigFiltersResource(categories=report_config_categories)



report_config = rapid7vmconsole.Report(name=f'{scan_name}-Report', template='audit-report', format='csv-export', scope=report_config_scope)



        report_config = rapid7vmconsole.Report(name=f'{scan_name}-Report', format='sql-query', query='select * from dim_asset', version='2.3.0')



report_config = rapid7vmconsole.Report(name=f'{scan_name}-SampleXML-Report', format='nexpose-simple-xml', scope=report_config_scope)

report = nexpose_report.create_report(report=report_config)

report_instance = nexpose_report.generate_report(report.id)

nexpose_report.download_report(report.id, report_instance.id)



report_config = rapid7vmconsole.Report(name=f'{scan_name}-sml2-Report', format='xml-export-v2', scope=report_config_scope)

report = nexpose_report.create_report(report=report_config)

report_instance = nexpose_report.generate_report(report.id)

dd = nexpose_report.download_report(report.id, report_instance.id)



report_config = rapid7vmconsole.Report(name=f'{scan_name}-html-Report', format='html', template='audit-report', scope=report_config_scope)

report = nexpose_report.create_report(report=report_config)

report_instance = nexpose_report.generate_report(report.id)

dd = nexpose_report.download_report(report.id, report_instance.id)



report_config.id = 42

report_config.timezone = 'Asia/Calcutta'



report_config.language = 'en-US'

report_config.owner = 1

report_config.organization = 'Organization'



# report_config.component = 'Component'

# report_config.email = rapid7vmconsole.ReportEmail(additional_recipients=['[email protected]'])



# print('self.zap.spider.results', self.zap.spider.results(scan_id))



# Retrieve all tasks

tasks = gmp.get_tasks()



# Get names of tasks

task_names = tasks.xpath('task/name/text()')

pretty_print(task_names)

```