Category Archives: API

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

Hello everyone! Great news for my open source Scanvus project! You can now perform vulnerability checks on Linux hosts and docker images not only using the Vulners.com API, but also with the Vulns.io VM API. It’s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. I just had to do the final test. Many thanks to them for this!

Alternative video link (for Russia): https://vk.com/video-149273431_456239113

How can the support of these two APIs in Scanvus be useful?

  1. Now there is no binding to one vendor. Choose which service and price you prefer.
  2. The set of supported operating systems varies between Vulners.com and Vulns.io. If a particular Linux distribution is not supported by one vendor, it may be supported by another vendor.
  3. Vulners and Vulns.io implemented vulnerability checks independently of each other. If the results differ when scanning the same host/image, then implementation errors will be clearly visible.
  4. Scanvus is released under the MIT license, so you can use it as an example of working with the Vulners.com and Vulns.io APIs and use this code in your projects.
Continue reading

Vulners Linux Audit API: Security Bulletin Publication Dates in Results

Hello everyone! In this short episode, I want to talk about the new feature in Vulners Linux API.

Alternative video link (for Russia): https://vk.com/video-149273431_456239092

Linux security bulletin publication dates are now included in scan results. Why is it useful?

Continue reading

How to list, create, update and delete Grafana dashboards via API

I have been a Splunk guy for quite some time, 4 years or so. I have made several blog posts describing how to work with Splunk in automated manner (see in appendix). But after their decision to stop their business in Russia last year, including customer support and selling software and services, it was just a matter of time for me to start working with other dashboarding tools.

How to list, create, update and delete Grafana dashboards via API

For me, Grafana has become such a tool. In this post I want to describe the basic API operations with Grafana dashboards, which are necessary if you need to create and update dozens and hundreds of dashboards. Doing all this in the GUI will be painful. Grafana has a pretty logical and well-documented API. The only tricky moments I had were getting a list of all dashboard and editing an existing dashboard.

Continue reading

Detectify Asset Inventory and Monitoring

Continuing the topic about perimeter services. As I mentioned earlier, I don’t think that the external perimeter services should be considered as a fully functional replacement for custom Vulnerability Management processes. I would rather see their results as an additional feed showing the problems your current VM process has. Recently I tested the Detectify’s Asset Inventory (Monitoring) solution, which provides such feed by automatically detecting the issues with your second, third (and more) leveled domains and related web services.

Detectify Asset Inventory screenshot from the official blog

Let say your organization has several second level web domains, over9000 third (and more) level domains, and you even don’t know for what services they are used. This is a normal situation for a large organization. So, you simply add yourorganization.com to Detectify, activate Asset Monitoring, and Detectify automatically discovers third (and more) level domains and related technologies: web services, CMS, JavaScript frameworks and libraries. “It provides thousands of fingerprints and hundreds of tests for stateless vulnerabilities such as code repository exposure for SVN or Git.” This is called fingerprinting.

Continue reading

How to get the Organization Units (OU) and Hosts from Microsoft Active Directory using Python ldap3

I recently figured out how to work with Microsoft Active Directory using Python 3. I wanted to get a hierarchy of Organizational Units (OUs) and all the network hosts associated with these OUs to search for possible anomalies. If you are not familiar with AD, here is a good thread about the difference between AD Group and OU.

It seems much easier to solve such tasks using PowerShell. But it will probably require a Windows server. So I leave this for the worst scenario. 🙂 There is also a PowerShell Core, which should support Linux, but I haven’t tried it yet. If you want to use Python, there is a choice from the native python ldap3 module and Python-ldap, which is a wrapper for the OpenLDAP client. I didn’t find any interesting high-level functions in Python-ldap and finally decided to use ldap3.

Continue reading

Kaspersky Security Center 11 API: getting information about hosts and installed products

I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products. And it has some pretty interesting features besides the antivirus/antimalware, for example, vulnerability and patch management. So, the possible integrations with other security systems might be quite useful.

Kaspersky SC 11 openAPI

A fully functional API was firstly presented in this latest version of KSC. It’s is documented pretty well, but in some strange way. In fact, the documentation is one huge .chm file that lists the classes, methods of these classes and data structures with brief descriptions. It’s not a cookbook that gives a solution for the problem. In fact, you will need to guess which methods of which classes should be used to solve your particular task.

For the first task, I decided to export the versions of Kaspersky products installed on the hosts. It is useful to control the endpoint protection process: whether all the necessary agents and products were installed on the hosts or not (and why not).

Continue reading

How to make Email Bot service in Python

First of all, why you may want to use such service? Despite the fact that currently there are so many different channels of communication (including various messaging apps), Email is still a default and universal way to do it.

  • Literally every enterprise service supports email notifications, even if it’s integration capabilities are rather limited. So, with Email Bot you can automatically process such notifications.
  • Email is good, simple, reliable and familiar way to communicate with humans. Send an email – get response. Everyone can do it. So, email bot can make basic routine operations, like organizing the external meetings, pretty much like a human secretary.
  • It’s easier to code Email bot than any other interface, and the code can be reused for other communication channels, for example messaging apps.
How to make Email Bot service in Python

I get email messages from IMAP server in python3 using easyimap module.

Continue reading