Tuesday, January 19, 2016

Qualys Scantronitor 2.0 - A Window into Scan Activity

If you use the Qualys tool for vulnerability scanning your environment, you may be familiar with the great tool created by Don Franke, Josh Stevens, and Pete Babcock that gives you what is tagged as a "A Window into Scan Activity". As the Qualys community post stated, "Scantronitor is a self-service utility that provides non-Qualys® users with views into historical, ongoing and planned vulnerability assessments. Scantronitor improves relationships between the security team and other business units by allowing the business units to understand when Qualys scans are performed without having to ask the security team, giving the business units better visibility into the impact of scans on their systems." They even created a nice presentation to give you the look and feel of the original tool.

Imagine the scenario where your server teams or application teams want to know when you last scanned their device, possibly to troubleshoot a system issue or outage they had. Or to look at what scans are currently running now to see if it's related to an Incident they are working on. Or they want to know when the next scan is scheduled so they can plan their maintenance window. With Scantronitor you can give them that quick and simple visibility.

Scantronitor was written in PHP under the MIT License, source code posted out stevensj's github account, and hooks into the Qualys API v1.0.

I recently updated the original tool from Qualys API v1.0 to the newer Qualys API v2.0. I posted the Qualys API v2.0 updated source code over at @neonprimetime github. It's nothing special, no major changes, I mostly just ripped out the API v1.0 calls and replaced them with API v2.0 calls. There are some additional security considerations, just like in the original, that you'll want to consider before utilizing it, like how to authenticate users, how to store the API and possibly your proxy credentials, etc. You can also read more about Qualys API v2.0 from their site here.

Hope you found this useful and once again a shout out to Don Franke, Josh Stevens, and Pete Babcock for the original content!

Download Scantronitor v2.0 source from @neonprimetime github.

Below are some screenshots from the updated version of scantronitor.

Scantronitor homepage header with Past, Present, and future menu options.

Past screen that allows users to enter IP address or hostname and see when it was last scanned.

Present screen which will show any currently running scans.

Future screen which will show any future scheduled scans.

More about neonprimetime

Top Blogs of all-time
  1. pagerank botnet sql injection walk-thru
  2. DOM XSS 101 Walk-Through
  3. php injection ali.txt walk-thru

Top Github Contributions
  1. Qualys Scantronitor 2.0

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

No comments:

Post a Comment