This application demonstrates IoTVAS device discovery and security assessment API integration with the Rapid7 InsightVM.

Related tags

Miscellaneousiot-securityvulnerability-assessmentiot-security-testingdevice-discoveryrapid7insightvm
Overview

Introduction

This repository hosts a sample application that demonstrates integrating Firmalyzer's IoTVAS API with the Rapid7 InsightVM platform. This integration enables InsightVM users to:

  • accurately identify IoT/connected devices and their vulnerabilities in the firmware code level

  • track and manage discontinued, outdated and vulnerable devices from within InsightVM platform

Installation

Clone the repository content to a local folder and issue the following commands:

python3 -mvenv env
source env/bin/activate
pip install -r requirements.txt

Note: This application is based on the InsightVM API client (located at rapid7vmconsole folder) generated from API specification of InsightVM console version 6.6.101. If you have a different version installed and you receive InsightVM API errors, please replace rapid7vmconsole folder with the python API client generated using your server API specification accessible via https://insightvm:3780/api/3/html/json

Configuration

The following parameters should be set in the config.py file before using the application:

  1. Url to your InsightVM console (vmconsole_url)

  2. Username and password of the InsightVM account with "Mange Tags" and "View Site Asset Data" permissions. This account will be used to connect to your InsightVM server (vmconsole_user and vmconsole_password)

  3. Path to the PEM file that contains TLS certificate of your InsightVM console (vmconsole_ssl_ca_cert). This is used by the InsightVM API client to verify certificate of your InsightVM server. This parameter is required if you want to keep vmconsole_verfiyssl = True

  4. Your IoTVAS Enterprise plan API key (iotvas_apikey). Trial keys can be obtained from here.

Usage

This application accepts a target list file and optional excluded addresses file. Both files can contain hostname, individual IP addresses or IP address ranges in CIDR notation. Example targets.txt and excludes.txt files are included in this repository.

(env) python iotvas-rapid7.py -t targets.txt
IoTVAS augments an InsightVM IoT asset

The following video demonstrates usage of this application:

IoTVAS & InsightVM Integration Demo

Owner
Firmalyzer BV
Firmalyzer
Firmalyzer BV
GitHub Repository https://firmalyzer.com/iotvas-api/
Sigma coding youtube - This is a collection of all the code that can be found on my YouTube channel Sigma Coding.

Sigma Coding Tutorials & Resources YouTube • Facebook Support Sigma Coding Patreon • GitHub Sponsor • Shop Amazon Table of Contents Overview Topics Re

Alex Reed 927 Jan 08, 2023
Make discord server By Coding!

Discord Server Maker Make discord server by Coding! FAQ How can i get role permissons? Open discord with chrome developer tool, go to network and clic

1 Jul 17, 2022
Repo contains Python Code Reference to learn Python in a week, It also contains Machine Learning Algorithms and some examples for Practice, Also contains MySql, Tableau etc

DataScience_ML_and_Python Repo contains Python Code Reference to learn Python in a week, It also contains Machine Learning Algorithms and some example

Meerabo D Shah 1 Jan 17, 2022
A python library what works with numbers.

pynum A python library what works with numbers. Prime Prime class have everithing you want about prime numbers. check_prime The check_prime method is

Mohammad Mahdi Paydar Puya 1 Jan 07, 2022
Opensource Desktop application for kenobi.

Kenobi-Server WIP Opensource desktop application for Kenobi. Download the apple watch app to get started. What is this repo? It's repo for the opensou

Aayush 9 Oct 08, 2022
IOP Support for Python (Experimental)

TAGS Experimental IOP Framework for Python WARNING: Currently, this project has NO EXCEPTION HANDLING. USE AT YOUR OWN RISK! I. Introduction to Interf

1 Oct 22, 2021
Make dbt docs and Apache Superset talk to one another

dbt-superset-lineage Make dbt docs and Apache Superset talk to one another Why do I need something like this? Odds are rather high that you use dbt to

Slido 81 Jan 06, 2023
A wide AOI generator tool.

Dark Generator A wide AOI generator tool. Information Installation To Install you have to have python 3.x and pip installed on your system. If you hav

Darkest Surface 12 Dec 26, 2022
Neogex is a human readable parser standard, being implemented in Python

Neogex (New Expressions) Parsing Standard Much like Regex, Neogex allows for string parsing and validation based on a set of requirements. Unlike Rege

Seamus Donnellan 1 Dec 17, 2021
Tools for analyzing Java JVM gc log files

gc_log This package consists of two separate utilities useful for : gc_log_visualizer.py regionsize.py GC Log Visualizer This was updated to run under

Brad Schoening 0 Jan 04, 2022
Integration of CCURE access control system with automation HVAC of a commercial building

API-CCURE-Automation-Quantity-Floor Integration of CCURE access control system with automation HVAC of a commercial building CCURE is an access contro

Alexandre Edson Silva Pereira 1 Nov 24, 2021
Automatically give thanks to Pypi packages you use in your project!

Automatically give thanks to Pypi packages you use in your project!

Ward 25 Dec 20, 2021
The git for the Python Story Utility Package library.

PSUP, The Python Story Utility Package Module. PSUP helps making stories or games with options, diverging paths, different endings and so on. You can

Enoki 6 Nov 27, 2022
Google Scholar App Using Python

Google Scholar App Watch the tutorial video How to build a Google Scholar App | Streamlit #30 Demo Launch the web app: Reproducing this web app To rec

Chanin Nantasenamat 4 Jun 05, 2022
Its a simple and fun to use application. You can make your own quizes and send the lik of the quiz to your friends.

Quiz Application Its a simple and fun to use application. You can make your own quizes and send the lik of the quiz to your friends. When they would a

Atharva Parkhe 1 Feb 23, 2022
A python script to make leaderboards using a CSV with the runners name, IDs and Flag Emojis

SrcLbMaker A python script to make speedrun.com global leaderboards. Installation You need python 3.6 or higher. First, go to the folder where you wan

2 Jul 25, 2022
Pipenv-local-deps-repro - Reproduction of a local transitive dependency on pipenv

Reproduction of the pipenv bug with transitive local dependencies. Clone this re

Lucas Duailibe 2 Jan 11, 2022
To effectively detect the faulty wafers

wafer_fault_detection Aim of the project: In electronics, a wafer (also called a slice or substrate) is a thin slice of semiconductor, such as crystal

Arun Singh Babal 1 Nov 06, 2021
Small Arrow Vortex clipboard processing library

Description Small Arrow Vortex clipboard processing library. Install You can install this library from PyPI with pip install av-clipboard-lib or compi

Delta Epsilon 1 Dec 18, 2021
gwcheck is a tool to check .gnu.warning.* sections in ELF object files and display their content.

gwcheck Description gwcheck is a tool to check .gnu.warning.* sections in ELF object files and display their content. For an introduction to .gnu.warn

Frederic Cambus 11 Oct 28, 2022