This repository was archived by the owner on May 3, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 363
Automating Serpico
BuffaloWill edited this page Feb 15, 2016
·
4 revisions
There are two main ways to automate Serpico functionality, the API or through scripting. The API is meant to be used remotely, scripting locally.
Example scripts are contained in the '/scripts' directory of Serpico. Any Serpico functionality can be done with scripting. Obviously be careful as you are modifying the live database.
The following is a simple example to print out all reports and findings from the database:
# An example script to print out the names of all reports and their findings.
# => Must be run from the Serpico root directory
require './model/master.rb'
require 'json'
# Grab all reports from the database
reports = Reports.all()
# Iterate each report
reports.each do |report|
# Grab all of the findings from the reports
findings = Findings.all(:report_id => report.id)
# Print the results
puts "Report Name: #{report.report_name}"
findings.each do |finding|
puts "---- #{finding.title}"
end
end
To run this script you must be in the Serpico root directory:
~/Serpico> ruby scripts/list_reports.rb
For now the API is read only offering access to reports and findings only. In the future this maybe expanded. The following is a simple example to print out all reports and findings using the API:
# This script outputs a list of report names and findings for each report
# unirest is much less painful than ruby http
require 'unirest'
# Set your info here
creds = { :username => "administrator", :password => "[PASSWORD]" }
host = "127.0.0.1:8443"
# authenticate to API
response = Unirest.post "https://#{host}/v1/session",
headers:{ "Accept" => "application/json" },
parameters:creds
if response.body == ""
puts "|-| Unknown API Authentication error, please verify credentials"
end
# Set the api key
api_key = response.body
# Get the report list via the API
reports = Unirest.post "https://127.0.0.1:8443/v1/reports",
headers:{ "Accept" => "application/json" },
parameters:{ :session => api_key}
puts ""
# Iterate the reports list
reports.body.each do |report|
# Obtain the findings for that report id
findings = Unirest.post "https://127.0.0.1:8443/v1/findings",
headers:{ "Accept" => "application/json" },
parameters:{ :session => api_key, :report_id => report["id"]}
### Handle the data here, in this case we print the report name and the findings
puts "Report Name:#{report["report_name"]}"
findings.body.each do |find|
puts "--- #{find['title']}"
end
puts ""
end
This script can be run from anywhere:
~/> ruby scripts/list_reports_api.rb