Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
bin
config
lib
README.md

README.md

InsightAppSec Reporting

Getting Started

The goal of InsightAppSec Reporting is to generate reports based on scan data retrieved from InsightAppSec, driven by a set of user-defined configurations.

Configuration

To determine which InsightAppSec application scans will be utilized in building these reports, there must be at least one configuration defined in the config/settings.yml file. The report_config section houses this list of configurations, each comprised of an app name and scan config name. The logic in the accompanying script will then process and generate reports for the latest scan in each of these configurations.

report_config:
  - app: App Name 1
    scan_config: Scan Config 1
  - app: App Name 2
    scan_config: Scan Config 2

Connection settings must also be defined to connect to InsightAppSec and retrieve the required data. Under connection in config/settings.yml, there are fields for both region and api_key to facilitate this connection.

connection:
  region: us
  api_key: 

Rapid7 recommends the encryption and secure storage of sensitive values such as the API key to adhere to best security practices. If an API key is not entered in settings.yml, then the script will prompt the user to enter one upon executing it.

There is also a report formatting option known as pretty_print.

report_format:
  pretty_print: true

If set to true, the reports generated will be printed in a readable manner with appropriate newlines and indentations for each line of data. If set to false, they will instead be printed as a single blob of JSON, allowing for easy parsing for external sources as needed.

Usage

Running the Script

The main script can be executed by navigating to the project's bin directory and entering the CLI command python main.py. This will launch the script with the current configuration and begin retrieving the data necessary for generating reports.

Output

There are currently three types of reports generated by default: modules, severities, and vulnerabilities. The modules report will contain counts of the different types of vulnerability modules found in the application scan.

{
    "Cookie attributes": 3,
    "SQL Information Leakage": 2,
    "SQL Injection": 7,
    "SQL Parameter Check": 1
}

The severities report will be of similar format and contain counts for the severity of each vulnerability returned in the application scan.

{
    "HIGH": 7,
    "MEDIUM": 1,
    "LOW": 5
}

Finally, there is a vulnerability report that contains the complete vulnerability findings from a scan. This includes details such as the vulnerability severity and status, as well as details on the attack exchange itself.

    {
        "app": {
            "id": "00000000-0000-0000-0000-000000000000"
        },
        "id": "00000000-0000-0000-0000-000000000001",
        "links": [
            {
                "href": "https://us.api.insight.rapid7.com:443/ias/v1/search/00000000-0000-0000-0000-000000000001",
                "rel": "self"
            }
        ],
        "root_cause": {
            "method": "GET",
            "parameter": "Set-Cookie: NB_SRVID",
            "url": "http://website.com/page/"
        },
        "severity": "LOW",
        "status": "UNREVIEWED",
        "variances": [
            {
                "attack": {
                    "id": "HttpOnly Cookie"
                },
                "module": {
                    "id": "00000000-0000-0000-0000-000000000002"
                },
                "original_exchange": {
                    "request": "GET /datastore/ HTTP/1.1\r\nAccept: text/html,application/xhtml+xml,application/xml;q=
                    0.9,*/*;q=0.8\r\nAccept-Encoding: gzip, deflate\r\nAccept-Language: en-US\r\nUser-Agent: Mozilla/5.0
                    (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19\r\n
                    Host: website.com\r\n\r\n",
                    "response": "HTTP/1.1 200 OK\r\nCache-Control: no-store, no-cache, must-revalidate, post-check=0, 
                    pre-check=0\r\nConnection: close\r\nDate: Wed, 23 Oct 2019 18:15:39 GMT\r\nPragma: no-cache\r\n
                    Content-Length: 899\r\nContent-Type: text/html\r\nContent-Encoding: gzip\r\nExpires: Thu, 19 Nov 
                    1981 08:52:00 GMT\r\nServer: Apache/2.4.7 (Ubuntu)\r\nSet-Cookie: 
                    TEST_SESSIONID=r1i9i0l5feaaffcobqb88i57f1; path=/\r\nSet-Cookie: NB_SRVID=srv140700; path=/\r\nVary: 
                    Accept-Encoding\r\nX-Powered-By: PHP/5.5.9-1ubuntu4.29"
                },
                "original_value": "Set-Cookie: NB_SRVID=srv140700; path=/"
            }
        ]
    }

Each of these reports is generated with a unique name based on the application, scan config, and scan date/time, and stored in the project's reports directory.

There are also log messages written to a log file in the log directory. This contains information about the InsightAppSec data that's used in creating these reports, as well as any errors that may have occurred in the course of the script's execution.

2019-11-05 17:48:12.405613 - INFO - Application name: App Name 1
2019-11-05 17:48:24.732567 - INFO - Application ID: 00000000-0000-0000-0000-000000000000
2019-11-05 17:49:56.326718 - INFO - Scan config name: Scan Config 1
2019-11-05 17:49:58.895227 - INFO - Scan config ID: 00000000-0000-0000-0000-000000000001
2019-11-05 17:50:35.567345 - INFO - Latest scan ID: 00000000-0000-0000-0000-000000000002
2019-11-05 17:51:42.208254 - INFO - Vulnerability count: 157
You can’t perform that action at this time.