This application demonstrates IoTVAS device discovery and security assessment API integration with the Rapid7 InsightVM.

Related tags

Miscellaneousiot-securityvulnerability-assessmentiot-security-testingdevice-discoveryrapid7insightvm
Overview

Introduction

This repository hosts a sample application that demonstrates integrating Firmalyzer's IoTVAS API with the Rapid7 InsightVM platform. This integration enables InsightVM users to:

  • accurately identify IoT/connected devices and their vulnerabilities in the firmware code level

  • track and manage discontinued, outdated and vulnerable devices from within InsightVM platform

Installation

Clone the repository content to a local folder and issue the following commands:

python3 -mvenv env
source env/bin/activate
pip install -r requirements.txt

Note: This application is based on the InsightVM API client (located at rapid7vmconsole folder) generated from API specification of InsightVM console version 6.6.101. If you have a different version installed and you receive InsightVM API errors, please replace rapid7vmconsole folder with the python API client generated using your server API specification accessible via https://insightvm:3780/api/3/html/json

Configuration

The following parameters should be set in the config.py file before using the application:

  1. Url to your InsightVM console (vmconsole_url)

  2. Username and password of the InsightVM account with "Mange Tags" and "View Site Asset Data" permissions. This account will be used to connect to your InsightVM server (vmconsole_user and vmconsole_password)

  3. Path to the PEM file that contains TLS certificate of your InsightVM console (vmconsole_ssl_ca_cert). This is used by the InsightVM API client to verify certificate of your InsightVM server. This parameter is required if you want to keep vmconsole_verfiyssl = True

  4. Your IoTVAS Enterprise plan API key (iotvas_apikey). Trial keys can be obtained from here.

Usage

This application accepts a target list file and optional excluded addresses file. Both files can contain hostname, individual IP addresses or IP address ranges in CIDR notation. Example targets.txt and excludes.txt files are included in this repository.

(env) python iotvas-rapid7.py -t targets.txt
IoTVAS augments an InsightVM IoT asset

The following video demonstrates usage of this application:

IoTVAS & InsightVM Integration Demo

Owner
Firmalyzer BV
Firmalyzer
Firmalyzer BV
GitHub Repository https://firmalyzer.com/iotvas-api/
Multi-Probe Attention for Semantic Indexing

Multi-Probe Attention for Semantic Indexing About This project is developed for the topic of COVID-19 semantic indexing. Directories & files A. The di

Jinghang Gu 1 Dec 18, 2022
If Google News had a Python library

pygooglenews If Google News had a Python library Created by Artem from newscatcherapi.com but you do not need anything from us or from anyone else to

Artem Bugara 1.1k Jan 08, 2023
This is an online course where you can learn and master the skill of low-level performance analysis and tuning.

Performance Ninja Class This is an online course where you can learn to find and fix low-level performance issues, for example CPU cache misses and br

Denis Bakhvalov 1.2k Dec 30, 2022
Скрипт позволяет выгрузить участников чатов/каналов(по чату для комментариев) и сообщения в различные форматы файлов.

TG-Parser Парсер участников и сообщений из ТГ-Чатов и чатов для комментариев в ТГ-Каналах Возможности Выгрузка участников групп/каналов(по чату для ко

50 Jan 06, 2023
Tomador de ramos UC automatico para Windows, Linux y macOS

auto-ramos v2.0 Tomador de ramos UC automatico para Windows, Linux y macOS Funcion Este script de Python tiene como principal objetivo hacer que la to

Open Source eUC 13 Jun 29, 2022
The fundamentals of Python!

The fundamentals of Python Author: Mohamed NIANG, Staff ML Scientist Presentation This repository contains notebooks on the fundamentals of Python. Th

Mohamed NIANG 1 Mar 15, 2022
The fetch of the delegator list and the input of the epoch nonce need to be done independently

raffle The fetch of the delegator list and the input of the epoch nonce need to be done independently. Get the list of delegators at the epoch change.

1 Dec 15, 2021
Headless chatbot that detects spam and posts links to it to chatrooms for quick deletion.

SmokeDetector Headless chatbot that detects spam and posts it to chatrooms. Uses ChatExchange, takes questions from the Stack Exchange realtime tab, a

Charcoal 421 Dec 21, 2022
PyPIContents is an application that generates a Module Index from the Python Package Index (PyPI) and also from various versions of the Python Standard Library.

PyPIContents is an application that generates a Module Index from the Python Package Index (PyPI) and also from various versions of the Python Standar

Collage Labs 10 Nov 19, 2022
This is a far more in-depth and advanced version of "Write user interface to a file API Sample"

Fusion360-Write-UserInterface This is a far more in-depth and advanced version of "Write user interface to a file API Sample" from https://help.autode

4 Mar 18, 2022
Python implementation of the Learning Time-Series Shapelets method, that learns a shapelet-based time-series classifier with gradient descent.

shaplets Python implementation of the Learning Time-Series Shapelets method by Josif Grabocka et al., that learns a shapelet-based time-series classif

Mohamed Haseeb 187 Dec 14, 2022
Python template for Advent of Code event

Advent of Code Python Starter A tamplate for Advent of Code write in Python. Usage The project use poetry for project manager. Clone this repository a

Leonardo Gago 6 Dec 31, 2022
Fast Base64 encoding/decoding in Python

Fast Base64 implementation This project is a wrapper on libbase64. It aims to provide a fast base64 implementation for base64 encoding/decoding. Insta

Matthieu Darbois 96 Dec 26, 2022
ToDo - A simple bot to keep track of things you need to do

ToDo A simple bot to keep track of things you need to do. Installation You will

3 Sep 18, 2022
A tool to build reproducible wheels for you Python project or for all of your dependencies

asaman: Amra Saman (আমরা সমান) This is a tool to build reproducible wheels for your Python project or for all of your dependencies. What this means is

Kushal Das 14 Aug 05, 2022
Python flexible slugify function

Python flexible slugify function

Dmitry Voronin 471 Dec 20, 2022
Find functions without canary check (or similar)

Ghidra Check Protector Which non-trivial functions don't reference the stack canary checker (or other, user-defined function)? Place your cursor to th

buherator 3 Jan 17, 2022
Improving Representations via Similarities

embetter warning I like to build in public, but please don't expect anything yet. This is alpha stuff! notes Improving Representations via Similaritie

vincent d warmerdam 229 Jan 08, 2023
A python script that will automate the boring task of login to the captive portal again and again

A python script that will automate the boring task of login to the captive portal again and again

Rakib Hasan 2 Feb 09, 2022
Hydralit package is a wrapping and template project to combine multiple independant Streamlit applications into a multi-page application.

Hydralit The Hydralit package is a wrapping and template project to combine multiple independant (or somewhat dependant) Streamlit applications into a

Jackson Storm 108 Jan 08, 2023