jfrantz1-r7

SELECT nexpose_id, title, proofAsText(description) AS description, date_published, cvss_vector, 
   severity_score, severity, pci_severity_score, pci_status, round(riskscore::numeric, 0) AS risk_score, 
   round(cvss_score::numeric, 2) AS cvss_score, exploits, malware_kits 
FROM dim_vulnerability 
WHERE now() - date_published < INTERVAL '2 weeks' 
ORDER BY title ASC

jfrantz1-r7

$limit = (Get-Date).AddDays(-7)
$path = "C:\inetpub\Logs\w3svc"

# Delete files older than the $limit.
Get-ChildItem -Path $path -Recurse -Force | Where-Object { !$_.PSIsContainer -and $_.CreationTime -lt $limit } | Remove-Item -Force

jfrantz1-r7

where(NOT /US/ AND source_ip=/\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}\b/ AND source_ip!=/unknown/i AND source_ip!=/0.0.0.0/) groupby(user)

jfrantz1-r7

import requests

# this url is to your console API endpoint
url = "https://<console IP>:3780/api/3/assets/search?size=500&page=0"

# quick and dirty, stores creds (you can use cyberark's api to pull down creds)
r = requests.post(url, auth=('nxadmin', 'nxpassword'), json={"filters": [{"field":"last-scan-date", "operator": "is-earlier-than","value": 90}], "match": "all"}, verify=False)

# requests library lets us natively have json for a response
assets = r.json()

jfrantz1-r7

import requests

# this url is to your console API endpoint
url = "https://<console IP>/api/3/assets/search?size=500&page=0"

# quick and dirty, stores creds (you can use cyberark's api to pull down creds)
r = requests.post(url, auth=('nxadmin', 'nxpassword'), json={"filters": [{"field": "operating-system", "operator": "is-empty"}, {"field": "host-name", "operator": "is-empty"}], "match": "all"}, verify=False)

assets = r.json()

jfrantz1-r7

echo off
color F0
cls
REM #!# This is version 2 and adds a deletion of the Sheriff license key from the registry
echo.
echo ##################################################################
echo # We are going to delete the existing Insight AppSec Scan Engine!
echo ##################################################################
set inst_dir=C:\Program Files\Rapid7\InsightAppSec\
echo.

jfrantz1-r7

#Uncomment the below lines if you aren't using a valid cert
#add-type @"
#    using System.Net;
#    using System.Security.Cryptography.X509Certificates;
#    public class TrustAllCertsPolicy : ICertificatePolicy {
#        public bool CheckValidationResult(
#            ServicePoint srvPoint, X509Certificate certificate,
#            WebRequest request, int certificateProblem) {
#            return true;
#        }

jfrantz1-r7

import requests
import json
import urllib3
import time
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

url = "https://<address here>/api/3/sites"
payload = {"description":"Ad-Hoc scanning site, will be deleted after an asset is scanned","engineId":"<id of engine>","name":"<scan name>","scan":{"assets":{"includedTargets":{"addresses":["<ip address>"]}}},"scanTemplateId":"<template-name>"}
headers = {
    'Content-Type': "application/json",

jfrantz1-r7

{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": [
      "cloudtrail:LookupEvents",
      "cloudtrail:DescribeTrails"
     ],
     "Resource": "*"
   },

jfrantz1-r7

add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }