InsightVM / Nexpose Executor¶

Category: Host and Application Scanners Script: insightvm.py Integration: REST API (InsightVM API v3) Faraday Plugin: NexposeFullPlugin Website: https://www.rapid7.com/products/insightvm/

Description¶

Connects to a Rapid7 InsightVM (Nexpose) instance via its REST API. Either launches a new scan on a site and waits for completion, or downloads an existing executive report. Generates an XML Export v2 report and parses it into Faraday.

Prerequisites¶

• Rapid7 InsightVM or Nexpose installed and accessible
• Valid credentials with scan and report permissions

Configuration¶

Environment Variables (Setup)¶

Execution Arguments¶

YAML Configuration Example¶

executors:
  insightvm_scan:
    repo_executor: insightvm.py
    max_size: 65536
    varenvs:
      INSIGHTVM_HOST: "https://insightvm.local:3780"
      INSIGHTVM_USR: "${INSIGHTVM_USER}"
      INSIGHTVM_PASSWD: "${INSIGHTVM_PASS}"
    params:
      SITE_ID:
        mandatory: false
        type: integer
        base: integer
      EXECUTIVE_REPORT_ID:
        mandatory: false
        type: string
        base: string

How It Works¶

Scan Mode (using SITE_ID)¶

1. Launches a new scan on the specified site via POST /api/3/sites/{id}/scans
2. Polls scan status via GET /api/3/scans/{id} until completion
3. Generates an XML Export v2 report for the scan results
4. Downloads and parses the report through NexposeFullPlugin

Report Mode (using EXECUTIVE_REPORT_ID)¶

1. Downloads the specified executive report via the InsightVM API
2. Parses the report through NexposeFullPlugin

Notes¶

• At least one of SITE_ID or EXECUTIVE_REPORT_ID must be provided
• When using SITE_ID, a new scan is initiated each time the executor runs
• Sites and their scan configurations must be pre-configured in the InsightVM console