Skip to content

QualysGuard Executor

Category: Web Application Scanners Script: qualys.py Integration: REST API Faraday Plugin: QualysguardPlugin Website: https://www.qualys.com/

Description

Authenticates with the QualysGuard API, registers the target IP if it does not already exist, launches a vulnerability scan using a specified option profile, waits for completion, downloads the scan report, and parses it into Faraday.

Prerequisites

  • QualysGuard account with scan permissions
  • A pre-configured scan option profile in QualysGuard

Configuration

Environment Variables (Setup)

Variable Required Description
QUALYS_USERNAME Yes QualysGuard username
QUALYS_PASSWORD Yes QualysGuard password

Execution Arguments

Parameter Type Mandatory Description
TARGET_IP string Yes Target IP address to scan
OPTION_PROFILE string Yes Scan option profile name or numeric ID
PULL_INTERVAL integer No Polling interval in seconds (default: 180)

YAML Configuration Example

executors:
  qualys_scan:
    repo_executor: qualys.py
    max_size: 65536
    varenvs:
      QUALYS_USERNAME: "${QUALYS_USER}"
      QUALYS_PASSWORD: "${QUALYS_PASS}"
    params:
      TARGET_IP:
        mandatory: true
        type: string
        base: string
      OPTION_PROFILE:
        mandatory: true
        type: string
        base: string
      PULL_INTERVAL:
        mandatory: false
        type: integer
        base: integer

How It Works

  1. Authenticates with the QualysGuard API at https://qualysguard.qg4.apps.qualys.com
  2. Checks if the target IP exists in the asset inventory; adds it if not
  3. Launches a vulnerability scan using the specified option profile
  4. Polls scan status at the configured interval until completion
  5. Downloads the scan report
  6. Parses the report through QualysguardPlugin and outputs Faraday JSON

Creating a Scan Option Profile

  1. In QualysGuard VMDR, navigate to Scans > Option Profiles
  2. Click New > Option Profile
  3. Configure the scan settings (ports, authentication, performance)
  4. Note the profile name or numeric ID for use with this executor

Notes

  • The API base URL is hardcoded to https://qualysguard.qg4.apps.qualys.com; if your Qualys platform uses a different URL (e.g., qg2, qg3), the executor source must be modified
  • The PULL_INTERVAL default of 180 seconds (3 minutes) is conservative; reduce for faster feedback on shorter scans
  • The executor targets a single IP per execution; for multiple targets, run multiple executor instances