Knowledge Base

Ask A Question

Questions

1

Python API Memory Error

I am trying to download a large report using the Nexpose Python API. However I get a memory error when running the script. Any Help would be great! Traceback (most recent call last): File "C:\Users\jstegman\AppData\Local\Programs\Python\Python36-32\ExtractDataFromNexpose.py", line 61, in <module> generate_report() File "C:\Users\jstegman\AppData\Local\Programs\Python\Python36-32\ExtractDataFromNexpose.py", line 42, in generate_report download_report(report_client, report_id, report_instance_id) File "C:\Users\jstegman\AppData\Local\Programs\Python\Python36-32\ExtractDataFromNexpose.py", line 55, in download_report client.download_report(report_id, instance_id) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api\report_api.py", line 357, in download_report (data) = self.download_report_with_http_info(id, instance, **kwargs) # noqa: E501 File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api\report_api.py", line 442, in download_report_with_http_info collection_formats=collection_formats) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api_client.py", line 322, in call_api _preload_content, _request_timeout) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api_client.py", line 153, in __call_api _request_timeout=_request_timeout) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\api_client.py", line 343, in request headers=headers) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\rest.py", line 238, in GET query_params=query_params) File "C:\Users\jstegman\AppData\Roaming\Python\Python36\site-packages\rapid7_vm_console-0.0.1_6.5.19-py3.6.egg\rapid7vmconsole\rest.py", line 222, in request r.data = r.data.decode('utf8') MemoryError

Posted by Jonah Stegman 10 months ago

5

Recog signature best practice?

I'm working on signatures for pulling information from open redis services and testing the signatures via recog. https://github.com/rapid7/recog/ An open redis service provides a large volume of information for system architecture, os versions, cpu utilization, etc. I'm triggering an INFO command via ``` echo -e '*1\r\n$4\r\nINFO\r\n' | nc 127.0.0.1 6379 | ruby ./bin/recog_match ./xml/redis_info.xml - ``` with the redis_info.xml being the new signature file. My best practice question starts to come in when I look at signatures like operating_system.xml and architecture.xml. both of which have all of the necessary regex to pull information out of the redis service but are specified as database_type="util.os" where redis classifies as a service. ``` Current values are: - service: These fingerprints are intended to match banners or other responses from services. Fingerprint matches in 'service' database do not necessarily have to return 'service.' attributes in the match data. - util.os: These fingerprints are intended to be used to identify or extract OS related information from strings that are not responses to service probes. This may be used in a utility capacity and may provide for data enrichment via an independent call after a service banner match has already be made. ``` Is it generally better practice to duplicate fingerprint entries when they can be re-used or can generic regex like operating system string queries be shared as an external entity referenced in multiple signatures? If the external reference is even viable is it safe to assume that the util.os fingerprints would need to be replicated for service parsing? Or should I expect the util.os fingerprint to be applied without any additional modifications?

Posted by BrianWGray 11 months ago