search

opsdisk / scantron

A distributed nmap / masscan scanning framework complete with scan scheduling, engine pooling, subsequent scan port diff-ing, and an API client for automation workflows.
Apache License 2.0
157 stars 27 forks source link

/api/scheduled_scans - pull last 100 scans #2

Open jacekjaros opened 2 years ago

jacekjaros commented 2 years ago

Hi, I have script which utilize /api/scheduled_scans endpoint to expose scan stats to external system. This script was created some times ago. Now a day i had tones of scans in my system and each request are pulling few MB data. Is there some way to limit this to last 100 submitted scans?

I know that in current version retention feature was introduced however I want to keep this data as long as this is possible.

opsdisk commented 2 years ago

Hey @jacekjaros - apologies, did not get an email or alert for this one.

1) Are you using the provided Python API client?

https://github.com/opsdisk/scantron/tree/master/scantron_api_client

2) Is the user and token querying the API an administrator?

jacekjaros commented 2 years ago

hi @opsdisk

i'm using scantron console api directly. admin token is using to queering.

opsdisk commented 2 years ago

Thanks for that info @jacekjaros. Unfortunately right now, it pulls back all scan data because of this line:

https://github.com/opsdisk/scantron/blob/master/console/django_scantron/api/views.py#L245

If you're willing to add a few lines of code, this will work. Disclaimer, I have not done any thorough testing of this! It shouldn't hurt anything, but may not work because of the line above that returns all results for an admin GET request instead of respecting the filtering code below.

1) Edit these 2 files to enable filtering fields and pagination: https://github.com/opsdisk/scantron/pull/3/files

2) Restart uwsgi

systemctl restart uwsgi

3) If you want to play around with the filters in the GUI, browse to /api/swagger/ and click on the "GET /api/scheduled_scans" dropdown. If those filters are working, you should be good to continue. If not, then see my note above about "respecting the filtering code" - the rest of the changes below won't work.

image

4) I can't test this right now, but hopefully you get the gist.

Update the API client to be:

def retrieve_scheduled_scans(self, params={}):
    """Retrieve information for all scheduled scans."""
    return self.scantron_api_query("/api/scheduled_scans", params=params).json()

when you call it

import scantron_api_client

sc = scantron_api_client.ScantronClient()
params = {
    scan_status: "pending",
}

response = sc.retrieve_scheduled_scans(params=params)

This will generate something like https://<SCANTRON_CONSOLE>/api/scheduled_scans?scan_status=pending

5) I don't know when I'll be able to fully flesh out this feature.

6) Pagination should now return 100 results. Not sure if that will be the latest scans or the earliest.