I put together a script recently to solve a customer problem, but it struck me that it is a problem many organizations might have.

What happens when you are in charge of the Nexpose console, but someone else is in charge of actually applying remediation? You may generate a report for them listing the assets they need to remediate, but when they get back to you with results, it may just be a list of the IPs they've completed. If that doesn't happen to map nicely to a Site or Asset Group that already exists, it could easily mean more work for you. Also, their boss wants a report to show that they've completed the work.

The Script

This script is all about converting IP addresses into Asset Groups, based upon the existing assets in your console regardless of Site.

https://raw.github.com/rapid7/nexpose-client/master/scripts/create_asset_group.r b

How It Works

The script takes as input a file with each line is the IP address of an asset. It then connects to a Nexpose console and creates a new Asset Group composed of those IPs. The grunt work is that the script looks up the device IDs of all your assets to correlate those with the IPs in question.

The simplest usage is to just pass in the file containing the IPs. This will create an asset group based off the name of the file. This also assumes that you are running the script on the same machine as the console.

$ ./create_asset_group.rb ip-list.txt
Password:
Group 'ip-list' saved with 2 assets.

For a more versatile run, we can give the name and description of the new Asset Group on the command line.

$ ./create_asset_group.rb ip-list.txt -n 'Remediation May 2013' -d
'Assets where remediation was applied by Susan Smith in May 2013.' -h nx-console.company.com -u nxadmin
Password:
Group 'Remediation May 2013' saved with 2 assets.

And if you just need help with the script:

$ ./create_asset_group.rb --help

Now, if you need to run a new scan based upon the assets, you can just rescan the asset group (see: Bridging Asset Groups and Sites Using the Nexpose Gem). Or if you just need to run another report for those assets, you can configure the report against the group.

Exercise for the User

It should be trivial to modify this script for other input formats. You could use the 'csv' library to grab the correct data from an existing CSV report. Or you could use the 'spreadsheet' gem to extract the IPs from an Excel spreadsheet.

The script has a --debug flag to warn you when you have multiple assets with the same IP addresses or one of your IPs isn't found. With multiple matches, it simply selects the last one it encounters, but you may wish to keep all of them (using a 'multimap' ?). Or, maybe you want to narrow it otherwise.