mirror of
https://github.com/lopes/netbox-scanner.git
synced 2025-07-05 13:04:40 +02:00
new way to read user parameters
This commit is contained in:
parent
96e16e30fc
commit
1de0ce0340
22
README.md
22
README.md
@ -20,31 +20,27 @@ Note that `netbox-scanner` will require [Nmap](https://nmap.org/) and an instanc
|
||||
|
||||
|
||||
## Usage
|
||||
`netbox-scanner` can be used both in your Python programs or as a script. To use `netbox-scanner` as a script, edit `netbox-scanner/config.py` with your setup, and run the command below:
|
||||
`netbox-scanner` can be used both in your Python programs or as a script. To use `netbox-scanner` as a script, simply run `netbox-scanner/netbox-scanner.py` and it'll create its configuration file (`.netbox-scanner.conf`) in your home folder:
|
||||
|
||||
$ netbox-scanner.py
|
||||
$ python netbox-scanner.py
|
||||
|
||||
After that, you'll just need to edit that file with your environment settings and run the script again.
|
||||
|
||||
`netbox-scanner` will do the following tasks:
|
||||
|
||||
1. It will scan all networks defined in `netbox-scanner/config.py` or via parameters.
|
||||
1. It will scan all networks defined in the configuration file.
|
||||
2. For each discovered host it will:
|
||||
1. If host is in NetBox, description is different, and `tag` is equal to `netbox-scanner/config.py/TAG`, it's description will be updated.
|
||||
1. If host is in NetBox, description is different, and `tag` is equal to that defined in the configuration file, it's description will be updated in NetBox.
|
||||
2. If host is not in NetBox, it'll be created.
|
||||
3. It will iterate through each network to find and delete any hosts registered in NetBox that did not respond to scan, and have the tag `netbox-scanner/config.py/TAG`.
|
||||
3. It will iterate through each network to find and delete any hosts registered in NetBox that did not respond to scan, and have the tag defined in the configuration file.
|
||||
|
||||
This way, if some hosts in your monitored networks are eventually down, but you don't want `netbox-scanner` to manage them, just make sure that they don't have the tag defined in `netbox-scanner/config.py/TAG`.
|
||||
|
||||
To see a list of all available parameters in `netbox-scanner.py`, simple use the `-h` option --please note that all parameters are optional, because all of them can be set using `netbox-scanner/config.py` file:
|
||||
|
||||
$ netbox-scanner.py -h
|
||||
For instance, if some hosts in your monitored networks are eventually down, but you don't want `netbox-scanner` to manage them, just make sure that they **don't** have the tag defined in the configuration file.
|
||||
|
||||
Of course, you can use `cron` to automatically run `netbox-scanner`.
|
||||
|
||||
|
||||
## Configuration File
|
||||
`netbox-scanner` have a configuration file (`netbox-scanner/netbox-scanner/config.py`) with all parameters needed to scan networks and synchronize them to NetBox. Before using `netbox-scanner/netbox-scannner/netbox-scanner.py` you should read that file and fill all variables according to your environment.
|
||||
|
||||
It is strongly recommended that you use this file instead of passing parameters via command line, because it's easier and avoid common mistakes in multiple executions. You should use command line parameters occasionally, in single scans.
|
||||
`netbox-scanner` have a configuration file with all parameters needed to scan networks and synchronize them to NetBox. By default, this file is located at user's home folder and is created when `netbox-scanner.py` is executed for the first time. Before using `netbox-scanner.py` you should edit that file and fill all variables according to your environment.
|
||||
|
||||
|
||||
## License
|
||||
|
@ -17,10 +17,11 @@ logging.getLogger('paramiko').setLevel(logging.CRITICAL) # paramiko is noisy
|
||||
|
||||
class NetBoxScanner(object):
|
||||
|
||||
def __init__(self, address, token, tls_verify, nmap_args, devs_auth, tag, unknown):
|
||||
def __init__(self, address, token, tls_verify, nmap_args, tacacs, tag,
|
||||
unknown):
|
||||
self.netbox = api(address, token=token, ssl_verify=tls_verify)
|
||||
self.nmap_args = nmap_args
|
||||
self.devs = devs_auth
|
||||
self.tacacs = tacacs
|
||||
self.tag = tag
|
||||
self.unknown = unknown
|
||||
self.stats = {'created':0, 'updated':0, 'deleted':0,
|
||||
@ -52,17 +53,17 @@ class NetBoxScanner(object):
|
||||
return name
|
||||
else:
|
||||
c = CPE(cpe[0], CPE.VERSION_2_3)
|
||||
vendor = c.get_vendor()[0].upper()
|
||||
if vendor in self.devs:
|
||||
vendor = c.get_vendor()[0]
|
||||
if self.tacacs and vendor == 'cisco':
|
||||
try:
|
||||
client = SSHClient()
|
||||
client.set_missing_host_key_policy(AutoAddPolicy())
|
||||
client.connect(address, username=self.devs[vendor]['USER'],
|
||||
password=self.devs[vendor]['PASSWORD'])
|
||||
stdin, stdout, stderr = client.exec_command(self.devs[vendor]['COMMAND'])
|
||||
client.connect(address, username=self.tacacs['user'],
|
||||
password=self.tacacs['password'])
|
||||
stdin,stdout,stderr = client.exec_command(self.tacacs['command'])
|
||||
return '{}:{}'.format(vendor.lower(),
|
||||
re.search(self.devs[vendor]['REGEX'],
|
||||
str(stdout.read().decode('utf-8'))).group(self.devs[vendor]['REGROUP']))
|
||||
re.search(self.tacacs['regex'],
|
||||
str(stdout.read().decode('utf-8'))).group(self.tacacs['regroup']))
|
||||
except (AuthenticationException, SSHException,
|
||||
NoValidConnectionsError, TimeoutError,
|
||||
ConnectionResetError):
|
||||
|
@ -1,48 +1,76 @@
|
||||
#!/usr/bin/env python3
|
||||
|
||||
import logging
|
||||
from argparse import ArgumentParser
|
||||
|
||||
from configparser import ConfigParser
|
||||
from os import fsync
|
||||
from os.path import expanduser
|
||||
from getpass import getpass
|
||||
from datetime import datetime
|
||||
from urllib3 import disable_warnings
|
||||
from urllib3.exceptions import InsecureRequestWarning
|
||||
|
||||
import config
|
||||
from nbscan import NetBoxScanner
|
||||
|
||||
|
||||
argp = ArgumentParser()
|
||||
argp.add_argument('-l', '--log', help='logfile path', default=config.LOG)
|
||||
argp.add_argument('-a', '--address', help='netbox address',
|
||||
default=config.NETBOX['ADDRESS'])
|
||||
argp.add_argument('-t', '--token', help='netbox access token',
|
||||
default=config.NETBOX['TOKEN'])
|
||||
argp.add_argument('-v', '--verify', help='tls verify',
|
||||
action='store_true', default=config.NETBOX['TLS_VERIFY'])
|
||||
argp.add_argument('-m', '--nmap', help='set Nmap arguments',
|
||||
default=config.NMAP_ARGS)
|
||||
argp.add_argument('-d', '--devices', help='device authentication crendentials',
|
||||
default=config.DEVICE_AUTH)
|
||||
argp.add_argument('-g', '--tag', help='netbox-scanner tag',
|
||||
default=config.TAG)
|
||||
argp.add_argument('-u', '--unknown', help='netbox-scanner unknown host',
|
||||
default=config.UNKNOWN)
|
||||
argp.add_argument('-n', '--networks', nargs='+', help='networks to be scanned',
|
||||
default=config.NETWORKS)
|
||||
args = argp.parse_args()
|
||||
template = '''
|
||||
[GENERAL]
|
||||
tag = auto
|
||||
unknown = unknown host
|
||||
log = .
|
||||
nmap_args = -T4 -O -F --host-timeout 30s
|
||||
|
||||
logging.basicConfig(filename='{}/netbox-scanner-{}.log'.format(args.log,
|
||||
datetime.now().strftime('%Y%m%dT%H%M%SZ')),
|
||||
level=logging.INFO,
|
||||
[NETBOX]
|
||||
address = https://
|
||||
token =
|
||||
tls_verify = True
|
||||
|
||||
[TACACS]
|
||||
user = netbox
|
||||
password =
|
||||
command = show run | inc hostname
|
||||
regex = hostname ([A-Z|a-z|0-9|\-|_]+)
|
||||
regroup = 1
|
||||
|
||||
[SCAN]
|
||||
networks = 10.1.2.3/24,10.2.3.4/24
|
||||
'''
|
||||
conffile = expanduser('~/.netbox-scanner.conf')
|
||||
|
||||
try:
|
||||
config = ConfigParser()
|
||||
config.read(conffile)
|
||||
general_conf = config['GENERAL']
|
||||
netbox_conf = config['NETBOX']
|
||||
networks = config['SCAN']['networks'].split(',')
|
||||
tacacs_conf = dict()
|
||||
for key in config['TACACS']:
|
||||
tacacs_conf[key] = config['TACACS'][key]
|
||||
tacacs_conf['regroup'] = int(tacacs_conf['regroup'])
|
||||
except KeyError:
|
||||
with open(conffile,'w+') as f:
|
||||
f.write(template)
|
||||
fsync(f)
|
||||
print('Config file was created at {}'.format(conffile))
|
||||
print('Fill all fields before run the script again.')
|
||||
exit(1)
|
||||
|
||||
logfile = '{}/netbox-scanner-{}.log'.format(general_conf['log'],
|
||||
datetime.now().strftime('%Y%m%dT%H%M%SZ'))
|
||||
logging.basicConfig(filename=logfile, level=logging.INFO,
|
||||
format='%(asctime)s\tnetbox-scanner\t%(levelname)s\t%(message)s')
|
||||
|
||||
disable_warnings(InsecureRequestWarning)
|
||||
|
||||
nbs = NetBoxScanner(args.address, args.token, args.verify, args.nmap,
|
||||
args.devices, args.tag, args.unknown)
|
||||
logging.info('started: {} networks'.format(len(args.networks)))
|
||||
nbs.sync(args.networks)
|
||||
logging.info('finished: +{} ~{} -{} ?{} !{}'.format(nbs.stats['created'],
|
||||
nbs.stats['updated'], nbs.stats['deleted'], nbs.stats['undiscovered'],
|
||||
nbs.stats['duplicated']))
|
||||
|
||||
if __name__ == '__main__':
|
||||
nbs = NetBoxScanner(netbox_conf['address'], netbox_conf['token'],
|
||||
netbox_conf.getboolean('tls_verify'), general_conf['nmap_args'],
|
||||
tacacs_conf, general_conf['tag'], general_conf['unknown'])
|
||||
logging.info('started: {} networks'.format(len(networks)))
|
||||
nbs.sync(networks)
|
||||
logging.info('finished: +{} ~{} -{} ?{} !{}'.format(nbs.stats['created'],
|
||||
nbs.stats['updated'], nbs.stats['deleted'], nbs.stats['undiscovered'],
|
||||
nbs.stats['duplicated']))
|
||||
|
||||
exit(0)
|
||||
|
Loading…
x
Reference in New Issue
Block a user