Runnng Qualys API call in Python and response not getting returned without error

607 views Asked by At

Rookie Coder here, I was able to successfully run the following API call using Curl: username and password have been sanitized for security purposes

curl -H "X-Requested-With: Curl Sample" -u "username:password" "https://qualysapi.qg2.apps.qualys.com/api/2.0/fo/scan/?action=list"

This call simply lists the Qualys scans associated with the account.

I try and run the same API call using Python 3.10 and it finishes however, no data is returned without error:

Process finished with exit code 0

Python Script below:

from __future__ import print_function
import sqlite3
from sqlite3 import Error
import requests
import pandas as pd
import os
import csv
import time
from tqdm import tqdm
import sys, getopt
import codecs
import warnings
from pprint import pprint
import json
import pyfiglet
from openpyxl import Workbook
from datetime import datetime


'''Function to call Qualys API For Vulnerability Scan List Module'''
def QualysScanAPI(act, stat):
    print ('qualysapi.qg2.apps.qualys.com/api/2.0/fo/scan/?action=list')
    headers = {
    'X-Requested-With': 'QualysApiExplorer',
    }
    data = {
      'action': list,
      'state': stat,
      '': ''
    }


    response = requests.post('https://qualysapi.qg2.apps.qualys.com/api/2.0/fo/scan/?action=list', headers=headers, data=data, auth=('username', 'password'))

    return response.content

    print(response.content)
2

There are 2 answers

0
Seuss On

This is a pretty old post so this might not be all that useful at this point but here goes.

In your code you are calling the built in list function rather than supplying the string 'list' to the dict. The QualysAPI isn't going to know what to do with this.

When you are accessing an API endpoint you want to point your requests query at the endpoint URL with no additional parameters specified. Your parameters will be converted based on the values in the dictionary.

def QualysScanAPI(act, stat):  # Typically function names are lower case
    qualys_url = 'https://qualysapi.qg2.apps.qualys.com'
    api_command = '/api/2.0/fo/scan/'

    data = {
        'action': 'list',  # Note the quoted string vs using the built-in
        'state': stat
    }

    response = requests.post(f'{qualys_url}{api_command}',headers=headers, data=data, auth=(username, password)

    return response

res = QualysScanAPI(None, 'Finished')

print(res.content)

Outside of those issues, your print statement was misaligned which likely would have caused a python syntax error.. You also never called the function to get the return value which you were trying to print.

0
API On

I would suggest using the qualysapi library:

https://pypi.org/project/qualysapi/

Much easier making the calls you're looking for.