Performing API calls from VBscript - Part I

Document created by Scr1ptW1zard on Apr 22, 2012
Version 1Show Document
  • View in full screen mode

     Over the past year, I have been developing various subroutines and functions under VBscript to perform many automated tasks. I realize that there is a repository of Perl scripts that perform many of the same tasks, but since I know VBscript, that is my prefered environment. I am posting this here to assist others that may want to use a native scripting environment under Windows. I run my scripts in the following versions of the Windows OS: Windows 7, Windows Server 2003, and Windows Server 2008 R2.


This first post explains the basics needed to call the API functions via VBscript. I will add others as time permits.


     One of the first taks to perform, would be to login. I use, and recommend, the session login via APIv2. I'll try to explain this later, but I have created a single subroutine (getXMLFile) that I call for all API calls, so the login subroutine is simply:


Sub sessionLogin()
'// Description: Performs Qualys login via APIv2.
'// Input: None.
'// Output: Session login status in "login.xml" file.
    getXMLFile 2, "login.xml", "session/?action=login&username=" & QUALYSUSR & "&password=" & QUALYSPW, "POST"
End Sub


     About the getXMLFile subroutine

     The getXMLFile subroutine takes 4 arguments:

     The first argument is the API version you want to use (1 or 2).

     The second argument is the file to store the output in.

     The third argument is the API call and arguments to pass.

     The forth argument is the method to use when sending the data (GET or POST).


Here is the getXMLFile subroutine:



Sub getXMLFile(ver, xmlFile, phpLine, Method)
'// Description: Used for all API calls. Performs the requeted API task.
'// Input: ver     - API version (1 or 2).
'//        xmlFile - File name to store the output of the API call.
'//        phpLine - String specifying the API arguments for the task.
'//        Method  - Either "GET" or "POST"
'// Output: Results are stored in the specified file (xmlFile).
    Dim sHREF, oStream
    Dim oXMLHTTP

    If OnLine Then
        Set oXMLHTTP = CreateObject("msxml2.xmlhttp.6.0")
        If ver=1 Then
            sHREF=QUALYSAPIURL & "msp/" & phpLine
            oXMLHTTP.Open Method, sHREF, false, QUALYSUSR, QUALYSPW
            sHREF=QUALYSAPIURL & "api/2.0/fo/" & phpLine
            oXMLHTTP.Open Method, sHREF, false
            oXMLHTTP.setRequestHeader "X-Requested-With:", "VBScript"
        End If
        set oStream = createobject("")
        oStream.type = adTypeText
        oXMLHTTP.setRequestHeader "Content-type:", "text/xml"
        oXMLHTTP.setRequestHeader "Translate:", "f"
        oStream.writetext oXMLHTTP.ResponseText
        oStream.savetofile DataPath & xmlFile, adSaveCreateOverWrite
        Set oXMLHTTP = Nothing
        Set oStream = Nothing
    End If
End Sub



As you may notice, I have two variables defined: QUALYSUSR, QUALYSPW which represent the Qualys user name and password respectfully. How you populate these variables are up to you, but I would not hard-code them into any script! Other variables include:


QUALYSAPIURL - This is the URL to the appropriate API for your subscription.

DataPath - This is the folder location where return data from the API is stored. I normally define this as a subdirectory of the current working directory.


The session logout subroutine is very similar to the session login subroutine:


Sub sessionLogout()
'// Description: Performs Qualys Session logout via APIv2.
'// Input: None.
'// Output: Session logout status in "logout.xml" file.
    getXMLFile 2, "logout.xml", "session/?action=logout", "POST"
End Sub


     I am attaching a working example of performing the session login and logout functions along with a couple other subroutines/functions that are commonly used in my script(s). Please let me know if you have questions regarding this, I will do my best to answer them. I hope you find this and future posts helpful.

1 person found this helpful