Note: This is not supported by Qualys, it is community built. Thanks to Jason Kent and Qnimbus for the solution below.
Provide the dates after which you want to process scans (optional), provide the QID you want to find, the script will then iterate through all application scans and find those findings and their results.
So, you can run this against all web application scan results and look for the SQLi QID and it will show you the findings in a text file with the QID number for the filename.
2012-09-20: Changed text format to CSV. Can now handle scans that have no vulnerabilities. Workaround for random authorization error.
$ python it_s-a-trap.py -h
usage: it_s-a-trap.py [-h] [-d DATE] -q QID -p PASSWORD -u USERNAME
Prints out QID vulnerabilities to QID.txt from most recent webapp scans.
-h, --help show this help message and exit
-d DATE, --date DATE Only search scans launched after DATE. Format must be
-q QID, --qid QID List web applications vulnerable to QID.
-p PASSWORD, --password PASSWORD
Corresponding QualysGuard WAS v2 API password.
-u USERNAME, --username USERNAME
QualysGuard WAS v2 API username.
- Python 2.7
It's fairly simple to install these packages using pip.
How to install libraries
$ curl https://raw.github.com/pypa/pip/master/contrib/get-pip.py | sudo python
$ sudo pip install lxml
- Python 2.7 on Mac 10.7. Other Mac OS versions may work. Comment if they do or don't please.
The libraries are packaged with the script in one directory. Mac 10.7 required. Comment if you would like a Windows package.
Compiled for Mac 10.6+ users out there. This compiled code will require Python 2.7.