Does Qualys or any other complimentary tool provide a way to scan across a range of IP's and ports and find any active web application in that range?
I want to validate our web application inventory. Please advise.
As part of your VM scans, Qualys performs a GET request on every port selected within the option profile for every host it discovers/scans. Once you log into Qualys WAS, simply navigate to Web Applications and then the Catalog tab. Once there, click on update and WAS will import all hosts that were discovered to respond to a GET request and give you additional information. From there, once the update is complete, you can label your assets responding to the said GET requests or even add them into your subscription to scan them through WAS. If you have any additional questions, feel free to follow up here or contact your TAM for further assistance.
That has gotten us very close, we have thinned the herd so to speak. Now, how do we discover the URL of the web app from that host using Qualys or some complimentary tool? Meaning the catalog shows me that a particular IP has specific port(s) listening to 'Get' requests but to perform a web App Scan I think I need the URL? Or is it sufficient to WAS scan with just the host name (FQDN or IP)?
Great to hear you have made it closer. For the majority of web applications you can scan by IP - but for some percentage of web applications - depending on the configuration of the web server, it may require a certain fully qualified domain name (FQDN) to respond correctly - especially if multiple sites are configured as virtual servers on a single host. For this there is no "Black Box" capability that is available. On our side we're working to integrate DNS information which would require authenticated access to the DNS server. For now the only way to identify these situations are to interrogate your DNS system to identify FQDN to IP mappings. If you have API access, you could load this information into our asset management module and provision the web applications from there. We're targeting the integration of this capability into WAS in 2015.
Retrieving data ...