NexposeRunner 0.0.5 → 0.0.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 3fc954479b13a6d1ee5538438ef4e0e9d155acef
-  data.tar.gz: 92f8b3905afd4c71bc0f316c42b605d33b2cf2c6
+  metadata.gz: 9a8816db77936253046c6e2858d14c794eaa3291
+  data.tar.gz: 21121f0ae8c931b390e9ddd239da015a008e7825
 SHA512:
-  metadata.gz: faee2b9d52875bb8e2fe4b3112b96a49746953d1784ca29f8cd3b3c9beb00bc215eaf1440f7bfe459393474f564969175440b2a40446680bf1c61f71cafba9f6
-  data.tar.gz: 4bfb76dc4cf58c81f06c90d2c8ef071c472323b21861d831898c729ce23764e66d5cdc2373255459b21470233582539291f7177a7552f7ff090018b151328f78
+  metadata.gz: bfcf436db720bcab7f61126360b0b19056957b1a49a9bb12bed94db7a40c260491da61c46bf6d6e0a754c69f4ac42150a54aab6ad67be8902bda2a45e882f077
+  data.tar.gz: 0b5d1dafd6fbe50022a8b0ac8d07a6a774331663d393bb5484678274917beb595b7a37902ff5f7c9bcb4dcf2fcbdb58b3f9aacb5993702430cccc2e36a8edd4b

data/.gitignore

@@ -21,3 +21,5 @@ tmp
 *.a
 mkmf.log
 .idea/
+config/scan.yml
+config/scan.yml.bak

data/README.md

@@ -33,6 +33,8 @@ EXAMPLE:
 
     $ scan "http://test.connection" "rapid7" "password" "3780" "my_cool_software_build-28" "10.5.0.15" "full-audit-widget-corp"
 
+It is possible to use a YAML file to drive the configuration of this module.  An example configuration file is provided in config/scan.yml.example.  Simply copy it to config/scan.yml and modify it to work with your environment.
+
 ## Contributing
 
 1. Fork it ( https://github.com/[my-github-username]/nexpose-scan/fork )

data/config/scan.yml.example

@@ -0,0 +1,7 @@
+connection_url: ''
+username: ''
+password: ''
+port: '3780'
+site_name: ''
+ip_addresses: ''
+scan_template: ''

data/lib/NexposeRunner/version.rb

@@ -1,4 +1,4 @@
 module NexposeRunner
-    VERSION = '0.0.5'
+    VERSION = '0.0.7'
 end
 

data/lib/nexpose-runner/constants.rb

@@ -10,6 +10,7 @@ module CONSTANTS
   VULNERABILITY_REPORT_NAME = 'nexpose-vulnerability-report.csv'
   SOFTWARE_REPORT_NAME = 'nexpose-software-report.csv'
   POLICY_REPORT_NAME = 'nexpose-policy-report.csv'
+  AUDIT_REPORT_NAME = 'nexpose-audit-report.html'
 
   VULNERABILITY_REPORT_QUERY = 'SELECT DISTINCT
                                   ip_address,
@@ -61,4 +62,4 @@ module CONSTANTS
                          LEFT JOIN dim_policy_rule dpr on dpr.policy_id = fapr.policy_id and fapr.rule_id = dpr.rule_id
                          LEFT JOIN dim_asset da on da.asset_id = fapr.asset_id
                          ORDER BY da.ip_address'
-end
+end

data/lib/nexpose-runner/scan.rb

@@ -35,6 +35,9 @@ module NexposeRunner
       policies = generate_report(CONSTANTS::POLICY_REPORT_QUERY, site.id, nsc)
       generate_csv(policies, CONSTANTS::POLICY_REPORT_NAME)
 
+      puts "Scan complete for #{run_details.site_name}, Generating Audit Report"
+      generate_audit_report(site.id, nsc, CONSTANTS::AUDIT_REPORT_NAME)
+
       [vulnerbilities, software, policies]
     end
 
@@ -51,8 +54,9 @@ module NexposeRunner
 
       begin
         sleep(3)
-        status = nsc.scan_status(scan.id)
-        puts "Current #{run_details.site_name} scan status: #{status.to_s}"
+        stats = nsc.scan_statistics(scan.id)
+ 	status = stats.status
+        puts "Current #{run_details.site_name} scan status: #{status.to_s} -- PENDING: #{stats.tasks.pending.to_s} ACTIVE: #{stats.tasks.active.to_s} COMPLETED #{stats.tasks.completed.to_s}"
       end while status == Nexpose::Scan::Status::RUNNING
     end
 
@@ -83,6 +87,12 @@ module NexposeRunner
       CSV.parse(report_output.chomp, {:headers => :first_row})
     end
 
+    def self.generate_audit_report(site, nsc, name)
+      adhoc = Nexpose::AdhocReportConfig.new('audit-report', 'html', site)
+      data = adhoc.generate(nsc)
+      File.open(name, 'w') { |file| file.write(data) }
+    end
+
     def self.generate_csv(csv_output, name)
       CSV.open(name, 'w') do |csv_file|
         csv_file << csv_output.headers

data/lib/nexpose-runner/scan_run_description.rb

@@ -1,9 +1,15 @@
+require 'yaml'
+
 class ScanRunDescription
   attr_accessor :connection_url, :username, :password, :port, :site_name, :ip_addresses, :scan_template
   @@port_value = ''
   @@ip_addresses = ''
 
   def initialize(options)
+    if File.file?('config/scan.yml')
+      options = YAML.load_file('config/scan.yml')
+    end
+
     self.connection_url = options['connection_url']
     self.username =  options['username']
     self.password = options['password']

data/spec/scan_config_spec.rb

@@ -0,0 +1,57 @@
+require 'nexpose-runner/scan_run_description'
+require 'yaml'
+
+file_path = 'config/scan.yml'
+describe 'scan_user_config_file_tests' do
+  if File.file?('config/scan.yml')
+    File.rename('config/scan.yml','config/scan.yml.bak')
+  end
+
+  describe 'start' do
+    before(:each) do
+      config_file = File.new(file_path, 'w')
+      config_file.puts("connection_url: 'mydomain.wat'")
+      config_file.puts("ip_addresses: ''")
+      config_file.close
+      @scan_run_description = ScanRunDescription.new({})
+    end
+
+    after(:each) do
+      File.delete(file_path) if File.exist?(file_path)
+    end
+
+    it 'should get configuration from the config/scan.yaml when provided' do
+      expect(@scan_run_description.connection_url).to eq('mydomain.wat')
+    end
+  end
+
+  if File.file?('config/scan.yml.bak')
+    File.rename('config/scan.yml.bak', 'config/scan.yml')
+  end
+
+end
+
+describe 'scan_default_config_tests' do
+  if File.file?('config/scan.yml')
+    File.rename('config/scan.yml', 'config/scan.yml.bak')
+  end
+
+  describe 'start' do
+    before(:each) do
+      @options = {
+        'connection_url' => 'foo.bar',
+        'ip_addresses' => ''
+      }
+      @scan_run_description = ScanRunDescription.new(@options)
+    end
+
+    it 'should get configuration from the command line options' do
+      expect(@scan_run_description.connection_url).to eq('foo.bar')
+    end
+  end
+
+  if File.file?('config/scan.yml.bak')
+    File.rename('config/scan.yml.bak', 'config/scan.yml')
+  end
+
+end

data/spec/scan_spec.rb

@@ -1,7 +1,13 @@
 require 'nexpose-runner/scan'
 require 'nexpose-runner/constants'
+require 'ostruct'
 
 describe 'nexpose-runner' do
+
+  if File.file?('config/exploit.yml')
+    File.rename('config/exploit.yml', 'config/exploit.yml.bak')
+  end
+
   before(:each) do
     allow(NexposeRunner::Scan).to receive(:sleep)
   end
@@ -39,10 +45,12 @@ describe 'nexpose-runner' do
 
 
       @mock_scan = get_mock_scan
+      @mock_scan_summary = get_mock_scan_summary
       @mock_nexpose_client = get_mock_nexpose_client
       @mock_nexpose_site = get_mock_nexpose_site
       @mock_report = get_mock_report
 
+
       @options = {
         'connection_url' => @expected_connection,
         'username' => @expected_username,
@@ -163,20 +171,18 @@ describe 'nexpose-runner' do
 
       describe 'wait for the Nexpose Scan to complete' do
         it 'should call to check the status of the scan' do
-          expect(@mock_nexpose_client).to receive(:scan_status).with(@mock_scan_id)
+          expect(@mock_nexpose_client).to receive(:scan_statistics).with(@mock_scan_id)
   
           NexposeRunner::Scan.start(@options)
         end
   
         it 'should call to check the status until it is not running' do
-          expect(@mock_nexpose_client).to receive(:scan_status)
-                                      .with(@mock_scan_id)
+          expect(@mock_scan_summary).to receive(:status)
                                       .and_return(Nexpose::Scan::Status::RUNNING)
                                       .exactly(3).times
                                       .ordered
   
-          expect(@mock_nexpose_client).to receive(:scan_status)
-                                      .with(@mock_scan_id)
+          expect(@mock_scan_summary).to receive(:status)
                                       .and_return(Nexpose::Scan::Status::FINISHED)
                                       .once
                                       .ordered
@@ -185,14 +191,12 @@ describe 'nexpose-runner' do
         end
   
         it 'should sleep for 3 seconds if the status is still running' do
-          expect(@mock_nexpose_client).to receive(:scan_status)
-                                      .with(@mock_scan_id)
+          expect(@mock_scan_summary).to receive(:status)
                                       .and_return(Nexpose::Scan::Status::RUNNING)
                                       .exactly(3).times
                                       .ordered
   
-          expect(@mock_nexpose_client).to receive(:scan_status)
-                                      .with(@mock_scan_id)
+          expect(@mock_scan_summary).to receive(:status)
                                       .and_return(Nexpose::Scan::Status::FINISHED)
                                       .once
                                       .ordered
@@ -227,6 +231,10 @@ describe 'nexpose-runner' do
       }.to raise_error(StandardError, CONSTANTS::VULNERABILITY_FOUND_MESSAGE)
     end
   end
+
+  if File.file?('config/exploit.yml.bak')
+    File.rename('config/exploit.yml.bak', 'config/exploit.yml')
+  end
 end
 
 def expect_report_to_be_called_with(report_name, report_query, report_response)
@@ -249,8 +257,9 @@ def get_mock_nexpose_client
 
   allow(mock_nexpose_client).to receive(:call).with(any_args).and_return({})
 
-  allow(mock_nexpose_client).to receive(:scan_status)
+  allow(mock_nexpose_client).to receive(:scan_statistics)
                                  .with(@mock_scan_id)
+				 .and_return(@mock_scan_summary)
 
   allow(mock_nexpose_client).to receive(:login)
                                   .and_return(true)
@@ -261,6 +270,20 @@ def get_mock_nexpose_client
   mock_nexpose_client
 end
 
+def get_mock_scan_summary
+  mock_scan_summary = double(Nexpose::ScanSummary)
+
+  tasks = OpenStruct.new(:completed => 1, :pending => 1)
+  allow(mock_scan_summary).to receive(:tasks).and_return(tasks)
+
+  allow(mock_scan_summary).to receive(:status).and_return(
+				Nexpose::Scan::Status::RUNNING, 
+				Nexpose::Scan::Status::RUNNING,
+ 				Nexpose::Scan::Status::RUNNING, 
+				Nexpose::Scan::Status::FINISHED)
+  mock_scan_summary
+end
+
 def get_mock_nexpose_site
   mock_nexpose_site = double(Nexpose::Site)
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: NexposeRunner
 version: !ruby/object:Gem::Version
-  version: 0.0.5
+  version: 0.0.7
 platform: ruby
 authors:
 - Nathan Gibson
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-10 00:00:00.000000000 Z
+date: 2015-10-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nexpose
@@ -83,11 +83,13 @@ files:
 - README.md
 - Rakefile
 - bin/scan
+- config/scan.yml.example
 - lib/NexposeRunner.rb
 - lib/NexposeRunner/version.rb
 - lib/nexpose-runner/constants.rb
 - lib/nexpose-runner/scan.rb
 - lib/nexpose-runner/scan_run_description.rb
+- spec/scan_config_spec.rb
 - spec/scan_spec.rb
 - spec/spec_helper.rb
 homepage: ''
@@ -110,7 +112,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: This is a gem that provides the ability to create a new site, add an IP to
@@ -118,5 +120,6 @@ summary: This is a gem that provides the ability to create a new site, add an IP
   and finally produce a reports for vulnerabilities, installed software, and policy
   compliance.
 test_files:
+- spec/scan_config_spec.rb
 - spec/scan_spec.rb
 - spec/spec_helper.rb