moj-nessus-automation 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: bf73193651160ed38be74d9296150fc56d39ba07
+  data.tar.gz: d28ec9c8d573df1c2f7e89d528e5b4cb145fd63c
+SHA512:
+  metadata.gz: be194d067c703bcba38afa28bce1ec3959bf1ac75114c722bcdee9f64f4ad845105cae223f959a883933a1783f789f81a2e523a51c99447f699e7726a624884c
+  data.tar.gz: 023fb8f527c1ad80de4d7b2fda71ff8d3af206495b24c5bac2533454b869ed7c9963a76d9076713127fa9a7ce3de36dcefc8616e3698b46b70a8402708b194c8

data/.gitignore

@@ -0,0 +1,2 @@
+env.sh
+*.gem

data/README.md

@@ -0,0 +1,2 @@
+## Nessus Automation - Ruby Client
+

data/lib/example.rb

@@ -0,0 +1,31 @@
+#! /usr/bin/env ruby
+
+require_relative 'nessus.rb'
+
+# Create a new scan instance
+scan = Nessus::Scan.new(
+  'webapp',
+  'https://preprod-prisonvisits.dsd.io/prisoner'
+)
+
+# Check details of scan created
+scan.details
+
+# Launch the scan
+scan.launch!
+
+# View scan result
+scan.view
+
+# Convenience methods for vulnerability management
+scan.result.critical?
+scan.result.high?
+scan.result.medium?
+
+# Export the scan as csv
+scan.export_csv('/tmp/nessus.csv')
+
+
+
+
+

data/lib/nessus.rb

@@ -0,0 +1,9 @@
+require_relative 'nessus/xmlrpc.rb'
+require_relative 'nessus/settings.rb'
+require_relative 'nessus/scan.rb'
+#
+# Namespace for classes and modules that handle interacting 
+# with Nessus XMLRPC interface
+#
+module Nessus
+end

data/lib/nessus/scan.rb

@@ -0,0 +1,125 @@
+require_relative './xmlrpc.rb'
+require_relative './settings.rb'
+
+module Nessus
+  class Scan
+    #
+    # Wrapper for XMLRPC client
+    # 
+    # @attr_reader [String] uuid of scan template
+    # @attr_reader [Fixnum] scan id
+    # @attr_reader [Hash] full scan details
+    # @attr_reader [Result] full scan result
+    #
+    attr_reader :uuid, :id, :details, :result
+    #
+    # Create a new scan instance
+    # 
+    # @param [String] nessus scan template name
+    # @param [Array<String>] target addresses e.g http://localhost:3000
+    #
+    # @return [Scan]
+    #
+    def initialize(name, targets)
+      set_uuid(name)
+      setup_scan(targets)
+    end
+    #
+    # Launches the scan
+    #
+    # @return [Result] the result hash from the scan
+    # 
+    def launch!
+      client.scan_launch(@id)
+
+      loop do
+        raw    = client.scan_details(@id)
+        status = raw['info']['status']
+
+        if status != 'running'
+          @result = Result.new(raw)
+          break
+        end
+          
+        sleep Nessus::Settings.refresh_interval
+      end
+    end
+    #
+    # View the result of a finished scan
+    #
+    # @return [Hash] the raw result hash from the scan
+    #
+    def view
+      result && result.raw
+    end
+    #
+    # Export scan to csv file
+    #
+    # @param [String] output filepath
+    #
+    # @return [Fixnum] bytes written to file
+    #
+    def export_csv(filepath)
+      csv_id   = client.scan_export(@id, 'csv')
+      csv_data = client.report_download(@id, csv_id['file'])
+
+      File.write(filepath, csv_data)
+    end
+
+    private
+
+    def set_uuid(name)
+      @uuid = client
+                .list_template('scan')
+                .fetch('templates', [])
+                .find { |t| t['name'] == name }
+                .fetch('uuid')
+    end
+
+    def setup_scan(targets)
+      @details = client.scan_create(
+        @uuid,
+        "Automated Scan #{Time.now}",
+        "This scan was created by the Nessus ruby client as part of automated testing",
+        targets
+      )
+
+      @id = @details['scan']['id']
+    end
+
+    def client
+      @client ||= Nessus::Client.new(
+        Nessus::Settings.host,
+        Nessus::Settings.username,
+        Nessus::Settings.password,
+        Nessus::Settings.ssl_verify
+      )
+    end
+
+    class Result
+      attr_reader :raw
+
+      def initialize(raw)
+        @raw = raw
+      end
+
+      def critical?
+        check('critical')
+      end
+
+      def high?
+        check('high')
+      end
+
+      def medium?
+        check('medium')
+      end
+
+      private
+
+      def check(severity)
+        raw['hosts'].any? { |h| h.fetch(severity) > 0 } 
+      end
+    end
+  end
+end

data/lib/nessus/settings.rb

@@ -0,0 +1,50 @@
+#
+# Define static scan settings
+#
+module Nessus
+  module Settings
+    extend self
+    # 
+    # Host for Nessus instance
+    #
+    # @return [String] 
+    #
+    def host
+      ENV.fetch('NESSUS_HOST', 'http://localhost:8834')
+    end
+    # 
+    # Nessus username
+    #
+    # @return [String] 
+    #
+    def username
+      ENV.fetch('NESSUS_USER', 'test_user')
+    end
+    # 
+    # Nessus password
+    #
+    # @return [String] 
+    #
+    def password
+      ENV.fetch('NESSUS_PASS', 'test_pass')
+    end
+    # 
+    # SSL connection settings for Nessus instance
+    #
+    # @note set to 'ssl_verify' in PRODUCTION
+    #
+    # @return [String] 
+    #
+    def ssl_verify
+      'none' # ssl_verify for secure connection
+    end
+    # 
+    # Refresh interval when checking for job completion
+    #
+    # @return [Fixnum] 
+    #
+    def refresh_interval
+      5
+    end
+  end
+end

data/lib/nessus/version.rb

@@ -0,0 +1,6 @@
+#
+# Gem versioning
+#
+module Nessus
+  VERSION = '0.0.1'
+end

data/lib/nessus/xmlrpc.rb

@@ -0,0 +1,315 @@
+require 'net/http'
+require 'json'
+require 'openssl'
+#
+# Nessus XML RPC Client
+#
+# @author Metasploit Framework
+# @see https://github.com/rapid7/metasploit-framework/blob/master/lib/nessus/nessus-xmlrpc.rb
+#
+module Nessus
+  class Client
+    class << self
+      @connection
+      @token
+    end
+     
+    def initialize(host, username = nil, password = nil, ssl_option = nil)
+      uri = URI.parse(host)
+      @connection = Net::HTTP.new(uri.host, uri.port)
+      @connection.use_ssl = true
+      if ssl_option == "ssl_verify"
+        @connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
+      else
+        @connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
+      end
+        
+      yield @connection if block_given?
+        authenticate(username, password) if username && password
+    end
+ 
+    def authenticate(username, password)
+      payload = {
+        :username => username, 
+        :password => password, 
+        :json => 1
+      }
+      res = http_post(:uri=>"/session", :data=>payload)
+      if res['token']
+        @token = "token=#{res['token']}"
+        return true
+      else
+        false
+      end
+    end
+
+    def x_cookie
+      {'X-Cookie'=>@token}
+    end
+
+    alias_method :login, :authenticate
+     
+    def authenticated
+      if (@token && @token.include?('token='))
+        return true
+      else
+        return false
+      end
+    end
+
+    def get_server_properties
+      http_get(:uri=>"/server/properties", :fields=>x_cookie)
+    end
+  
+    def user_add(username, password, permissions, type)
+      payload = {
+        :username => username, 
+        :password => password, 
+        :permissions => permissions, 
+        :type => type, 
+        :json => 1
+      }
+      http_post(:uri=>"/users", :fields=>x_cookie, :data=>payload)
+    end
+      
+    def user_delete(user_id)
+      res = http_delete(:uri=>"/users/#{user_id}", :fields=>x_cookie)
+      return res.code
+    end
+      
+    def user_chpasswd(user_id, password)
+      payload = {
+        :password => password, 
+        :json => 1
+      }
+      res = http_put(:uri=>"/users/#{user_id}/chpasswd", :data=>payload, :fields=>x_cookie)
+      return res.code
+    end
+      
+    def user_logout
+      res = http_delete(:uri=>"/session", :fields=>x_cookie)
+      return res.code
+    end
+
+    def list_policies
+      http_get(:uri=>"/policies", :fields=>x_cookie)
+    end
+
+    def list_users
+      http_get(:uri=>"/users", :fields=>x_cookie)
+    end
+
+    def list_folders
+      http_get(:uri=>"/folders", :fields=>x_cookie)
+    end
+
+    def list_scanners
+      http_get(:uri=>"/scanners", :fields=>x_cookie)
+    end
+
+    def list_families
+      http_get(:uri=>"/plugins/families", :fields=>x_cookie)
+    end
+
+    def list_plugins(family_id)
+      http_get(:uri=>"/plugins/families/#{family_id}", :fields=>x_cookie)
+    end
+
+    def list_template(type)
+      res = http_get(:uri=>"/editor/#{type}/templates", :fields=>x_cookie)
+    end
+
+    def plugin_details(plugin_id)
+      http_get(:uri=>"/plugins/plugin/#{plugin_id}", :fields=>x_cookie)
+    end
+
+    def is_admin
+      res = http_get(:uri=>"/session", :fields=>x_cookie)
+      if res['permissions'] == 128
+        return true
+      else
+        return false
+      end
+    end
+
+    def server_properties
+      http_get(:uri=>"/server/properties", :fields=>x_cookie)
+    end
+
+    def scan_create(uuid, name, description, targets)
+      payload = {
+        :uuid => uuid, 
+        :settings => {
+          :name => name, 
+          :description => description, 
+          :text_targets => targets
+          },
+        :json => 1
+      }.to_json
+      http_post(:uri=>"/scans", :body=>payload, :fields=>x_cookie, :ctype=>'application/json')
+    end
+
+    def scan_launch(scan_id)
+      http_post(:uri=>"/scans/#{scan_id}/launch", :fields=>x_cookie)
+    end
+
+    def server_status
+      http_get(:uri=>"/server/status", :fields=>x_cookie)
+    end
+
+    def scan_list
+      http_get(:uri=>"/scans", :fields=>x_cookie)
+    end
+
+    def scan_details(scan_id)
+      http_get(:uri=>"/scans/#{scan_id}", :fields=>x_cookie)
+    end
+
+    def scan_pause(scan_id)
+      http_post(:uri=>"/scans/#{scan_id}/pause", :fields=>x_cookie)
+    end
+
+    def scan_resume(scan_id)
+      http_post(:uri=>"/scans/#{scan_id}/resume", :fields=>x_cookie)
+    end
+
+    def scan_stop(scan_id)
+      http_post(:uri=>"/scans/#{scan_id}/stop", :fields=>x_cookie)
+    end
+
+    def scan_export(scan_id, format)
+      payload = {
+        :format => format
+      }.to_json
+      http_post(:uri=>"/scans/#{scan_id}/export", :body=>payload, :ctype=>'application/json', :fields=>x_cookie)
+    end
+
+    def scan_export_status(scan_id, file_id)
+      request = Net::HTTP::Get.new("/scans/#{scan_id}/export/#{file_id}/status")
+      request.add_field("X-Cookie", @token)
+      res = @connection.request(request)
+      if res.code == "200"
+        return "ready"
+      else
+        res = JSON.parse(res.body)
+        return res
+      end
+    end
+
+    def policy_delete(policy_id)
+      res = http_delete(:uri=>"/policies/#{policy_id}", :fields=>x_cookie)
+      return res.code
+    end
+
+    def host_detail(scan_id, host_id)
+      res = http_get(:uri=>"/scans/#{scan_id}/hosts/#{host_id}", :fields=>x_cookie)
+    end
+
+    def report_download(scan_id, file_id)
+      res = http_get(:uri=>"/scans/#{scan_id}/export/#{file_id}/download", :raw_content=> true, :fields=>x_cookie)
+    end
+
+    private
+
+    def http_put(opts={})
+      uri    = opts[:uri]
+      data   = opts[:data]
+      fields = opts[:fields] || {}
+      res    = nil
+
+      req = Net::HTTP::Put.new(uri)
+      req.set_form_data(data) unless data.blank?
+      fields.each_pair do |name, value|
+        req.add_field(name, value)
+      end
+
+      begin
+        res = @connection.request(req)
+      rescue URI::InvalidURIError
+        return res
+      end
+
+      res
+    end
+
+    def http_delete(opts={})
+      uri    = opts[:uri]
+      fields = opts[:fields] || {}
+      res    = nil
+
+      req = Net::HTTP::Delete.new(uri)
+
+      fields.each_pair do |name, value|
+        req.add_field(name, value)
+      end
+
+      begin
+        res = @connection.request(req)
+      rescue URI::InvalidURIError
+        return res
+      end
+
+      res
+    end
+
+    def http_get(opts={})
+      uri         = opts[:uri]
+      fields      = opts[:fields] || {}
+      raw_content = opts[:raw_content] || false
+      json        = {}
+
+      req = Net::HTTP::Get.new(uri)
+      fields.each_pair do |name, value|
+        req.add_field(name, value)
+      end
+
+      begin
+        res = @connection.request(req)
+      rescue URI::InvalidURIError
+        return json
+      end
+      if !raw_content
+        parse_json(res.body)
+      else
+        res.body
+      end
+    end
+
+    def http_post(opts = {})
+      uri    = opts[:uri]
+      data   = opts[:data]
+      fields = opts[:fields] || {}
+      body   = opts[:body]
+      ctype  = opts[:ctype]
+      json   = {}
+
+      req = Net::HTTP::Post.new(uri)
+      req.set_form_data(data) if data
+      req.body = body if body
+      req['Content-Type'] = ctype if ctype
+      fields.each_pair do |name, value|
+        req.add_field(name, value)
+      end
+
+      begin
+        res = @connection.request(req)
+      rescue URI::InvalidURIError
+        return json
+      end
+
+      parse_json(res.body)
+    end
+
+    def parse_json(body)
+      buf = {}
+
+      begin
+        buf = JSON.parse(body)
+      rescue JSON::ParserError
+      end
+
+      buf
+    end
+
+  end
+end

data/moj-nessus-automation.gemspec

@@ -0,0 +1,21 @@
+# coding: utf-8
+
+lib = File.expand_path('./lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+
+require './lib/nessus/version.rb'
+
+Gem::Specification.new do |s|
+  s.name          = 'moj-nessus-automation'
+  s.version       =  Nessus::VERSION
+  s.date          = '2014-09-24'
+  s.summary       = 'Nessus Automation Gem'
+  s.description   = 'A gem to automate nessus vulnerability scanning'
+  s.authors       = ['Jeremy Fox']
+  s.email         = 'jeremy.fox@digital.justice.gov.uk'
+  s.files         = `git ls-files`.split($/)
+  s.require_paths = ['lib']
+  s.homepage      = 
+    'http://rubygems.org/gems/moj-nesssus-automation'
+  s.license       = 'MIT'
+end

metadata

@@ -0,0 +1,52 @@
+--- !ruby/object:Gem::Specification
+name: moj-nessus-automation
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- Jeremy Fox
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-09-24 00:00:00.000000000 Z
+dependencies: []
+description: A gem to automate nessus vulnerability scanning
+email: jeremy.fox@digital.justice.gov.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- README.md
+- lib/example.rb
+- lib/nessus.rb
+- lib/nessus/scan.rb
+- lib/nessus/settings.rb
+- lib/nessus/version.rb
+- lib/nessus/xmlrpc.rb
+- moj-nessus-automation.gemspec
+homepage: http://rubygems.org/gems/moj-nesssus-automation
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5
+signing_key: 
+specification_version: 4
+summary: Nessus Automation Gem
+test_files: []