nessus 0.2.0 → 0.2.1.beta.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 075d0b77f2e193176e333756cf8b204b97d61555
-  data.tar.gz: accd9c278a4cdd4d580ccfa7a21983e47509ef49
+  metadata.gz: 76ac1f6c86cb0cbf049142847dbdf42cc5f8a1db
+  data.tar.gz: e652f5f7f4e1982e9b9b10c867b43cec6ecd3a47
 SHA512:
-  metadata.gz: e7f8882ad88853f038fe519b60b61192c0cd0c885e97911f8ba988cd36bccff4c13a19307be79ed240f0f4109160911ec38239ced6dd97984b6618086309b09f
-  data.tar.gz: 716ab8b67434fe1ab2a8635cc14073e678cc2b1fce42035285ff33687fca24c23815d492a6be981d09f7caa1aaef3c5cec33e4f3fc4748b3af88083b1bdfe135
+  metadata.gz: e15cbca29b8ae17f2d184abbd266abf11ff7fba756b4c9bd017f3cbdb30a408e5890ad4a080c8cd906ba84578e7eec3212fddf6025ea52aec1e1cdcf15ec897b
+  data.tar.gz: aba6f4c23faf598197bf79a2fca6467a7c00b2709715cc2809aec430d9a46efdd4b5997bf6ddd6f54ea960c610130195b4da5f47aba5ffa4a500f53b7d45002b

data/.gitignore

@@ -21,9 +21,9 @@
 
 # for a library or gem, you might want to ignore these files since the code is
 # intended to run in multiple environments; otherwise, check them in:
-Gemfile.lock
-.ruby-version
-.ruby-gemset
+# Gemfile.lock
+# .ruby-version
+# .ruby-gemset
 
 # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
 .rvmrc

data/Gemfile.lock

@@ -0,0 +1,31 @@
+PATH
+  remote: .
+  specs:
+    nessus (0.1.0.beta.18)
+      faraday
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    coderay (1.1.0)
+    faraday (0.8.9)
+      multipart-post (~> 1.2.0)
+    method_source (0.8.2)
+    multipart-post (1.2.0)
+    pry (0.9.12.3)
+      coderay (~> 1.0)
+      method_source (~> 0.8)
+      slop (~> 3.4)
+    rake (10.1.0)
+    slop (3.4.6)
+    yard (0.8.7.3)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  bundler (~> 1.3)
+  nessus!
+  pry
+  rake
+  yard

data/lib/nessus/client.rb

@@ -29,16 +29,11 @@ module Nessus
     attr_reader :connection
 
     # @param [String] host the base URL to use when connecting to the Nessus API
-    def initialize(host, login = nil, password = nil, connection_options = {})
-      connection_options[:ssl] ||= {}
-      connection_options[:ssl][:verify] ||= Nessus::Client.verify_ssl.nil? || Nessus::Client.verify_ssl
-
-      @connection = Faraday.new host, connection_options
+    def initialize(host, login = nil, password = nil)
+      @verify_ssl = Nessus::Client.verify_ssl.nil? ? true : false
+      @connection = Faraday.new host, :ssl => { :verify => @verify_ssl }
       @connection.headers[:user_agent] = "Nessus.rb v#{Nessus::VERSION}".freeze
 
-      # Allow passing a block to Faraday::Connection
-      yield @connection if block_given?
-
       authenticate(login, password) if login && password
     end
 
@@ -47,14 +42,12 @@ module Nessus
     # @param [String] login the username of the account to use for authentication
     # @param [String] password the password of the account to use for authentication
     def authenticate(login, password)
-      @login    = login
-      @password = password
-
       payload = {
         :login => login,
-        :password => password
+        :password => password,
+        :json => 1
       }
-      resp = post '/login', payload
+      resp = connection.post '/login', payload
       resp = JSON.parse(resp.body)
 
       if resp['reply']['status'].eql? 'OK'
@@ -70,7 +63,7 @@ module Nessus
     # @param [String] login the username of the account to use for authentication
     # @param [String] password the password of the account to use for authentication
     def logout
-      resp = post '/logout'
+      resp = post '/logout', :json => 1
 
       if resp['reply']['status'].eql? 'OK'
         if connection.headers[:cookie].include? 'token='
@@ -97,28 +90,17 @@ module Nessus
     # @param [Hash] params the query parameters to send with the request
     # @param [Hash] headers the headers to send along with the request
     def get(url, params = {}, headers = {})
-      retries ||= 0
-
       unless authenticated?
-        fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
+        raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
       end
 
       params ||= {}
-      params[:json] = 1
+      params[:json] ||= 1
 
+      params  = connection.params.merge(params)
+      headers = connection.headers.merge(headers)
       resp    = connection.get url, params, headers
-      fail Nessus::Unauthorized if resp.status == 401
-      fail Nessus::Forbidden if resp.status == 403
-
       JSON.parse(resp.body)
-    rescue Nessus::Unauthorized, Nessus::Forbidden
-      if retries < 1
-        retries += 1
-        authenticate(@login, @password) if @login && @password
-        retry
-      else
-        raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
-      end
     end
 
     # @param [String] url the URL/path to send a GET request using the
@@ -126,28 +108,15 @@ module Nessus
     # @param [Hash] payload the JSON body to send with the request
     # @param [Hash] headers the headers to send along with the request
     def post(url, payload = nil, headers = nil, &block)
-      retries ||= 0
-
       unless authenticated?
-        fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
+        raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
       end
 
       payload ||= {}
-      payload[:json] = 1
+      payload[:json] ||= 1
 
       resp = connection.post(url, payload, headers, &block)
-      fail Nessus::Unauthorized if resp.status == 401
-      fail Nessus::Forbidden if resp.status == 403
-
       JSON.parse(resp.body)
-    rescue Nessus::Unauthorized, Nessus::Forbidden
-      if retries < 1
-        retries += 1
-        authenticate(@login, @password) if @login && @password
-        retry
-      else
-        raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
-      end
     end
   end
 end

data/lib/nessus/client/file.rb

@@ -10,14 +10,6 @@ module Nessus
         resp = connection.get '/file/report/download', :report => uuid
         resp.body
       end
-
-      # GET /file/xslt/list
-      #
-      # @return [Array<Hash>] an object containing a list of XSLT transformations
-      def xslt_list
-        response = post '/file/xslt/list'
-        response['reply']['contents']
-      end
     end
   end
 end

data/lib/nessus/client/report.rb

@@ -10,6 +10,14 @@ module Nessus
         response['reply']['contents']['reports']['report']
       end
 
+      # GET /file/xslt/list
+      #
+      # @return [Array<Hash>] an object containing a list of XSLT transformations
+      def xslt_list
+        response = post '/file/xslt/list'
+        response['reply']['contents']
+      end
+
       # POST /report/delete
       #
       # @param [String] report unique identifier

data/lib/nessus/client/scan.rb

@@ -15,7 +15,8 @@ module Nessus
         payload = {
           :target => target,
           :policy_id => policy_id,
-          :scan_name => scan_name
+          :scan_name => scan_name,
+          :json => 1
         }
         payload[:seq] = seq if seq
         response = post '/scan/new', payload
@@ -77,7 +78,8 @@ module Nessus
         payload = {
           :template_name => template_name,
           :policy_id => policy_id,
-          :target => target
+          :target => target,
+          :json => 1
         }
         payload[:seq] = seq if seq
         payload[:startTime] = start_time if start_time

data/lib/nessus/error.rb

@@ -1,10 +1,8 @@
 module Nessus
   # @todo add more descriptive error classes
 
-  # HTTP error 401
-  Unauthorized = Class.new(StandardError)
-  # HTTP error 403
+  # 403
   Forbidden = Class.new(StandardError)
-  # Catch all for HTTP errors
+  # *
   UnknownError = Class.new(StandardError)
 end

data/lib/nessus/version.rb

@@ -1,4 +1,4 @@
 module Nessus
   # The version of the Nessus.rb library
-  VERSION = '0.2.0'
+  VERSION = '0.2.1.beta.1'
 end

data/mjcarey@10.5.5.14

@@ -0,0 +1,227 @@
+#
+# This file configures the New Relic Agent.  New Relic monitors
+# Ruby, Java, .NET, PHP, and Python applications with deep visibility and low overhead.
+# For more information, visit www.newrelic.com.
+#
+# Generated January 09, 2014
+#
+# This configuration file is custom generated for Me_270
+
+
+# Here are the settings that are common to all environments
+common: &default_settings
+  # ============================== LICENSE KEY ===============================
+
+  # You must specify the license key associated with your New Relic
+  # account.  This key binds your Agent's data to your account in the
+  # New Relic service.
+  license_key: '06522801ff9ca5c1881e5494d76639ec2932adac'
+
+  # Agent Enabled (Ruby/Rails Only)
+  # Use this setting to force the agent to run or not run.
+  # Default is 'auto' which means the agent will install and run only
+  # if a valid dispatcher such as Mongrel is running.  This prevents
+  # it from running with Rake or the console.  Set to false to
+  # completely turn the agent off regardless of the other settings.
+  # Valid values are true, false and auto.
+  #
+  # agent_enabled: auto
+
+  # Application Name Set this to be the name of your application as
+  # you'd like it show up in New Relic. The service will then auto-map
+  # instances of your application into an "application" on your
+  # dashboard page. If you want to map this instance into multiple
+  # apps, like "AJAX Requests" and "All UI" then specify a semicolon
+  # separated list of up to three distinct names, or a yaml list.
+  # Defaults to the capitalized RAILS_ENV or RACK_ENV (i.e.,
+  # Production, Staging, etc)
+  #
+  # Example:
+  #
+  #   app_name:
+  #       - Ajax Service
+  #       - All Services
+  #
+  app_name: My Application
+
+  # When "true", the agent collects performance data about your
+  # application and reports this data to the New Relic service at
+  # newrelic.com. This global switch is normally overridden for each
+  # environment below. (formerly called 'enabled')
+  monitor_mode: true
+
+  # Developer mode should be off in every environment but
+  # development as it has very high overhead in memory.
+  developer_mode: false
+
+  # The newrelic agent generates its own log file to keep its logging
+  # information separate from that of your application. Specify its
+  # log level here.
+  log_level: info
+
+  # Optionally set the path to the log file This is expanded from the
+  # root directory (may be relative or absolute, e.g. 'log/' or
+  # '/var/log/') The agent will attempt to create this directory if it
+  # does not exist.
+  # log_file_path: 'log'
+
+  # Optionally set the name of the log file, defaults to 'newrelic_agent.log'
+  # log_file_name: 'newrelic_agent.log'
+
+  # The newrelic agent communicates with the service via https by default.  This
+  # prevents eavesdropping on the performance metrics transmitted by the agent.
+  # The encryption required by SSL introduces a nominal amount of CPU overhead,
+  # which is performed asynchronously in a background thread.  If you'd prefer
+  # to send your metrics over http uncomment the following line.
+  # ssl: false
+
+  #============================== Browser Monitoring ===============================
+  # New Relic Real User Monitoring gives you insight into the performance real users are
+  # experiencing with your website. This is accomplished by measuring the time it takes for
+  # your users' browsers to download and render your web pages by injecting a small amount
+  # of JavaScript code into the header and footer of each page.
+  browser_monitoring:
+      # By default the agent automatically injects the monitoring JavaScript
+      # into web pages. Set this attribute to false to turn off this behavior.
+      auto_instrument: true
+
+  # Proxy settings for connecting to the New Relic server.
+  #
+  # If a proxy is used, the host setting is required.  Other settings
+  # are optional. Default port is 8080.
+  #
+  # proxy_host: hostname
+  # proxy_port: 8080
+  # proxy_user:
+  # proxy_pass:
+
+  # The agent can optionally log all data it sends to New Relic servers to a
+  # separate log file for human inspection and auditing purposes. To enable this
+  # feature, change 'enabled' below to true.
+  # See: https://newrelic.com/docs/ruby/audit-log
+  audit_log:
+    enabled: false
+
+  # Tells transaction tracer and error collector (when enabled)
+  # whether or not to capture HTTP params.  When true, frameworks can
+  # exclude HTTP parameters from being captured.
+  # Rails: the RoR filter_parameter_logging excludes parameters
+  # Java: create a config setting called "ignored_params" and set it to
+  #     a comma separated list of HTTP parameter names.
+  #     ex: ignored_params: credit_card, ssn, password
+  capture_params: false
+
+  # Transaction tracer captures deep information about slow
+  # transactions and sends this to the New Relic service once a
+  # minute. Included in the transaction is the exact call sequence of
+  # the transactions including any SQL statements issued.
+  transaction_tracer:
+
+    # Transaction tracer is enabled by default. Set this to false to
+    # turn it off. This feature is only available at the Professional
+    # and above product levels.
+    enabled: true
+
+    # Threshold in seconds for when to collect a transaction
+    # trace. When the response time of a controller action exceeds
+    # this threshold, a transaction trace will be recorded and sent to
+    # New Relic. Valid values are any float value, or (default) "apdex_f",
+    # which will use the threshold for an dissatisfying Apdex
+    # controller action - four times the Apdex T value.
+    transaction_threshold: apdex_f
+
+    # When transaction tracer is on, SQL statements can optionally be
+    # recorded. The recorder has three modes, "off" which sends no
+    # SQL, "raw" which sends the SQL statement in its original form,
+    # and "obfuscated", which strips out numeric and string literals.
+    record_sql: obfuscated
+
+    # Threshold in seconds for when to collect stack trace for a SQL
+    # call. In other words, when SQL statements exceed this threshold,
+    # then capture and send to New Relic the current stack trace. This is
+    # helpful for pinpointing where long SQL calls originate from.
+    stack_trace_threshold: 0.500
+
+    # Determines whether the agent will capture query plans for slow
+    # SQL queries.  Only supported in mysql and postgres.  Should be
+    # set to false when using other adapters.
+    # explain_enabled: true
+
+    # Threshold for query execution time below which query plans will
+    # not be captured.  Relevant only when `explain_enabled` is true.
+    # explain_threshold: 0.5
+
+  # Error collector captures information about uncaught exceptions and
+  # sends them to New Relic for viewing
+  error_collector:
+
+    # Error collector is enabled by default. Set this to false to turn
+    # it off. This feature is only available at the Professional and above
+    # product levels.
+    enabled: true
+
+    # Rails Only - tells error collector whether or not to capture a
+    # source snippet around the place of the error when errors are View
+    # related.
+    capture_source: true
+
+    # To stop specific errors from reporting to New Relic, set this property
+    # to comma-separated values.  Default is to ignore routing errors,
+    # which are how 404's get triggered.
+    ignore_errors: "ActionController::RoutingError,Sinatra::NotFound"
+
+  # If you're interested in capturing memcache keys as though they
+  # were SQL uncomment this flag. Note that this does increase
+  # overhead slightly on every memcached call, and can have security
+  # implications if your memcached keys are sensitive
+  # capture_memcache_keys: true
+
+# Application Environments
+# ------------------------------------------
+# Environment-specific settings are in this section.
+# For Rails applications, RAILS_ENV is used to determine the environment.
+# For Java applications, pass -Dnewrelic.environment <environment> to set
+# the environment.
+
+# NOTE if your application has other named environments, you should
+# provide newrelic configuration settings for these environments here.
+
+development:
+  <<: *default_settings
+  # Turn off communication to New Relic service in development mode (also
+  # 'enabled').
+  # NOTE: for initial evaluation purposes, you may want to temporarily
+  # turn the agent on in development mode.
+  monitor_mode: false
+
+  # Rails Only - when running in Developer Mode, the New Relic Agent will
+  # present performance information on the last 100 transactions you have
+  # executed since starting the mongrel.
+  # NOTE: There is substantial overhead when running in developer mode.
+  # Do not use for production or load testing.
+  developer_mode: true
+
+  # Enable textmate links
+  # textmate: true
+
+test:
+  <<: *default_settings
+  # It almost never makes sense to turn on the agent when running
+  # unit, functional or integration tests or the like.
+  monitor_mode: false
+
+# Turn on the agent in production for 24x7 monitoring. NewRelic
+# testing shows an average performance impact of < 5 ms per
+# transaction, you can leave this on all the time without
+# incurring any user-visible performance degradation.
+production:
+  <<: *default_settings
+  monitor_mode: true
+
+# Many applications have a staging environment which behaves
+# identically to production. Support for that environment is provided
+# here.  By default, the staging environment has the agent turned on.
+staging:
+  <<: *default_settings
+  monitor_mode: true
+  # app_name: My Application (Staging)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nessus
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.1.beta.1
 platform: ruby
 authors:
 - Erran Carey
@@ -15,70 +15,70 @@ dependencies:
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ~>
+    - - "~>"
       - !ruby/object:Gem::Version
         version: '1.3'
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: yard
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
   name: faraday
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ">="
       - !ruby/object:Gem::Version
         version: '0'
 description: A Ruby client for the Nessus 5.x JSON REST API
@@ -89,8 +89,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- .gitignore
+- ".gitignore"
 - Gemfile
+- Gemfile.lock
 - LICENSE.md
 - README.md
 - Rakefile
@@ -111,6 +112,7 @@ files:
 - lib/nessus/client/uuid.rb
 - lib/nessus/error.rb
 - lib/nessus/version.rb
+- mjcarey@10.5.5.14
 - nessus.gemspec
 homepage: https://github.com/threatagent/nessus.rb
 licenses:
@@ -122,17 +124,17 @@ require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - ">"
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.0.3
+rubygems_version: 2.2.0
 signing_key: 
 specification_version: 4
 summary: A Ruby client for the Nessus 5.x JSON REST API. UPDATE_ME