nessus 0.2.0 → 0.2.1.beta.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 075d0b77f2e193176e333756cf8b204b97d61555
4
- data.tar.gz: accd9c278a4cdd4d580ccfa7a21983e47509ef49
3
+ metadata.gz: 76ac1f6c86cb0cbf049142847dbdf42cc5f8a1db
4
+ data.tar.gz: e652f5f7f4e1982e9b9b10c867b43cec6ecd3a47
5
5
  SHA512:
6
- metadata.gz: e7f8882ad88853f038fe519b60b61192c0cd0c885e97911f8ba988cd36bccff4c13a19307be79ed240f0f4109160911ec38239ced6dd97984b6618086309b09f
7
- data.tar.gz: 716ab8b67434fe1ab2a8635cc14073e678cc2b1fce42035285ff33687fca24c23815d492a6be981d09f7caa1aaef3c5cec33e4f3fc4748b3af88083b1bdfe135
6
+ metadata.gz: e15cbca29b8ae17f2d184abbd266abf11ff7fba756b4c9bd017f3cbdb30a408e5890ad4a080c8cd906ba84578e7eec3212fddf6025ea52aec1e1cdcf15ec897b
7
+ data.tar.gz: aba6f4c23faf598197bf79a2fca6467a7c00b2709715cc2809aec430d9a46efdd4b5997bf6ddd6f54ea960c610130195b4da5f47aba5ffa4a500f53b7d45002b
data/.gitignore CHANGED
@@ -21,9 +21,9 @@
21
21
 
22
22
  # for a library or gem, you might want to ignore these files since the code is
23
23
  # intended to run in multiple environments; otherwise, check them in:
24
- Gemfile.lock
25
- .ruby-version
26
- .ruby-gemset
24
+ # Gemfile.lock
25
+ # .ruby-version
26
+ # .ruby-gemset
27
27
 
28
28
  # unless supporting rvm < 1.11.0 or doing something fancy, ignore this:
29
29
  .rvmrc
@@ -0,0 +1,31 @@
1
+ PATH
2
+ remote: .
3
+ specs:
4
+ nessus (0.1.0.beta.18)
5
+ faraday
6
+
7
+ GEM
8
+ remote: https://rubygems.org/
9
+ specs:
10
+ coderay (1.1.0)
11
+ faraday (0.8.9)
12
+ multipart-post (~> 1.2.0)
13
+ method_source (0.8.2)
14
+ multipart-post (1.2.0)
15
+ pry (0.9.12.3)
16
+ coderay (~> 1.0)
17
+ method_source (~> 0.8)
18
+ slop (~> 3.4)
19
+ rake (10.1.0)
20
+ slop (3.4.6)
21
+ yard (0.8.7.3)
22
+
23
+ PLATFORMS
24
+ ruby
25
+
26
+ DEPENDENCIES
27
+ bundler (~> 1.3)
28
+ nessus!
29
+ pry
30
+ rake
31
+ yard
@@ -29,16 +29,11 @@ module Nessus
29
29
  attr_reader :connection
30
30
 
31
31
  # @param [String] host the base URL to use when connecting to the Nessus API
32
- def initialize(host, login = nil, password = nil, connection_options = {})
33
- connection_options[:ssl] ||= {}
34
- connection_options[:ssl][:verify] ||= Nessus::Client.verify_ssl.nil? || Nessus::Client.verify_ssl
35
-
36
- @connection = Faraday.new host, connection_options
32
+ def initialize(host, login = nil, password = nil)
33
+ @verify_ssl = Nessus::Client.verify_ssl.nil? ? true : false
34
+ @connection = Faraday.new host, :ssl => { :verify => @verify_ssl }
37
35
  @connection.headers[:user_agent] = "Nessus.rb v#{Nessus::VERSION}".freeze
38
36
 
39
- # Allow passing a block to Faraday::Connection
40
- yield @connection if block_given?
41
-
42
37
  authenticate(login, password) if login && password
43
38
  end
44
39
 
@@ -47,14 +42,12 @@ module Nessus
47
42
  # @param [String] login the username of the account to use for authentication
48
43
  # @param [String] password the password of the account to use for authentication
49
44
  def authenticate(login, password)
50
- @login = login
51
- @password = password
52
-
53
45
  payload = {
54
46
  :login => login,
55
- :password => password
47
+ :password => password,
48
+ :json => 1
56
49
  }
57
- resp = post '/login', payload
50
+ resp = connection.post '/login', payload
58
51
  resp = JSON.parse(resp.body)
59
52
 
60
53
  if resp['reply']['status'].eql? 'OK'
@@ -70,7 +63,7 @@ module Nessus
70
63
  # @param [String] login the username of the account to use for authentication
71
64
  # @param [String] password the password of the account to use for authentication
72
65
  def logout
73
- resp = post '/logout'
66
+ resp = post '/logout', :json => 1
74
67
 
75
68
  if resp['reply']['status'].eql? 'OK'
76
69
  if connection.headers[:cookie].include? 'token='
@@ -97,28 +90,17 @@ module Nessus
97
90
  # @param [Hash] params the query parameters to send with the request
98
91
  # @param [Hash] headers the headers to send along with the request
99
92
  def get(url, params = {}, headers = {})
100
- retries ||= 0
101
-
102
93
  unless authenticated?
103
- fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
94
+ raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
104
95
  end
105
96
 
106
97
  params ||= {}
107
- params[:json] = 1
98
+ params[:json] ||= 1
108
99
 
100
+ params = connection.params.merge(params)
101
+ headers = connection.headers.merge(headers)
109
102
  resp = connection.get url, params, headers
110
- fail Nessus::Unauthorized if resp.status == 401
111
- fail Nessus::Forbidden if resp.status == 403
112
-
113
103
  JSON.parse(resp.body)
114
- rescue Nessus::Unauthorized, Nessus::Forbidden
115
- if retries < 1
116
- retries += 1
117
- authenticate(@login, @password) if @login && @password
118
- retry
119
- else
120
- raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
121
- end
122
104
  end
123
105
 
124
106
  # @param [String] url the URL/path to send a GET request using the
@@ -126,28 +108,15 @@ module Nessus
126
108
  # @param [Hash] payload the JSON body to send with the request
127
109
  # @param [Hash] headers the headers to send along with the request
128
110
  def post(url, payload = nil, headers = nil, &block)
129
- retries ||= 0
130
-
131
111
  unless authenticated?
132
- fail Nessus::Unauthorized, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
112
+ raise Nessus::Forbidden, 'Unable to detect a session token cookie, use #authenticate before sending any other requests'
133
113
  end
134
114
 
135
115
  payload ||= {}
136
- payload[:json] = 1
116
+ payload[:json] ||= 1
137
117
 
138
118
  resp = connection.post(url, payload, headers, &block)
139
- fail Nessus::Unauthorized if resp.status == 401
140
- fail Nessus::Forbidden if resp.status == 403
141
-
142
119
  JSON.parse(resp.body)
143
- rescue Nessus::Unauthorized, Nessus::Forbidden
144
- if retries < 1
145
- retries += 1
146
- authenticate(@login, @password) if @login && @password
147
- retry
148
- else
149
- raise Nessus::Forbidden, 'Unable to automatically reauthenticate'
150
- end
151
120
  end
152
121
  end
153
122
  end
@@ -10,14 +10,6 @@ module Nessus
10
10
  resp = connection.get '/file/report/download', :report => uuid
11
11
  resp.body
12
12
  end
13
-
14
- # GET /file/xslt/list
15
- #
16
- # @return [Array<Hash>] an object containing a list of XSLT transformations
17
- def xslt_list
18
- response = post '/file/xslt/list'
19
- response['reply']['contents']
20
- end
21
13
  end
22
14
  end
23
15
  end
@@ -10,6 +10,14 @@ module Nessus
10
10
  response['reply']['contents']['reports']['report']
11
11
  end
12
12
 
13
+ # GET /file/xslt/list
14
+ #
15
+ # @return [Array<Hash>] an object containing a list of XSLT transformations
16
+ def xslt_list
17
+ response = post '/file/xslt/list'
18
+ response['reply']['contents']
19
+ end
20
+
13
21
  # POST /report/delete
14
22
  #
15
23
  # @param [String] report unique identifier
@@ -15,7 +15,8 @@ module Nessus
15
15
  payload = {
16
16
  :target => target,
17
17
  :policy_id => policy_id,
18
- :scan_name => scan_name
18
+ :scan_name => scan_name,
19
+ :json => 1
19
20
  }
20
21
  payload[:seq] = seq if seq
21
22
  response = post '/scan/new', payload
@@ -77,7 +78,8 @@ module Nessus
77
78
  payload = {
78
79
  :template_name => template_name,
79
80
  :policy_id => policy_id,
80
- :target => target
81
+ :target => target,
82
+ :json => 1
81
83
  }
82
84
  payload[:seq] = seq if seq
83
85
  payload[:startTime] = start_time if start_time
@@ -1,10 +1,8 @@
1
1
  module Nessus
2
2
  # @todo add more descriptive error classes
3
3
 
4
- # HTTP error 401
5
- Unauthorized = Class.new(StandardError)
6
- # HTTP error 403
4
+ # 403
7
5
  Forbidden = Class.new(StandardError)
8
- # Catch all for HTTP errors
6
+ # *
9
7
  UnknownError = Class.new(StandardError)
10
8
  end
@@ -1,4 +1,4 @@
1
1
  module Nessus
2
2
  # The version of the Nessus.rb library
3
- VERSION = '0.2.0'
3
+ VERSION = '0.2.1.beta.1'
4
4
  end
@@ -0,0 +1,227 @@
1
+ #
2
+ # This file configures the New Relic Agent. New Relic monitors
3
+ # Ruby, Java, .NET, PHP, and Python applications with deep visibility and low overhead.
4
+ # For more information, visit www.newrelic.com.
5
+ #
6
+ # Generated January 09, 2014
7
+ #
8
+ # This configuration file is custom generated for Me_270
9
+
10
+
11
+ # Here are the settings that are common to all environments
12
+ common: &default_settings
13
+ # ============================== LICENSE KEY ===============================
14
+
15
+ # You must specify the license key associated with your New Relic
16
+ # account. This key binds your Agent's data to your account in the
17
+ # New Relic service.
18
+ license_key: '06522801ff9ca5c1881e5494d76639ec2932adac'
19
+
20
+ # Agent Enabled (Ruby/Rails Only)
21
+ # Use this setting to force the agent to run or not run.
22
+ # Default is 'auto' which means the agent will install and run only
23
+ # if a valid dispatcher such as Mongrel is running. This prevents
24
+ # it from running with Rake or the console. Set to false to
25
+ # completely turn the agent off regardless of the other settings.
26
+ # Valid values are true, false and auto.
27
+ #
28
+ # agent_enabled: auto
29
+
30
+ # Application Name Set this to be the name of your application as
31
+ # you'd like it show up in New Relic. The service will then auto-map
32
+ # instances of your application into an "application" on your
33
+ # dashboard page. If you want to map this instance into multiple
34
+ # apps, like "AJAX Requests" and "All UI" then specify a semicolon
35
+ # separated list of up to three distinct names, or a yaml list.
36
+ # Defaults to the capitalized RAILS_ENV or RACK_ENV (i.e.,
37
+ # Production, Staging, etc)
38
+ #
39
+ # Example:
40
+ #
41
+ # app_name:
42
+ # - Ajax Service
43
+ # - All Services
44
+ #
45
+ app_name: My Application
46
+
47
+ # When "true", the agent collects performance data about your
48
+ # application and reports this data to the New Relic service at
49
+ # newrelic.com. This global switch is normally overridden for each
50
+ # environment below. (formerly called 'enabled')
51
+ monitor_mode: true
52
+
53
+ # Developer mode should be off in every environment but
54
+ # development as it has very high overhead in memory.
55
+ developer_mode: false
56
+
57
+ # The newrelic agent generates its own log file to keep its logging
58
+ # information separate from that of your application. Specify its
59
+ # log level here.
60
+ log_level: info
61
+
62
+ # Optionally set the path to the log file This is expanded from the
63
+ # root directory (may be relative or absolute, e.g. 'log/' or
64
+ # '/var/log/') The agent will attempt to create this directory if it
65
+ # does not exist.
66
+ # log_file_path: 'log'
67
+
68
+ # Optionally set the name of the log file, defaults to 'newrelic_agent.log'
69
+ # log_file_name: 'newrelic_agent.log'
70
+
71
+ # The newrelic agent communicates with the service via https by default. This
72
+ # prevents eavesdropping on the performance metrics transmitted by the agent.
73
+ # The encryption required by SSL introduces a nominal amount of CPU overhead,
74
+ # which is performed asynchronously in a background thread. If you'd prefer
75
+ # to send your metrics over http uncomment the following line.
76
+ # ssl: false
77
+
78
+ #============================== Browser Monitoring ===============================
79
+ # New Relic Real User Monitoring gives you insight into the performance real users are
80
+ # experiencing with your website. This is accomplished by measuring the time it takes for
81
+ # your users' browsers to download and render your web pages by injecting a small amount
82
+ # of JavaScript code into the header and footer of each page.
83
+ browser_monitoring:
84
+ # By default the agent automatically injects the monitoring JavaScript
85
+ # into web pages. Set this attribute to false to turn off this behavior.
86
+ auto_instrument: true
87
+
88
+ # Proxy settings for connecting to the New Relic server.
89
+ #
90
+ # If a proxy is used, the host setting is required. Other settings
91
+ # are optional. Default port is 8080.
92
+ #
93
+ # proxy_host: hostname
94
+ # proxy_port: 8080
95
+ # proxy_user:
96
+ # proxy_pass:
97
+
98
+ # The agent can optionally log all data it sends to New Relic servers to a
99
+ # separate log file for human inspection and auditing purposes. To enable this
100
+ # feature, change 'enabled' below to true.
101
+ # See: https://newrelic.com/docs/ruby/audit-log
102
+ audit_log:
103
+ enabled: false
104
+
105
+ # Tells transaction tracer and error collector (when enabled)
106
+ # whether or not to capture HTTP params. When true, frameworks can
107
+ # exclude HTTP parameters from being captured.
108
+ # Rails: the RoR filter_parameter_logging excludes parameters
109
+ # Java: create a config setting called "ignored_params" and set it to
110
+ # a comma separated list of HTTP parameter names.
111
+ # ex: ignored_params: credit_card, ssn, password
112
+ capture_params: false
113
+
114
+ # Transaction tracer captures deep information about slow
115
+ # transactions and sends this to the New Relic service once a
116
+ # minute. Included in the transaction is the exact call sequence of
117
+ # the transactions including any SQL statements issued.
118
+ transaction_tracer:
119
+
120
+ # Transaction tracer is enabled by default. Set this to false to
121
+ # turn it off. This feature is only available at the Professional
122
+ # and above product levels.
123
+ enabled: true
124
+
125
+ # Threshold in seconds for when to collect a transaction
126
+ # trace. When the response time of a controller action exceeds
127
+ # this threshold, a transaction trace will be recorded and sent to
128
+ # New Relic. Valid values are any float value, or (default) "apdex_f",
129
+ # which will use the threshold for an dissatisfying Apdex
130
+ # controller action - four times the Apdex T value.
131
+ transaction_threshold: apdex_f
132
+
133
+ # When transaction tracer is on, SQL statements can optionally be
134
+ # recorded. The recorder has three modes, "off" which sends no
135
+ # SQL, "raw" which sends the SQL statement in its original form,
136
+ # and "obfuscated", which strips out numeric and string literals.
137
+ record_sql: obfuscated
138
+
139
+ # Threshold in seconds for when to collect stack trace for a SQL
140
+ # call. In other words, when SQL statements exceed this threshold,
141
+ # then capture and send to New Relic the current stack trace. This is
142
+ # helpful for pinpointing where long SQL calls originate from.
143
+ stack_trace_threshold: 0.500
144
+
145
+ # Determines whether the agent will capture query plans for slow
146
+ # SQL queries. Only supported in mysql and postgres. Should be
147
+ # set to false when using other adapters.
148
+ # explain_enabled: true
149
+
150
+ # Threshold for query execution time below which query plans will
151
+ # not be captured. Relevant only when `explain_enabled` is true.
152
+ # explain_threshold: 0.5
153
+
154
+ # Error collector captures information about uncaught exceptions and
155
+ # sends them to New Relic for viewing
156
+ error_collector:
157
+
158
+ # Error collector is enabled by default. Set this to false to turn
159
+ # it off. This feature is only available at the Professional and above
160
+ # product levels.
161
+ enabled: true
162
+
163
+ # Rails Only - tells error collector whether or not to capture a
164
+ # source snippet around the place of the error when errors are View
165
+ # related.
166
+ capture_source: true
167
+
168
+ # To stop specific errors from reporting to New Relic, set this property
169
+ # to comma-separated values. Default is to ignore routing errors,
170
+ # which are how 404's get triggered.
171
+ ignore_errors: "ActionController::RoutingError,Sinatra::NotFound"
172
+
173
+ # If you're interested in capturing memcache keys as though they
174
+ # were SQL uncomment this flag. Note that this does increase
175
+ # overhead slightly on every memcached call, and can have security
176
+ # implications if your memcached keys are sensitive
177
+ # capture_memcache_keys: true
178
+
179
+ # Application Environments
180
+ # ------------------------------------------
181
+ # Environment-specific settings are in this section.
182
+ # For Rails applications, RAILS_ENV is used to determine the environment.
183
+ # For Java applications, pass -Dnewrelic.environment <environment> to set
184
+ # the environment.
185
+
186
+ # NOTE if your application has other named environments, you should
187
+ # provide newrelic configuration settings for these environments here.
188
+
189
+ development:
190
+ <<: *default_settings
191
+ # Turn off communication to New Relic service in development mode (also
192
+ # 'enabled').
193
+ # NOTE: for initial evaluation purposes, you may want to temporarily
194
+ # turn the agent on in development mode.
195
+ monitor_mode: false
196
+
197
+ # Rails Only - when running in Developer Mode, the New Relic Agent will
198
+ # present performance information on the last 100 transactions you have
199
+ # executed since starting the mongrel.
200
+ # NOTE: There is substantial overhead when running in developer mode.
201
+ # Do not use for production or load testing.
202
+ developer_mode: true
203
+
204
+ # Enable textmate links
205
+ # textmate: true
206
+
207
+ test:
208
+ <<: *default_settings
209
+ # It almost never makes sense to turn on the agent when running
210
+ # unit, functional or integration tests or the like.
211
+ monitor_mode: false
212
+
213
+ # Turn on the agent in production for 24x7 monitoring. NewRelic
214
+ # testing shows an average performance impact of < 5 ms per
215
+ # transaction, you can leave this on all the time without
216
+ # incurring any user-visible performance degradation.
217
+ production:
218
+ <<: *default_settings
219
+ monitor_mode: true
220
+
221
+ # Many applications have a staging environment which behaves
222
+ # identically to production. Support for that environment is provided
223
+ # here. By default, the staging environment has the agent turned on.
224
+ staging:
225
+ <<: *default_settings
226
+ monitor_mode: true
227
+ # app_name: My Application (Staging)
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nessus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.0
4
+ version: 0.2.1.beta.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erran Carey
@@ -15,70 +15,70 @@ dependencies:
15
15
  name: bundler
16
16
  requirement: !ruby/object:Gem::Requirement
17
17
  requirements:
18
- - - ~>
18
+ - - "~>"
19
19
  - !ruby/object:Gem::Version
20
20
  version: '1.3'
21
21
  type: :development
22
22
  prerelease: false
23
23
  version_requirements: !ruby/object:Gem::Requirement
24
24
  requirements:
25
- - - ~>
25
+ - - "~>"
26
26
  - !ruby/object:Gem::Version
27
27
  version: '1.3'
28
28
  - !ruby/object:Gem::Dependency
29
29
  name: pry
30
30
  requirement: !ruby/object:Gem::Requirement
31
31
  requirements:
32
- - - '>='
32
+ - - ">="
33
33
  - !ruby/object:Gem::Version
34
34
  version: '0'
35
35
  type: :development
36
36
  prerelease: false
37
37
  version_requirements: !ruby/object:Gem::Requirement
38
38
  requirements:
39
- - - '>='
39
+ - - ">="
40
40
  - !ruby/object:Gem::Version
41
41
  version: '0'
42
42
  - !ruby/object:Gem::Dependency
43
43
  name: rake
44
44
  requirement: !ruby/object:Gem::Requirement
45
45
  requirements:
46
- - - '>='
46
+ - - ">="
47
47
  - !ruby/object:Gem::Version
48
48
  version: '0'
49
49
  type: :development
50
50
  prerelease: false
51
51
  version_requirements: !ruby/object:Gem::Requirement
52
52
  requirements:
53
- - - '>='
53
+ - - ">="
54
54
  - !ruby/object:Gem::Version
55
55
  version: '0'
56
56
  - !ruby/object:Gem::Dependency
57
57
  name: yard
58
58
  requirement: !ruby/object:Gem::Requirement
59
59
  requirements:
60
- - - '>='
60
+ - - ">="
61
61
  - !ruby/object:Gem::Version
62
62
  version: '0'
63
63
  type: :development
64
64
  prerelease: false
65
65
  version_requirements: !ruby/object:Gem::Requirement
66
66
  requirements:
67
- - - '>='
67
+ - - ">="
68
68
  - !ruby/object:Gem::Version
69
69
  version: '0'
70
70
  - !ruby/object:Gem::Dependency
71
71
  name: faraday
72
72
  requirement: !ruby/object:Gem::Requirement
73
73
  requirements:
74
- - - '>='
74
+ - - ">="
75
75
  - !ruby/object:Gem::Version
76
76
  version: '0'
77
77
  type: :runtime
78
78
  prerelease: false
79
79
  version_requirements: !ruby/object:Gem::Requirement
80
80
  requirements:
81
- - - '>='
81
+ - - ">="
82
82
  - !ruby/object:Gem::Version
83
83
  version: '0'
84
84
  description: A Ruby client for the Nessus 5.x JSON REST API
@@ -89,8 +89,9 @@ executables: []
89
89
  extensions: []
90
90
  extra_rdoc_files: []
91
91
  files:
92
- - .gitignore
92
+ - ".gitignore"
93
93
  - Gemfile
94
+ - Gemfile.lock
94
95
  - LICENSE.md
95
96
  - README.md
96
97
  - Rakefile
@@ -111,6 +112,7 @@ files:
111
112
  - lib/nessus/client/uuid.rb
112
113
  - lib/nessus/error.rb
113
114
  - lib/nessus/version.rb
115
+ - mjcarey@10.5.5.14
114
116
  - nessus.gemspec
115
117
  homepage: https://github.com/threatagent/nessus.rb
116
118
  licenses:
@@ -122,17 +124,17 @@ require_paths:
122
124
  - lib
123
125
  required_ruby_version: !ruby/object:Gem::Requirement
124
126
  requirements:
125
- - - '>='
127
+ - - ">="
126
128
  - !ruby/object:Gem::Version
127
129
  version: '0'
128
130
  required_rubygems_version: !ruby/object:Gem::Requirement
129
131
  requirements:
130
- - - '>='
132
+ - - ">"
131
133
  - !ruby/object:Gem::Version
132
- version: '0'
134
+ version: 1.3.1
133
135
  requirements: []
134
136
  rubyforge_project:
135
- rubygems_version: 2.0.3
137
+ rubygems_version: 2.2.0
136
138
  signing_key:
137
139
  specification_version: 4
138
140
  summary: A Ruby client for the Nessus 5.x JSON REST API. UPDATE_ME