nexpose-security-console 0.0.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 726e8181f2328a6e9a6b707e820f8e7fff4c69fd
+  data.tar.gz: 38b349ab29b97b32ace3affc8f29e691227c9971
+SHA512:
+  metadata.gz: 352ec6620e0bfc945b6cb05b7d7c90f7c238b641e2dd438983a52b8c8bb4b770c9401982038db6340777a8da266acf3d418cdb286625c2d251229894a57bb838
+  data.tar.gz: 402485d1b7002b8582d5837ba109ca5f5efaf7171e140736ba0a648a57ece4d140afc66a9925c955a585fdcd6e75410c1e11c2cdfbd2ff11df297806ceb85ea6

data/.gitignore

@@ -0,0 +1,9 @@
+/.bundle/
+/.yardoc
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/

data/Gemfile

@@ -0,0 +1,2 @@
+source 'https://rubygems.org'
+gemspec

data/Guardfile

@@ -0,0 +1,54 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+
+## Uncomment and set this to only include directories you want to watch
+# directories %w(app lib config test spec features) \
+#  .select{|d| Dir.exists?(d) ? d : UI.warning("Directory #{d} does not exist")}
+
+## Note: if you are using the `directories` clause above and you are not
+## watching the project directory ('.'), then you will want to move
+## the Guardfile to a watched dir and symlink it back, e.g.
+#
+#  $ mkdir config
+#  $ mv Guardfile config/
+#  $ ln -s config/Guardfile .
+#
+# and, you'll have to watch "config/Guardfile" instead of "Guardfile"
+
+guard :minitest do
+  # with Minitest::Unit
+  watch(%r{^test/(.*)\/?test_(.*)\.rb$})
+  watch(%r{^lib/(.*/)?([^/]+)\.rb$})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  watch(%r{^test/test_helper\.rb$})      { 'test' }
+
+  # with Minitest::Spec
+  # watch(%r{^spec/(.*)_spec\.rb$})
+  # watch(%r{^lib/(.+)\.rb$})         { |m| "spec/#{m[1]}_spec.rb" }
+  # watch(%r{^spec/spec_helper\.rb$}) { 'spec' }
+
+  # Rails 4
+  # watch(%r{^app/(.+)\.rb$})                               { |m| "test/#{m[1]}_test.rb" }
+  # watch(%r{^app/controllers/application_controller\.rb$}) { 'test/controllers' }
+  # watch(%r{^app/controllers/(.+)_controller\.rb$})        { |m| "test/integration/#{m[1]}_test.rb" }
+  # watch(%r{^app/views/(.+)_mailer/.+})                    { |m| "test/mailers/#{m[1]}_mailer_test.rb" }
+  # watch(%r{^lib/(.+)\.rb$})                               { |m| "test/lib/#{m[1]}_test.rb" }
+  # watch(%r{^test/.+_test\.rb$})
+  # watch(%r{^test/test_helper\.rb$}) { 'test' }
+
+  # Rails < 4
+  # watch(%r{^app/controllers/(.*)\.rb$}) { |m| "test/functional/#{m[1]}_test.rb" }
+  # watch(%r{^app/helpers/(.*)\.rb$})     { |m| "test/helpers/#{m[1]}_test.rb" }
+  # watch(%r{^app/models/(.*)\.rb$})      { |m| "test/unit/#{m[1]}_test.rb" }
+end
+
+guard :bundler do
+  require 'guard/bundler'
+  require 'guard/bundler/verify'
+  helper = Guard::Bundler::Verify.new
+
+  files = ['Gemfile']
+  files += Dir['*.gemspec'] if files.any? { |f| helper.uses_gemspec?(f) }
+
+  # Assume files are symlinked from somewhere
+  files.each { |file| watch(helper.real_path(file)) }
+end

data/README.adoc

@@ -0,0 +1,126 @@
+= Nexpose Security Console
+Christian Kyony <ckyony@changamuka.com>
+v0.0.1, 3 February 2017
+
+
+For security engineers
+who needs to interact with a Rapid7 Nexpose console,
+the *nexpose-security-console* gem is a Git like command line utility
+that provides the ability to:
+
+- create a new site,
+- add an IP to the site,
+- perform a scan against the site usinsc a defined/passed scan template,
+- produce a reports for vulnerabilitie0s, installed software, and policy compliance.
+- to delete in bulk more than 1000 assets in a given site
+- etc
+
+Unlike the Nexposecli gem and other alternatives,
+*nexpose-security-consolei* is designed as command suite a la GIT.
+
+
+== Personal scratch
+
+I need to delete ~ 100 thousands assets from a group asset.
+The web GUI only allows to delete 500 at a time.
+Hence, nexpose-security-console was born.
+
+
+== Installation
+
+=== From Rubygems
+
+----
+$ gem install nexpose-security-console
+----
+
+=== From source code
+
+- If you have access to the Internet, obtain the source code from Github repository.
+
+  $ git clone https://github.com/rhc/nexpose-security-console.git
+
+- Access the source code folder directory.
+
+  $ cd nexpose-security-console
+
+- Install the dependencies
+
+  $ bin/setup
+
+- Install the gem in your local machine
+
+  $ bundle exec rake install
+
+- Run the test suite
+
+  $ rake test
+
+== Usage
+
+You can get help on available commands.
+
+  $ nsc help
+
+  Commands:
+    nsc --version, -v   # Print the version
+    nsc help [COMMAND]  # Describe available commands or one specific command
+
+
+List all active scans
+
+  nsc scan list
+
+Run an adhoc sql query and export via csv
+
+  nsc reports --config ./lab.yaml --sql "select * from dim_asset"
+
+or for more complex sql queries, put the sql into a file and run
+
+  nsc reports --config ./lab.yaml --sqlfile ./new_assets.sql
+
+
+List all reports defined
+
+  nsc reports
+
+Request the console's version details
+
+  nsc console --COMMAND "ver"
+
+Run an adhoc scan for a single ip or network cidr-noted range ( --id )
+
+  nsc scans create --range 192.168.42.103/32
+
+how to add a new custom role for configuration within the console ui, based on a copy of existinsc role
+
+  nsc roles -n security-manager --description "New Role Name" --newname new-short-name
+
+how to add a new user, with default password of "nxpassword" until moved to yaml config is supported
+
+  nsc users create  --name <username> --fullname "Full Name"
+
+how to export packaged scan data in a single zip file
+
+  nsc scan  --update --scanpath ./ --action export --id <scan id>
+
+
+== Configuration
+
+----
+# ~/lab.yaml consists of the following:
+
+config:
+   server: 10.10.10.10
+   port: 3780
+   user: nxuser
+   password: password
+----
+
+== License
+
+The gem is available as open source under the terms of the
+http://opensource.org/licenses/MIT[MIT License].
+
+
+

data/README.rdoc

@@ -0,0 +1,6 @@
+= nexpose-security-console
+
+Describe your project here
+
+:include:nexpose-security-console.rdoc
+

data/Rakefile

@@ -0,0 +1,51 @@
+require 'bundler/gem_tasks'
+require 'rake/testtask'
+require 'rake/clean'
+require 'rubygems'
+require 'rubygems/package_task'
+require 'rdoc/task'
+require 'cucumber'
+require 'cucumber/rake/task'
+
+
+Rake::RDocTask.new do |rd|
+  rd.main = "README.rdoc"
+  rd.rdoc_files.include("README.rdoc","lib/**/*.rb","bin/**/*")
+  rd.title = 'Nexpose Security Console'
+end
+
+spec = eval(File.read('nexpose-security-console.gemspec'))
+
+Gem::PackageTask.new(spec) do |pkg|
+end
+
+CUKE_RESULTS = 'results.html'
+CLEAN << CUKE_RESULTS
+
+desc 'Run features'
+Cucumber::Rake::Task.new(:features) do |t|
+  opts = "features --format html -o #{CUKE_RESULTS} --format progress -x"
+  opts += " --tags #{ENV['TAGS']}" if ENV['TAGS']
+  t.cucumber_opts =  opts
+  t.fork = false
+end
+
+desc 'Run features tagged as work-in-progress (@wip)'
+Cucumber::Rake::Task.new('features:wip') do |t|
+  tag_opts = ' --tags ~@pending'
+  tag_opts = ' --tags @wip'
+  t.cucumber_opts = "features --format html -o #{CUKE_RESULTS} --format pretty -x -s#{tag_opts}"
+  t.fork = false
+end
+
+task :cucumber => :features
+task 'cucumber:wip' => 'features:wip'
+task :wip => 'features:wip'
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.libs << "test"
+  t.test_files = FileList['test/*_test.rb']
+  t.warning = false
+end
+
+task :default => [:test,:features]

data/bin/console

@@ -0,0 +1,11 @@
+#!/usr/bin/env ruby
+
+require "bundler/setup"
+require "nexpose-security-console"
+
+# You can add fixtures and/or initialization code here to make experimenting
+# with your gem easier. You can also use a different console, if you like.
+
+require "pry"
+Pry.start
+

data/bin/setup

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+
+# Do any other automated setup that you need to do here
+bundle exec guard init minitest
+bundle exec guard init bundler

data/exe/nsc

@@ -0,0 +1,89 @@
+#!/usr/bin/env ruby
+require 'gli'
+
+include GLI::App
+
+program_desc 'CLI to interface with Nexpose Security Console'
+version NexposeSecurityConsole::VERSION
+
+subcommand_option_handling :normal
+arguments :strict
+
+desc 'Describe some switch here'
+switch [:s,:switch]
+
+desc 'Describe some flag here'
+default_value 'the default'
+arg_name 'The name of the argument'
+flag [:f,:flagname]
+
+desc 'Manage sites'
+arg_name 'Describe arguments to sites here'
+command :sites do |c|
+  c.desc 'Describe a switch to sites'
+  c.switch :s
+
+  c.desc 'Describe a flag to sites'
+  c.default_value 'default'
+  c.flag :f
+  c.action do |global_options,options,args|
+
+    # Your command logic here
+    # If you have any errors, just raise them
+    # raise "that command made no sense"
+
+    puts "sites command ran"
+  end
+end
+
+desc 'Manage asset groups'
+command :groups do |c|
+  c.desc 'List asset groups'
+  c.command :list do |ls|
+    ls.action do |global_options,options,args|
+      puts "list asset groups"
+    end
+  end
+  c.default_command :list
+
+
+end
+
+desc 'Manage assets'
+arg_name 'Describe arguments to assets here'
+command :assets do |c|
+  c.action do |global_options,options,args|
+    puts "assets command ran"
+  end
+end
+
+desc 'Manage reports'
+arg_name 'Describe arguments to reports here'
+command :reports do |c|
+  c.action do |global_options,options,args|
+    puts "reports command ran"
+  end
+end
+
+pre do |global,command,options,args|
+  # Pre logic here
+  # Return true to proceed; false to abort and not call the
+  # chosen command
+  # Use skips_pre before a command to skip this block
+  # on that command only
+  true
+end
+
+post do |global,command,options,args|
+  # Post logic here
+  # Use skips_post before a command to skip this
+  # block on that command only
+end
+
+on_error do |exception|
+  # Error logic here
+  # return false to skip default error handling
+  true
+end
+
+exit run(ARGV)

data/lib/nexpose-security-console.rb

@@ -0,0 +1,5 @@
+require 'nexpose-security-console/version.rb'
+# require 'nexpose-security-console/cli.rb'
+
+# Add requires for other files you add to your project here, so
+# you just need to require this one file in your bin file

data/lib/nexpose-security-console/version.rb

@@ -0,0 +1,3 @@
+module NexposeSecurityConsole
+  VERSION = '0.0.1'
+end

data/nexpose-security-console.gemspec

@@ -0,0 +1,69 @@
+# Ensure we require the local version and not one we might have installed already
+require File.join([File.dirname(__FILE__),'lib','nexpose-security-console','version.rb'])
+Gem::Specification.new do |spec|
+  spec.name = 'nexpose-security-console'
+  spec.version = NexposeSecurityConsole::VERSION
+  spec.authors = ['Christian Kyony']
+  spec.email = ['ckyony@changamuka.com']
+  spec.homepage = 'http://github.com/rhc/nexpose-security-console'
+  spec.platform = Gem::Platform::RUBY
+  spec.license = 'MIT'
+
+  spec.summary = 'Command line utility to interact with the Nexpose Security Console '
+  spec.description   = <<-DESC
+    For security engineers
+    Who needs to interact with a Rapid7 Nexpose Security console
+    The nexpose-security-console gem is a Git like command line utility
+    That provides the ability to:
+
+    - create a new site,
+    - add an IP to the site,
+    - perform a scan against the site using a defined/passed scan template,
+    - produce a reports for vulnerabilitie0s, installed software, and policy compliance.
+    - to delete in bulk more than 1000 assets in a given site
+    - etc
+
+    Unlike the Nexposecli gem and other alternatives,
+    nexpose-security-console is designed as command suite a la GIT
+  DESC
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the 'allowed_push_host'
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata['allowed_push_host'] = 'https://rubygems.org'
+  else
+    raise 'RubyGems 2.0+ is required to protect against public gem pushes.'
+  end
+
+  spec.files         = `git ls-files -z`.split("\x0").reject do |f|
+    f.match(%r{^(test|spec|features)/})
+  end
+  spec.bindir        = 'exe'
+  spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
+  spec.require_paths << 'lib'
+
+  spec.has_rdoc = true
+  spec.extra_rdoc_files = ['README.rdoc','nexpose-security-console.rdoc']
+  spec.rdoc_options << '--title' << 'nexpose-security-console' << '--main' << 'README.rdoc' << '-ri'
+
+  spec.add_development_dependency 'bundler'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rdoc'
+  spec.add_development_dependency 'aruba'
+
+  spec.add_development_dependency 'minitest', '~> 5.0'
+  spec.add_development_dependency 'minitest-reporters'
+  spec.add_development_dependency 'guard'
+  spec.add_development_dependency 'guard-minitest'
+  spec.add_development_dependency 'guard-bundler'
+  spec.add_development_dependency 'byebug', '~> 9.0'
+  spec.add_development_dependency 'simplecov', '~> 0.12'
+  spec.add_development_dependency 'rubocop', '~> 0'
+  spec.add_development_dependency 'gem-release', '~> 0'
+
+  spec.add_dependency 'gli','~> 2.15.0'
+  spec.add_dependency 'nexpose'
+  spec.add_dependency 'dotenv'
+  spec.add_dependency 'progress_bar'
+
+end