nexpose-security-console 0.0.1 → 0.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 726e8181f2328a6e9a6b707e820f8e7fff4c69fd
-  data.tar.gz: 38b349ab29b97b32ace3affc8f29e691227c9971
+  metadata.gz: 130adf4881cf2c4615be2b889d531b808e94645d
+  data.tar.gz: 3c898559f5db10799e20e506351dc40b2fe24df3
 SHA512:
-  metadata.gz: 352ec6620e0bfc945b6cb05b7d7c90f7c238b641e2dd438983a52b8c8bb4b770c9401982038db6340777a8da266acf3d418cdb286625c2d251229894a57bb838
-  data.tar.gz: 402485d1b7002b8582d5837ba109ca5f5efaf7171e140736ba0a648a57ece4d140afc66a9925c955a585fdcd6e75410c1e11c2cdfbd2ff11df297806ceb85ea6
+  metadata.gz: 79b0f4cf74142145cefab98b367d4889acb4908637cd664df0abf719c28513fbfe1afb77c7856d87596e0c6046304644ac5662d7ee8c1300b79e033dd98872c4
+  data.tar.gz: 32d4d8bc6b88cc816178f83894884931a87cf85b00d85d8c526dae59b1f5e5993873fd1a2648d7889bdc9f17c880b5a0191caa4608d09ffa46be3fa2d633040e

data/.byebug_history

@@ -0,0 +1,23 @@
+quit
+dag = nsc.asset_groups.find {|ags| ags.name == 'Unknown OS' }
+nsc.asset_groups.find_by {|ags| ags.name == 'Unknown OS' }
+nsc.asset_groups
+nsc
+quit
+nsc.session_id
+nsc.session
+n
+password
+port
+server
+username
+quit
+server
+username
+quit
+user
+quit
+port
+password
+user
+host

data/.gitignore

@@ -7,3 +7,6 @@
 /pkg/
 /spec/reports/
 /tmp/
+.env
+tags
+gems.tags

data/Guardfile

@@ -20,25 +20,8 @@ guard :minitest do
   watch(%r{^test/(.*)\/?test_(.*)\.rb$})
   watch(%r{^lib/(.*/)?([^/]+)\.rb$})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }
   watch(%r{^test/test_helper\.rb$})      { 'test' }
+  watch(%r{^features/.*\.feature}) {'rake'}
 
-  # with Minitest::Spec
-  # watch(%r{^spec/(.*)_spec\.rb$})
-  # watch(%r{^lib/(.+)\.rb$})         { |m| "spec/#{m[1]}_spec.rb" }
-  # watch(%r{^spec/spec_helper\.rb$}) { 'spec' }
-
-  # Rails 4
-  # watch(%r{^app/(.+)\.rb$})                               { |m| "test/#{m[1]}_test.rb" }
-  # watch(%r{^app/controllers/application_controller\.rb$}) { 'test/controllers' }
-  # watch(%r{^app/controllers/(.+)_controller\.rb$})        { |m| "test/integration/#{m[1]}_test.rb" }
-  # watch(%r{^app/views/(.+)_mailer/.+})                    { |m| "test/mailers/#{m[1]}_mailer_test.rb" }
-  # watch(%r{^lib/(.+)\.rb$})                               { |m| "test/lib/#{m[1]}_test.rb" }
-  # watch(%r{^test/.+_test\.rb$})
-  # watch(%r{^test/test_helper\.rb$}) { 'test' }
-
-  # Rails < 4
-  # watch(%r{^app/controllers/(.*)\.rb$}) { |m| "test/functional/#{m[1]}_test.rb" }
-  # watch(%r{^app/helpers/(.*)\.rb$})     { |m| "test/helpers/#{m[1]}_test.rb" }
-  # watch(%r{^app/models/(.*)\.rb$})      { |m| "test/unit/#{m[1]}_test.rb" }
 end
 
 guard :bundler do
@@ -52,3 +35,27 @@ guard :bundler do
   # Assume files are symlinked from somewhere
   files.each { |file| watch(helper.real_path(file)) }
 end
+
+cucumber_options = {
+  # Below are examples overriding defaults
+
+  # cmd: 'bin/cucumber',
+  # cmd_additional_args: '--profile guard',
+
+  # all_after_pass: false,
+  # all_on_start: false,
+  # keep_failed: false,
+  # feature_sets: ['features/frontend', 'features/experimental'],
+
+  # run_all: { cmd_additional_args: '--profile guard_all' },
+  # focus_on: { 'wip' }, # @wip
+  # notification: false
+}
+
+guard "cucumber", cucumber_options do
+  watch(%r{^features/.+\.feature$})
+  watch(%r{^features/support/.+$}) { "features" }
+  watch(%r{^features/step_definitions/(.+)_steps\.rb$}) do |m|
+    Dir[File.join("**/#{m[1]}.feature")][0] || "features"
+  end
+end

data/README.adoc

@@ -2,21 +2,20 @@
 Christian Kyony <ckyony@changamuka.com>
 v0.0.1, 3 February 2017
 
-
 For security engineers
 who needs to interact with a Rapid7 Nexpose console,
 the *nexpose-security-console* gem is a Git like command line utility
-that provides the ability to:
-
-- create a new site,
-- add an IP to the site,
-- perform a scan against the site usinsc a defined/passed scan template,
-- produce a reports for vulnerabilitie0s, installed software, and policy compliance.
-- to delete in bulk more than 1000 assets in a given site
-- etc
+that manage (e.g. create, list, update, and remove) the following entities:
+  - sites,
+  - scans,
+  - assets,
+  - asset groups,
+  - reports,
+  - vulnerabilities
+  - etc...
 
-Unlike the Nexposecli gem and other alternatives,
-*nexpose-security-consolei* is designed as command suite a la GIT.
+// Unlike the Nexposecli gem and other alternatives,
+// *nexpose-security-consolei* is designed to follow a
 
 
 == Personal scratch
@@ -26,9 +25,12 @@ The web GUI only allows to delete 500 at a time.
 Hence, nexpose-security-console was born.
 
 
+
 == Installation
 
-=== From Rubygems
+=== From Ruby Gems
+
+Simply run the command below
 
 ----
 $ gem install nexpose-security-console
@@ -67,43 +69,44 @@ You can get help on available commands.
     nsc help [COMMAND]  # Describe available commands or one specific command
 
 
-List all active scans
-
-  nsc scan list
-
-Run an adhoc sql query and export via csv
-
-  nsc reports --config ./lab.yaml --sql "select * from dim_asset"
-
-or for more complex sql queries, put the sql into a file and run
-
-  nsc reports --config ./lab.yaml --sqlfile ./new_assets.sql
-
-
-List all reports defined
-
-  nsc reports
-
-Request the console's version details
-
-  nsc console --COMMAND "ver"
-
-Run an adhoc scan for a single ip or network cidr-noted range ( --id )
-
-  nsc scans create --range 192.168.42.103/32
-
-how to add a new custom role for configuration within the console ui, based on a copy of existinsc role
-
-  nsc roles -n security-manager --description "New Role Name" --newname new-short-name
-
-how to add a new user, with default password of "nxpassword" until moved to yaml config is supported
-
-  nsc users create  --name <username> --fullname "Full Name"
-
-how to export packaged scan data in a single zip file
-
-  nsc scan  --update --scanpath ./ --action export --id <scan id>
 
+// List all active scans
+//
+//   nsc scan list
+//
+// Run an adhoc sql query and export via csv
+//
+//   nsc reports --sql "select * from dim_asset"
+//
+// or for more complex sql queries, put the sql into a file and run
+//
+//   nsc reports --sqlfile ./new_assets.sql
+//
+//
+// List all reports defined
+//
+//   nsc reports
+//
+// Request the console's version details
+//
+//   nsc console commands "ver"
+//
+// Run an adhoc scan for a single ip or network cidr-noted range ( --id )
+//
+//   nsc scans create --range 192.168.42.103/32
+//
+// how to add a new custom role for configuration within the console ui, based on a copy of existinsc role
+//
+//   nsc roles -n security-manager --description "New Role Name" --newname new-short-name
+//
+// how to add a new user, with default password of "nxpassword" until moved to yaml config is supported
+//
+//   nsc users create  --name <username> --fullname "Full Name"
+//
+// how to export packaged scan data in a single zip file
+//
+//   nsc scan  --update --scanpath ./ --action export --id <scan id>
+//
 
 == Configuration
 

data/bin/console

@@ -1,5 +1,4 @@
 #!/usr/bin/env ruby
-
 require "bundler/setup"
 require "nexpose-security-console"
 

data/bin/setup

@@ -8,3 +8,4 @@ bundle install
 # Do any other automated setup that you need to do here
 bundle exec guard init minitest
 bundle exec guard init bundler
+bundle exec guard init cucumber

data/exe/nsc

@@ -1,7 +1,12 @@
 #!/usr/bin/env ruby
 require 'gli'
+require "nexpose-security-console"
+require 'progress_bar'
+require 'csv'
+
 
 include GLI::App
+include NexposeSecurityConsole
 
 program_desc 'CLI to interface with Nexpose Security Console'
 version NexposeSecurityConsole::VERSION
@@ -9,23 +14,9 @@ version NexposeSecurityConsole::VERSION
 subcommand_option_handling :normal
 arguments :strict
 
-desc 'Describe some switch here'
-switch [:s,:switch]
-
-desc 'Describe some flag here'
-default_value 'the default'
-arg_name 'The name of the argument'
-flag [:f,:flagname]
-
 desc 'Manage sites'
 arg_name 'Describe arguments to sites here'
 command :sites do |c|
-  c.desc 'Describe a switch to sites'
-  c.switch :s
-
-  c.desc 'Describe a flag to sites'
-  c.default_value 'default'
-  c.flag :f
   c.action do |global_options,options,args|
 
     # Your command logic here
@@ -36,19 +27,82 @@ command :sites do |c|
   end
 end
 
+desc 'Verify connection to the server'
+command [:connect, :login] do |c|
+  c.flag [:u, :username], arg_name: 'USERNAME', default_value: ENV['NEXPOSE_USER']
+  c.flag [:p, :password], arg_name: 'PASSWORD', default_value: ENV['NEXPOSE_PASSWORD']  
+  c.flag [:s, :server], arg_name: 'SERVER', default_value: ENV['NEXPOSE_HOST']
+  c.flag [:port], arg_name: 'PORT', default_value: 3780, type: Integer
+
+  c.action do |global_options,options,args|
+    username = options[:username] 
+    password = options[:password]
+    server = options[:server]
+    port = options[:port]
+
+    nsc = NexposeSecurityConsole.connection
+    puts "Success" if nsc.login
+    nsc.logout
+  end
+end
+
+
 desc 'Manage asset groups'
 command :groups do |c|
   c.desc 'List asset groups'
-  c.command :list do |ls|
-    ls.action do |global_options,options,args|
+  c.command :list do |list|
+    list.action do |global_options,options,args|
       puts "list asset groups"
     end
   end
   c.default_command :list
+end
 
+desc 'Bulk delete assets with unknown OS' 
+command :bulk_delete do |c|
+  c.action do |global_options, options, args|
+    nsc = NexposeSecurityConsole.login
+    nsc.login
+    puts 'Retrieving all assets with unknown OS'
+    puts 'This may take a while. Be patient ...'
+
+    # group_name = 'Unknown OS'
+    # query = %Q(
+    #   select asset_id from dim_asset_group_asset  daga
+    #   join dim_asset_group dag using(asset_group_id)
+    #   where dag.name = '#{group_name}'
+    # )
+    #
+    # puts query
+    # # assets = nsc.filter(Nexpose::Search::Field::OS, Nexpose::Search::Operator::IS_EMPTY, '')
+    # puts "Create the report"
+    # report_config = Nexpose::AdhocReportConfig.new(nil, 'sql')
+    # report_config.add_filter('version', '2.2.0')
+    # report_config.add_filter('query', query)
+    # report_output = report_config.generate(nsc)
+    #
+    # devices = CSV.parse(report_output.chomp, { :headers => :first_row })
+    # puts total = devices.count
+    # bar = ProgressBar.new(total, :counter, :percentage, :eta)
+    # devices.each_with_index do |device , index|
+    #   id = device["asset_id"].to_i
+    #   nsc.delete_device(id)
+    #   bar.increment!
+    dag = nsc.asset_groups.find {|group| group.name == 'Unknown OS' }
+    group = Nexpose::AssetGroup.load(nsc, dag.id)  
+    total = group.assets.count
+    bar = ProgressBar.new(total, :counter, :percentage, :eta)
+    group.assets.each_with_index do |a,i| 
+      nsc.delete_asset(a.id)      
+      bar.increment!
+    end
 
+    nsc.logout
+  end
 end
 
+
+
 desc 'Manage assets'
 arg_name 'Describe arguments to assets here'
 command :assets do |c|

data/lib/nexpose-security-console.rb

@@ -1,5 +1,32 @@
 require 'nexpose-security-console/version.rb'
-# require 'nexpose-security-console/cli.rb'
+require 'nexpose'
+require 'dotenv'
+require 'byebug'
 
 # Add requires for other files you add to your project here, so
 # you just need to require this one file in your bin file
+
+module NexposeSecurityConsole
+  def self.connection(username, password, server, port)
+    Dotenv.load
+    nsc = Nexpose::Connection.new(server, username, password, port)
+    # nsc.login
+    nsc
+  end
+
+  def self.credentials
+  end
+
+
+  # login with credential values stored in the ENV variables
+  def self.login
+    Dotenv.load
+    server = ENV['NEXPOSE_HOST']
+    username = ENV['NEXPOSE_USER']
+    password = ENV['NEXPOSE_PASSWORD']
+    port = ENV['NEXPOSE_PORT']
+    nsc = Nexpose::Connection.new(server, username, password, port)
+    # nsc.login
+    nsc
+  end
+end

data/lib/nexpose-security-console/connection.rb

@@ -0,0 +1,3 @@
+module NexposeSecurityConsole
+
+end

data/lib/nexpose-security-console/group.rb

@@ -0,0 +1,28 @@
+module NexposeSecurityConsole
+  module Group
+    include NexposeSecurityConsole
+
+    def self.list
+      begin
+        puts "Login"
+        nsc = Nexpose::Connection.new(@host, @user, @password, @port)
+        nsc.login
+
+        puts "Total: #{total}"
+        bar = ProgressBar.new(total, :counter, :percentage, :eta)
+        devices.each_with_index do |device , index|
+          id = device["asset_id"].to_i
+          if @dry_run
+            puts "Asset##{id}"
+          else
+            nsc.delete_device(id)
+          end
+          bar.increment!
+        end
+      ensure
+        nsc.logout
+      end
+    end
+  end
+
+end

data/lib/nexpose-security-console/version.rb

@@ -1,3 +1,3 @@
 module NexposeSecurityConsole
-  VERSION = '0.0.1'
+  VERSION = '0.0.2'
 end

data/nexpose-security-console.gemspec

@@ -56,6 +56,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'guard'
   spec.add_development_dependency 'guard-minitest'
   spec.add_development_dependency 'guard-bundler'
+  spec.add_development_dependency 'guard-cucumber'
   spec.add_development_dependency 'byebug', '~> 9.0'
   spec.add_development_dependency 'simplecov', '~> 0.12'
   spec.add_development_dependency 'rubocop', '~> 0'

data/results.html

@@ -470,4 +470,4 @@ e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["
     $('#'+element_id).css('color', '#000000');
   }
 
-</script></head><body><!-- Step count 0--><div class="cucumber"><div id="cucumber-header"><div id="label"><h1>Cucumber Features</h1></div><div id="summary"><p id="totals"></p><p id="duration"></p><div id="expand-collapse"><p id="expander">Expand All</p><p id="collapser">Collapse All</p></div></div></div><div class="feature"><h2><span class="val">Feature: My bootstrapped app kinda works</span></h2><p class="narrative">In order to get going on coding my awesome app<br/>I want to have aruba and cucumber setup<br/>So I don't have to do it myself<br/></p><div class='scenario'><span class="scenario_file">features/nexpose-security-console.feature:6</span><h3 id="scenario_1"><span class="keyword">Scenario:</span> <span class="val">App just runs</span></h3><ol><li id='' class='step passed'><div class="step_name"><span class="keyword">When </span><span class="step val">I get help for &quot;<span class="param">nsc</span>&quot;</span></div><div class="step_file"><span>features/step_definitions/nexpose-security-console_steps.rb:1</span></div></li> <script type="text/javascript">moveProgressBar('100.0');</script><li id='' class='step passed'><div class="step_name"><span class="keyword">Then </span><span class="step val">the exit status should be <span class="param">0</span></span></div><div class="step_file"><span>aruba-0.14.2/lib/aruba/cucumber/command.rb:277</span></div></li> <script type="text/javascript">moveProgressBar('100.0');</script></ol></div></div><script type="text/javascript">document.getElementById('duration').innerHTML = "Finished in <strong>0m0.846s seconds</strong>";</script><script type="text/javascript">document.getElementById('totals').innerHTML = "1 scenario (1 passed)<br />2 steps (2 passed)";</script></div></body></html>
+</script></head><body><!-- Step count 0--><div class="cucumber"><div id="cucumber-header"><div id="label"><h1>Cucumber Features</h1></div><div id="summary"><p id="totals"></p><p id="duration"></p><div id="expand-collapse"><p id="expander">Expand All</p><p id="collapser">Collapse All</p></div></div></div><div class="feature"><h2><span class="val">Feature: My bootstrapped app kinda works</span></h2><p class="narrative">In order to get going on coding my awesome app<br/>I want to have aruba and cucumber setup<br/>So I don't have to do it myself<br/></p><div class='scenario'><span class="scenario_file">features/nexpose-security-console.feature:6</span><h3 id="scenario_1"><span class="keyword">Scenario:</span> <span class="val">App just runs</span></h3><ol><li id='' class='step passed'><div class="step_name"><span class="keyword">When </span><span class="step val">I get help for &quot;<span class="param">nsc</span>&quot;</span></div><div class="step_file"><span>features/step_definitions/nexpose-security-console_steps.rb:1</span></div></li> <script type="text/javascript">moveProgressBar('100.0');</script><li id='' class='step passed'><div class="step_name"><span class="keyword">Then </span><span class="step val">the exit status should be <span class="param">0</span></span></div><div class="step_file"><span>aruba-0.14.2/lib/aruba/cucumber/command.rb:277</span></div></li> <script type="text/javascript">moveProgressBar('100.0');</script></ol></div></div><script type="text/javascript">document.getElementById('duration').innerHTML = "Finished in <strong>0m0.842s seconds</strong>";</script><script type="text/javascript">document.getElementById('totals').innerHTML = "1 scenario (1 passed)<br />2 steps (2 passed)";</script></div></body></html>

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: nexpose-security-console
 version: !ruby/object:Gem::Version
-  version: 0.0.1
+  version: 0.0.2
 platform: ruby
 authors:
 - Christian Kyony
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2017-02-05 00:00:00.000000000 Z
+date: 2017-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -136,6 +136,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-cucumber
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: byebug
   requirement: !ruby/object:Gem::Requirement
@@ -272,6 +286,7 @@ extra_rdoc_files:
 - README.rdoc
 - nexpose-security-console.rdoc
 files:
+- ".byebug_history"
 - ".gitignore"
 - Gemfile
 - Gemfile.lock
@@ -283,6 +298,8 @@ files:
 - bin/setup
 - exe/nsc
 - lib/nexpose-security-console.rb
+- lib/nexpose-security-console/connection.rb
+- lib/nexpose-security-console/group.rb
 - lib/nexpose-security-console/version.rb
 - nexpose-security-console.gemspec
 - nexpose-security-console.rdoc