nexpose 0.0.91 → 0.0.92

data/lib/nexpose/creds.rb

@@ -72,7 +72,7 @@ module Nexpose
          xml << %Q{ port="#{replace_entities(port)}"} if (port)
          xml << '>'
          xml << replace_entities(securityblob) if (isblob)
-         xml << @headers.to_xml()
+         xml << @headers.to_xml() if @headers
          xml << '</adminCredentials>'
 
          xml

data/lib/nexpose/report.rb

@@ -76,7 +76,7 @@ module Nexpose
 			else
 				false
 			end
-		end
+    end
 	end
 
 	# === Description
@@ -249,7 +249,11 @@ module Nexpose
 				doc = Rex::MIME::Message.new data
 				doc.parts.each do |part|
 					if /.*base64.*/ =~ part.header.to_s
-						return parse_xml(part.content.unpack("m*")[0])
+						if (@format == "text") or (@format == "pdf") or (@format == "csv")
+              						return part.content.unpack("m*")[0]
+            					else
+              						return parse_xml(part.content.unpack("m*")[0])
+            					end
 					end
 				end
 			end
@@ -519,7 +523,7 @@ module Nexpose
 			r = @connection.execute('<ReportTemplateListingRequest session-id="' + connection.session_id.to_s + '"/>')
 			if (r.success)
 				r.res.elements.each('ReportTemplateListingResponse/ReportTemplateSummary') do |r|
-					@report_template_summaries.push(ReportTemplateSumary.new(r.attributes['id'], r.attributes['name']))
+					@report_template_summaries.push(ReportTemplateSummary.new(r.attributes['id'], r.attributes['name'], r.attributes['description']))
 				end
 			else
 				@error = true
@@ -528,7 +532,35 @@ module Nexpose
 
 		end
 
-	end
+  end
+
+  class ReportListing
+
+    attr_reader :error_msg
+    attr_reader :error
+    attr_reader :request_xml
+    attr_reader :response_xml
+    attr_reader :connection
+    attr_reader :xml_tag_stack
+    attr_reader :report_summaries #; //Array (ReportSummary*)
+
+    def initialize(connection)
+
+      @error = nil
+      @connetion = connection
+      @report_summaries = []
+
+      r = @connetion.execute('<ReportListingRequest session-id="' + connection.session_id.to_s + '"/>')
+      if (r.success)
+        r.res.elements.each('ReportListingResponse/ReportConfigSummary') do |r|
+          @report_summaries.push(ReportSummary.new(r.attributes['template-id'], r.attributes['cfg-id'], r.attributes['status'], r.attributes['generated-on'], r.attributes['report-URI']))
+        end
+      else
+        @error = true
+        @error_msg = 'ReportListingRequest Parse Error'
+      end
+    end
+  end
 
 
 	class ReportTemplateSummary

data/lib/nexpose/scan_engine.rb

@@ -110,38 +110,117 @@ module Nexpose
 		attr_accessor :sites
 		attr_accessor :priority
 
-		def initialize(connection, engine_id)
+		def initialize(connection, id = -1)
 			@connection = connection
-			@id = nil
+			@id = id
 			@address = nil
 			@name = nil
-			@port = nil
-			@scope = nil
-			@priority = 'global'
+			@port = 40814
+			@scope = 'silo'
+			@priority = 'normal'
 			@sites = []
 
-			r = @connection.execute('<EngineConfigRequest session-id="' + @connection.session_id + '" engine-id="' + engine_id + '"/>', '1.2')
+      # If valid ID provided, retrieve data from server.
+      if (id > 0)
+        xml = '<EngineConfigRequest session-id="' + @connection.session_id + '"'
+        xml << %Q{ engine-id="#{id}"}
+        xml << ' />'
+        r = @connection.execute(xml, '1.2')
 
-			if (r.success)
-				r.res.elements.each('EngineConfigResponse/EngineConfig') do |v|
-					@id = v.attributes['id']
-					@address = v.attributes['address']
-					@name = v.attributes['name']
-					@port = v.attributes['port']
-					@scope = v.attributes['scope']
-					v.elements.each('Site') do |s|
-						@sites << s.attributes['id']
-					end
-				end
-			else
-				@error = true
-				@error_msg = 'EngineConfigRequest Parse Error'
-			end
-		end
+        if (r.success)
+          r.res.elements.each('EngineConfigResponse/EngineConfig') do |v|
+            @id = v.attributes['id']
+            @address = v.attributes['address']
+            @name = v.attributes['name']
+            @port = v.attributes['port']
+            @scope = v.attributes['scope']
+            v.elements.each('Site') do |s|
+              @sites << s.attributes['id']
+            end
+          end
+        else
+          @error = true
+          @error_msg = 'EngineConfigRequest Parse Error'
+        end
+      end
+    end
 
-		def save
+    def to_xml
+      xml = '<EngineConfig'
+      xml << %Q{ id="#{id}"}
+      xml << %Q{ address="#{address}"}
+      xml << %Q{ name="#{name}"}
+      xml << %Q{ port="#{port}"}
+      xml << %Q{ scope="#{scope}"}
+      xml << %Q{ priority="#{priority}"} if (priority)
+      # TODO: xml << %Q{ sites="#{sites}"} if (sites)
+      xml << ' />'
+      xml
+    end
 
-		end
-	end
+    # Save this engine configuration
+    # Example usage:
+    #   engine = EngineConfig.new(@nsc)
+    #   engine.address = 'atlanta.company.com'
+    #   engine.name = 'Atlanta Engine'
+    #   engine.save()
+    def save
+      xml = '<EngineSaveRequest session-id="' + @connection.session_id + '">'
+      xml << to_xml
+      xml << '</EngineSaveRequest>'
+
+      r = @connection.execute(xml, '1.2')
+      unless (r.success)
+        @error = true
+        @error_msg = 'EngineSaveRequest Parse Error'
+      end
+    end
+  end
+
+  #-------------------------------------------------------------------------------------------------------------------
+  # Core objects for creating an engine pool
+  # Example usage:
+  #   pool = EnginePool.new('East Coast Pool')
+  #   pool.add('New York Engine')
+  #   pool.add('Georgia Engine')
+  #   id = pool.create(@nsc)
+  #-------------------------------------------------------------------------------------------------------------------
+	class EnginePool
+		attr_accessor :name
+		attr_accessor :scope
+		attr_accessor :engines
+
+		def initialize(name, scope = 'silo')
+			@name = name
+			@scope = scope
+      @engines = []
+    end
+
+    # Add an engine to the pool by name (not ID).
+    def add(engine)
+      engines << engine
+    end
+
+    # Create an engine pool from the existing configuration.
+    # Returns the engine ID assigned to the pool, if successful.
+    def create(connection)
+      xml = '<EnginePoolCreateRequest session-id="' + connection.session_id + '">'
+      xml << %Q{<EnginePool name="#{name}" scope="#{scope}">}
+      engines.each do |engine|
+        xml << %Q{<Engine name="#{engine}" />}
+      end
+      xml << '</EnginePool>'
+      xml << '</EnginePoolCreateRequest>'
 
-end
+      r = connection.execute(xml, '1.2')
+      if (r.success)
+        r.res.elements.each('EnginePoolCreateResponse') do |v|
+          return v.attributes['id']
+        end
+      else 
+        @error = true
+        @error_msg = 'EnginePoolCreateResponse Parse Error'
+      end
+    end
+  end
+end

data/lib/nexpose/site.rb

@@ -582,7 +582,10 @@ module Nexpose
 			@scan_summaries = Array.new()
 
 			r = @connection.execute('<SiteScanHistoryRequest' + ' session-id="' + @connection.session_id + '" site-id="' + "#{@site_id}" + '"/>')
-			status = r.success
+
+			if r and r.success
+         		r
+      		end
 		end
 	end
 

data/nexpose.gemspec

@@ -1,18 +1,18 @@
 # encoding: utf-8
 
 APP_NAME = "nexpose"
-VERSION = "0.0.91"
+VERSION = "0.0.92"
 REVISION = "12878"
 
 Gem::Specification.new do |s|
 	s.name                  = APP_NAME
 	s.version               = VERSION
 	s.homepage              = "https://github.com/rapid7/nexpose-client"
-	s.summary               = "Ruby API for Rapid7 Nexpose"
-	s.description           = "This gem provides a Ruby API to the Nexpose vulnerability management product by Rapid7. This version is based on Metasploit SVN revision #{REVISION}"
+	s.summary               = "Ruby API for Rapid7 NeXpose"
+	s.description           = "This gem provides a Ruby API to the NeXpose vulnerability management product by Rapid7. This version is based on Metasploit SVN revision #{REVISION}"
 	s.license               = "BSD"
 	s.authors               = ["HD Moore", "Chris Lee"]
-	s.email		        	= ["hdm@metasploit.com", "christopher_lee@rapid7.com"]
+	s.email		        	    = ["hdm@metasploit.com", "christopher_lee@rapid7.com"]
 	s.files                 = Dir['[A-Z]*'] + Dir['lib/**/*']
 	s.require_paths         = ["lib"]
 	s.extra_rdoc_files      = ["README.markdown"]

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.0.91
+  version: 0.0.92
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-03-08 00:00:00.000000000Z
+date: 2012-05-02 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: librex
-  requirement: &29000580 !ruby/object:Gem::Requirement
+  requirement: &30053556 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 0.0.32
   type: :runtime
   prerelease: false
-  version_requirements: *29000580
+  version_requirements: *30053556
 - !ruby/object:Gem::Dependency
   name: rex
-  requirement: &29000304 !ruby/object:Gem::Requirement
+  requirement: &30053280 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,8 +33,8 @@ dependencies:
         version: 1.0.2
   type: :runtime
   prerelease: false
-  version_requirements: *29000304
-description: This gem provides a Ruby API to the Nexpose vulnerability management
+  version_requirements: *30053280
+description: This gem provides a Ruby API to the NeXpose vulnerability management
   product by Rapid7. This version is based on Metasploit SVN revision 12878
 email:
 - hdm@metasploit.com
@@ -86,5 +86,5 @@ rubyforge_project:
 rubygems_version: 1.8.17
 signing_key: 
 specification_version: 3
-summary: Ruby API for Rapid7 Nexpose
+summary: Ruby API for Rapid7 NeXpose
 test_files: []