nexpose 0.0.94 → 0.0.95

data/lib/nexpose.rb

@@ -95,7 +95,7 @@ module Nexpose
 	def self.getAttribute(attribute, xml)
 		value = ''
 		#@value = substr(substr(strstr(strstr(@xml,@attribute),'"'),1),0,strpos(substr(strstr(strstr(@xml,@attribute),'"'),1),'"'))
-		yvalue
+		value
 	end
 
 	# === Description
@@ -126,4 +126,4 @@ module Nexpose
 		end
 	end
 
-end
+end

data/lib/nexpose/creds.rb

@@ -1,189 +1,279 @@
 module Nexpose
-   include Sanitize
-
-   # === Description
-   # Object that represents administrative credentials to be used during a scan. When retrived from an existing site configuration the credentials will be returned as a security blob and can only be passed back as is during a Site Save operation. This object can only be used to create a new set of credentials.
-   #
-   class AdminCredentials
-      # Security blob for an existing set of credentials
-      attr_reader :securityblob
-      # Designates if this object contains user defined credentials or a security blob
-      attr_reader :isblob
-      # The service for these credentials. Can be All.
-      attr_reader :service
-      # The host for these credentials. Can be Any.
-      attr_reader :host
-      # The port on which to use these credentials.
-      attr_reader :port
-      # The user id or username
-      attr_reader :userid
-      # The password
-      attr_reader :password
-      # The realm for these credentials
-      attr_reader :realm
-      # When using httpheaders, this represents the set of headers to pass
-      # with the authentication request.
-      attr_reader :headers
-
-      def initialize(isblob = false)
-         @isblob = isblob
-      end
+  # === Description
+  # Object that represents administrative credentials to be used
+  # during a scan. When retrived from an existing site configuration
+  # the credentials will be returned as a security blob and can only
+  # be passed back as is during a Site Save operation. This object
+  # can only be used to create a new set of credentials.
+  #
+  class AdminCredentials
+    include XMLUtils
 
-      # Sets the credentials information for this object.
-      def setCredentials(service, host, port, userid, password, realm)
-         @isblob = false
-         @securityblob = nil
-         @service = service
-         @host = host
-         @port = port
-         @userid = userid
-         @password = password
-         @realm = realm
-      end
+    # Security blob for an existing set of credentials
+    attr_reader :securityblob
+    # Designates if this object contains user defined credentials or a security blob
+    attr_reader :isblob
+    # The service for these credentials. Can be All.
+    attr_reader :service
+    # The host for these credentials. Can be Any.
+    attr_reader :host
+    # The port on which to use these credentials.
+    attr_reader :port
+    # The user id or username
+    attr_reader :userid
+    # The password
+    attr_reader :password
+    # The realm for these credentials
+    attr_reader :realm
+    # When using httpheaders, this represents the set of headers to pass
+    # with the authentication request.
+    attr_reader :headers
+    # When using htmlforms, this represents the tho form to pass the
+    # authentication request to.
+    attr_reader :html_forms
 
-      # TODO: add description
-      def setService(service)
-         @service = service
-      end
+    def initialize(isblob = false)
+      @isblob = isblob
+    end
 
-      def setHost(host)
-         @host = host
-      end
+    # Sets the credentials information for this object.
+    def set_credentials(service, host, port, userid, password, realm)
+      @isblob = false
+      @securityblob = nil
+      @service = service
+      @host = host
+      @port = port
+      @userid = userid
+      @password = password
+      @realm = realm
+    end
 
-      # TODO: add description
-      def setBlob(securityblob)
-         @isblob = true
-         @securityblob = securityblob
-      end
+    # TODO: add description
+    def set_service(service)
+      @service = service
+    end
 
-      # Add Headers to credentials for httpheaders.
-      def setHeaders(headers)
-         @headers = headers
-      end
+    def set_host(host)
+      @host = host
+    end
 
-      def to_xml
-         xml = ''
-         xml << '<adminCredentials'
-         xml << %Q{ service="#{replace_entities(service)}"} if (service)
-         xml << %Q{ userid="#{replace_entities(userid)}"} if (userid)
-         xml << %Q{ password="#{replace_entities(password)}"} if (password)
-         xml << %Q{ realm="#{replace_entities(realm)}"} if (realm)
-         xml << %Q{ host="#{replace_entities(host)}"} if (host)
-         xml << %Q{ port="#{replace_entities(port)}"} if (port)
-         xml << '>'
-         xml << replace_entities(securityblob) if (isblob)
-         xml << @headers.to_xml() if @headers
-         xml << '</adminCredentials>'
-
-         xml
-      end
-   end
-
-   # Object that represents Header name-value pairs, associated with Web Session Authentication.
-   class Header
-      # Name, one per Header
-      attr_reader :name
-      # Value, one per Header
-      attr_reader :value
-
-      # Construct with name value pair
-      def initialize(name, value)
-         @name = name
-         @value = value
-      end
+    # TODO: add description
+    def set_blob(securityblob)
+      @isblob = true
+      @securityblob = securityblob
+    end
 
-      def to_xml
-         xml = ''
-         xml << '<Header'
-         xml << %Q{ name="#{replace_entities(name)}"} if (name)
-         xml << %Q{ value="#{replace_entities(value)}"} if (value)
-         xml << '/>'
-         xml
-      end
-   end
-
-   # Object that represents Headers, associated with Web Session Authentication.
-   class Headers
-      # A regular expression used to match against the response to identify authentication failures.
-      attr_reader :soft403
-      # Base URL of the application for which the form authentication applies.
-      attr_reader :webapproot
-      # When using httpheaders, this represents the set of headers to pass with the authentication request.
-      attr_reader :headers
-
-      def initialize(webapproot, soft403)
-         @headers = []
-         @webapproot = webapproot
-         @soft403 = soft403
+    # Add Headers to credentials for httpheaders.
+    def set_headers(headers)
+      @headers = headers
+    end
+
+    def set_html_forms(html_forms)
+      @html_forms = html_forms
+    end
+
+    def to_xml
+      to_xml_elem.to_s
+    end
+
+    def to_xml_elem
+      attributes = {}
+
+      attributes['service'] = @service
+      attributes['userid'] = @userid
+      attributes['password'] = @password
+      attributes['realm'] = @realm
+      attributes['host'] = @host
+      attributes['port'] = @port
+
+      data = isblob ? securityblob : ''
+      xml = make_xml('adminCredentials', attributes, data)
+      xml.add_element(@headers.to_xml_elem) if @headers
+      xml.add_element(@html_forms.to_xml_elem) if @html_forms
+      xml
+    end
+  end
+
+  # Object that represents Header name-value pairs, associated with Web Session Authentication.
+  class Header
+    include XMLUtils
+    # Name, one per Header
+    attr_reader :name
+    # Value, one per Header
+    attr_reader :value
+
+    # Construct with name value pair
+    def initialize(name, value)
+      @name = name
+      @value = value
+    end
+
+    def to_xml_elem
+      attributes = {}
+      attributes['name'] = @name
+      attributes['value'] = @value
+
+      make_xml('Header', attributes)
+    end
+  end
+
+  # Object that represents Headers, associated with Web Session Authentication.
+  class Headers
+    include XMLUtils
+    # A regular expression used to match against the response to identify authentication failures.
+    attr_reader :soft403
+    # Base URL of the application for which the form authentication applies.
+    attr_reader :webapproot
+    # When using httpheaders, this represents the set of headers to pass with the authentication request.
+    attr_reader :headers
+
+    def initialize(webapproot, soft403)
+      @headers = []
+      @webapproot = webapproot
+      @soft403 = soft403
+    end
+
+    def add_header(header)
+      @headers.push(header)
+    end
+
+    def to_xml_elem
+      attributes = {}
+      attributes['webapproot'] = @webapproot
+      attributes['soft403'] = @soft403
+
+      xml = make_xml('Headers', attributes)
+      @headers.each do |header|
+        xml.add_element(header.to_xml_elem)
       end
+      xml
+    end
+
+  end
+
+  # When using htmlform, this represents the login form information.
+  class Field
+    include XMLUtils
+    # The name of the HTML field (form parameter).
+    attr_reader :name
+    # The value of the HTML field (form parameter).
+    attr_reader :value
+    # The type of the HTML field (form parameter).
+    attr_reader :type
+    # Is the HTML field (form parameter) dynamically generated? If so,
+    # the login page is requested and the value of the field is extracted
+    # from the response.
+    attr_reader :dynamic
+    # If the HTML field (form parameter) is a radio button, checkbox or select
+    # field, this flag determines if the field should be checked (selected).
+    attr_reader :checked
+
+    def initialize(name, value, type, dynamic, checked)
+      @name = name
+      @value = value
+      @type = type
+      @dynamic = dynamic
+      @checked = checked
+    end
+
+    def to_xml_elem
+      attributes = {}
+      attributes['name'] = @name
+      attributes['value'] = @value
+      attributes['type'] = @type
+      attributes['dynamic'] = @dynamic
+      attributes['checked'] = @checked
+
+      make_xml('Field', attributes)
+    end
+  end
+
+  # When using htmlform, this represents the login form information.
+  class HTMLForm
+    include XMLUtils
+    # The name of the form being submitted.
+    attr_reader :name
+    # The HTTP action (URL) through which to submit the login form.
+    attr_reader :action
+    # The HTTP request method with which to submit the form.
+    attr_reader :method
+    # The HTTP encoding type with which to submit the form.
+    attr_reader :enctype
+    # The fields in the HTML Form
+    attr_reader :fields
+
+    def initialize(name, action, method, enctype)
+      @name = name
+      @action = action
+      @method = method
+      @enctype = enctype
+      @fields = []
+    end
+
+    def add_field(field)
+      @fields << field
+    end
 
-      def addHeader(header)
-         @headers.push(header)
+    def to_xml_elem
+      attributes = {}
+      attributes['name'] = @name
+      attributes['action'] = @action
+      attributes['method'] = @method
+      attributes['enctype'] = @enctype
+
+      xml = make_xml('HTMLForm', attributes)
+
+      fields.each() do |field|
+        xml.add_element(field.to_xml_elem)
       end
 
+      xml
+    end
+
+  end
+
+  # When using htmlform, this represents the login form information.
+  class HTMLForms
+    include XMLUtils
+    # The URL of the login page containing the login form.
+    attr_reader :parentpage
+    # A regular expression used to match against the response to identify
+    # authentication failures.
+    attr_reader :soft403
+    # Base URL of the application for which the form authentication applies.
+    attr_reader :webapproot
+    # The forms to authenticate with
+    attr_reader :html_forms
+
+    def initialize(parentpage, soft403, webapproot)
+      @parentpage = parentpage
+      @soft403 = soft403
+      @webapproot = webapproot
+      @html_forms = []
+    end
 
-      def to_xml
-         xml = ''
-         xml << '<Headers'
-         xml << %Q{ soft403="#{replace_entities(soft403)}"} if (soft403)
-         xml << %Q{ webapproot="#{replace_entities(webapproot)}"} if (webapproot)
-         xml << '>'
-         @headers.each do |header|
-            xml << header.to_xml
-         end
-         xml << '</Headers>'
-         xml
+    def add_html_form(html_form)
+      @html_forms << html_form
+    end
+
+    def to_xml_elem
+      attributes = {}
+      attributes['parentpage'] = @parentpage
+      attributes['soft403'] = @soft403
+      attributes['webapproot'] = @webapproot
+
+      xml = make_xml('HTMLForms', attributes)
+
+      html_forms.each() do |html_form|
+        xml.add_element(html_form.to_xml_elem)
       end
-   end
-
-   # When using htmlform, this represents the login form information.
-   class Field
-      # The name of the HTML field (form parameter).
-      attr_reader :name
-      # The value of the HTML field (form parameter).
-      attr_reader :value
-      # The type of the HTML field (form parameter).
-      attr_reader :type
-      # Is the HTML field (form parameter) dynamically generated? If so,
-      # the login page is requested and the value of the field is extracted
-      # from the response.
-      attr_reader :dynamic
-      # If the HTML field (form parameter) is a radio button, checkbox or select
-      # field, this flag determines if the field should be checked (selected).
-      attr_reader :checked
-
-      # TODO
-   end
-
-   # When using htmlform, this represents the login form information.
-   class HTMLForm
-      # The name of the form being submitted.
-      attr_reader :name
-      # The HTTP action (URL) through which to submit the login form.
-      attr_reader :action
-      # The HTTP request method with which to submit the form.
-      attr_reader :method
-      # The HTTP encoding type with which to submit the form.
-      attr_reader :enctype
-
-      # TODO
-   end
-
-   # When using htmlform, this represents the login form information.
-   class HTMLForms
-      # The URL of the login page containing the login form.
-      attr_reader :parentpage
-      # A regular expression used to match against the response to identify
-      # authentication failures.
-      attr_reader :soft403
-      # Base URL of the application for which the form authentication applies.
-      attr_reader :webapproot
-
-      # TODO
-   end
-
-   # When using ssh-key, this represents the PEM-format keypair information.
-   class PEMKey
-      # TODO
-   end
+      xml
+    end
+
+  end
+
+  # When using ssh-key, this represents the PEM-format keypair information.
+  class PEMKey
+    # TODO
+  end
 end

data/lib/nexpose/report.rb

@@ -1,3 +1,4 @@
+# -*- coding: utf-8 -*-
 module Nexpose
 	module NexposeAPI
 		include XMLUtils
@@ -208,7 +209,7 @@ module Nexpose
 
 			@error = false
 			@connection = connection
-			@filters = Array.new()
+			@filters = []
 			@template_id = template_id
 			@format = format
 
@@ -326,9 +327,9 @@ module Nexpose
 			@error = false
 			@connection = connection
 			@config_id = config_id
-			@xml_tag_stack = Array.new()
-			@filters = Array.new()
-			@email_recipients = Array.new()
+			@xml_tag_stack = []
+			@filters = []
+			@email_recipients = []
 			@name = "New Report " + rand(999999999).to_s
 
 			r = @connection.execute('<ReportConfigRequest session-id="' + @connection.session_id.to_s + '" reportcfg-id="' + @config_id.to_s + '"/>')
@@ -391,7 +392,7 @@ module Nexpose
 			xml += ' <Filters>'
 
 			@filters.each do |f|
-				xml += ' <' + f.type.to_s + ' id="' + f.id.to_s + '"/>'
+				xml += ' <filter type="' + f.type.to_s + '" id="' + f.id.to_s + '"/>'
 			end
 
 			xml += ' </Filters>'
@@ -518,7 +519,7 @@ module Nexpose
 
 			@error = nil
 			@connection = connection
-			@report_template_summaries = Array.new()
+			@report_template_summaries = []
 
 			r = @connection.execute('<ReportTemplateListingRequest session-id="' + connection.session_id.to_s + '"/>')
 			if (r.success)
@@ -587,7 +588,7 @@ module Nexpose
 
 		def initialize(name)
 
-			@properties = Array.new()
+			@properties = []
 			@name = name
 		end
 
@@ -599,4 +600,4 @@ module Nexpose
 
 	end
 
-end
+end

data/lib/nexpose/scan.rb

@@ -211,8 +211,8 @@ module Nexpose
 			@name = name
 			@templateID = templateID
 			@configVersion = configVersion
-			@schedules = Array.new()
-			@scanTriggers = Array.new()
+			@schedules = []
+			@scanTriggers = []
 
 		end
 
@@ -277,4 +277,4 @@ module Nexpose
 		end
 	end
 
-end
+end

data/lib/nexpose/scan_engine.rb

@@ -168,9 +168,9 @@ module Nexpose
       xml << %Q{ scope="#{scope}"}
       xml << %Q{ priority="#{priority}"} if (priority)
       xml << '>'
-      #sites.each do |site|
-      #xml << %Q{<Site id="#{site}" />}
-      #end
+      sites.each do |site|
+        xml << %Q{<Site id="#{site}" />}
+      end
       xml << '</EngineConfig>'
       xml
     end

data/lib/nexpose/site.rb

@@ -437,10 +437,10 @@ module Nexpose
 		attr_reader :scanConfig
 
 		def initialize()
-			@xml_tag_stack = Array.new()
-			@hosts = Array.new()
-			@credentials = Array.new()
-			@alerts = Array.new()
+			@xml_tag_stack = []
+			@hosts = []
+			@credentials = []
+			@alerts = []
 			@error = false
 		end
 
@@ -566,8 +566,8 @@ module Nexpose
 		attr_reader :error_msg
 		# The last XML request sent by this object
 		attr_reader :request_xml
-		# The last XML response received by this object
-		attr_reader :response_xml
+		# The last response received by this object
+		attr_reader :response
 		# The NSC Connection associated with this object
 		attr_reader :connection
 		# The Site ID
@@ -579,13 +579,24 @@ module Nexpose
 			@site_id = id
 			@error = false
 			@connection = connection
-			@scan_summaries = Array.new()
+			@scan_summaries = []
 
-			r = @connection.execute('<SiteScanHistoryRequest' + ' session-id="' + @connection.session_id + '" site-id="' + "#{@site_id}" + '"/>')
+			@request_xml = '<SiteScanHistoryRequest' + ' session-id="' + @connection.session_id + '" site-id="' + "#{@site_id}" + '"/>'
+			r = @connection.execute(@request_xml)
+			@response = r
 
 			if r and r.success
-         		r
-      		end
+				r.res.elements.each('//ScanSummary') do |summary|
+					scan_id=summary.attributes['scan-id'].to_i
+					engine_id=summary.attributes['engine-id'].to_i
+					name=summary.attributes['name'].to_s
+					start_time=summary.attributes['startTime'].to_s
+					end_time=summary.attributes['endTime'].to_s
+					status=summary.attributes['status'].to_s
+					scan_summary = ScanSummary.new(scan_id, engine_id, name, start_time, end_time, status)
+					scan_summaries << scan_summary
+				end
+			end
 		end
 	end
 
@@ -614,19 +625,26 @@ module Nexpose
 			@site_id = site_id
 			@error = false
 			@connection = connection
-			@devices = Array.new()
+			@devices = []
 
 			r = nil
 			if (@site_id)
 				r = @connection.execute('<SiteDeviceListingRequest session-id="' + connection.session_id + '" site-id="' + "#{@site_id}" + '"/>')
+        if r.success
+          r.res.elements.each('SiteDeviceListingResponse/SiteDevices/device') do |d|
+            @devices.push(Device.new(d.attrubytes['id'], @site_id, d.attributes["address"], d.attributes["riskfactor"], d.attributes["riskscore"]))
+          end
+        end
 			else
 				r = @connection.execute('<SiteDeviceListingRequest session-id="' + connection.session_id + '"/>')
-			end
-
-			if (r.success)
-				r.res.elements.each('SiteDeviceListingResponse/SiteDevices/device') do |d|
-					@devices.push(Device.new(d.attributes['id'], @site_id, d.attributes["address"], d.attributes["riskfactor"], d.attributes['riskscore']))
-				end
+        if r.success
+          r.res.elements.each('SiteDeviceListingResponse/SiteDevices') do |rr|
+            @sid = rr.attribute("site-id")
+            rr.elements.each('device') do |d|
+              @devices.push(Device.new(d.attributes['id'], @sid, d.attributes["address"], d.attributes['riskfactor'], d.attributes['riskscore']))
+            end
+          end
+        end
 			end
 		end
 	end
@@ -802,7 +820,7 @@ module Nexpose
 			@sender = sender
 			@enabled = enabled
 			@limitText = limitText
-			@recipients = Array.new()
+			@recipients = []
 			# Sets default vuln filter - All Events
 			setVulnFilter(VulnFilter.new("50790400", 1))
 		end
@@ -877,4 +895,4 @@ module Nexpose
 			end
 		end
 	end
-end
+end

data/lib/nexpose/util.rb

@@ -1,5 +1,4 @@
 module Nexpose
-
 	module Sanitize
 		def replace_entities(str)
 			ret = str.dup
@@ -24,7 +23,9 @@ module Nexpose
 			end
 
 			opts.keys.each do |k|
-				xml.attributes[k] = "#{opts[k]}"
+				if opts[k] != nil
+					xml.attributes[k] = "#{opts[k]}"
+				end
 			end
 
 			xml.text = data
@@ -32,4 +33,4 @@ module Nexpose
 			xml
 		end
 	end
-end
+end

data/nexpose.gemspec

@@ -1,7 +1,7 @@
 # encoding: utf-8
 
 APP_NAME = "nexpose"
-VERSION = "0.0.94"
+VERSION = "0.0.95"
 REVISION = "12878"
 
 Gem::Specification.new do |s|

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.0.94
+  version: 0.0.95
   prerelease: 
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2012-05-08 00:00:00.000000000Z
+date: 2012-05-24 00:00:00.000000000Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: librex
-  requirement: &28710072 !ruby/object:Gem::Requirement
+  requirement: &28418712 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,10 @@ dependencies:
         version: 0.0.32
   type: :runtime
   prerelease: false
-  version_requirements: *28710072
+  version_requirements: *28418712
 - !ruby/object:Gem::Dependency
   name: rex
-  requirement: &28709796 !ruby/object:Gem::Requirement
+  requirement: &28418436 !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,7 +33,7 @@ dependencies:
         version: 1.0.2
   type: :runtime
   prerelease: false
-  version_requirements: *28709796
+  version_requirements: *28418436
 description: This gem provides a Ruby API to the NeXpose vulnerability management
   product by Rapid7. This version is based on Metasploit SVN revision 12878
 email: