nexpose 0.1.9 → 0.1.10

Sign up to get free protection for your applications and to get access to all the features.
@@ -19,22 +19,11 @@ module Nexpose
19
19
  #
20
20
  # # //Logout
21
21
  # logout_success = nsc.logout
22
- # if (! logout_success)
23
- # puts "Logout Failure" + "<p>" + nsc.error_msg.to_s
24
- # end
25
22
  #
26
23
  class Connection
27
24
  include XMLUtils
28
25
  include NexposeAPI
29
26
 
30
- # true if an error condition exists; false otherwise
31
- attr_reader :error
32
- # Error message string
33
- attr_reader :error_msg
34
- # The last XML request sent by this object
35
- attr_reader :request_xml
36
- # The last XML response received by this object
37
- attr_reader :response_xml
38
27
  # Session ID of this connection
39
28
  attr_reader :session_id
40
29
  # The hostname or IP Address of the NSC
@@ -48,6 +37,11 @@ module Nexpose
48
37
  # The URL for communication
49
38
  attr_reader :url
50
39
 
40
+ # The last XML request sent by this object, useful for debugging.
41
+ attr_reader :request_xml
42
+ # The last XML response received by this object, useful for debugging.
43
+ attr_reader :response_xml
44
+
51
45
  # Constructor for Connection
52
46
  def initialize(ip, user, pass, port = 3780, silo_id = nil)
53
47
  @host = ip
@@ -56,7 +50,6 @@ module Nexpose
56
50
  @password = pass
57
51
  @silo_id = silo_id
58
52
  @session_id = nil
59
- @error = false
60
53
  @url = "https://#{@host}:#{@port}/api/API_VERSION/xml"
61
54
  end
62
55
 
@@ -88,8 +81,11 @@ module Nexpose
88
81
 
89
82
  # Execute an API request
90
83
  def execute(xml, version = '1.1')
84
+ @request_xml = xml.to_s
91
85
  @api_version = version
92
- APIRequest.execute(@url, xml.to_s, @api_version)
86
+ response = APIRequest.execute(@url, @request_xml, @api_version)
87
+ @response_xml = response.raw_response_data
88
+ response
93
89
  end
94
90
 
95
91
  # Download a specific URL, typically a report.
data/lib/nexpose/creds.rb CHANGED
@@ -30,6 +30,12 @@ module Nexpose
30
30
  # When using htmlforms, this represents the tho form to pass the
31
31
  # authentication request to.
32
32
  attr_reader :html_forms
33
+ # The type of privilege escalation to use (sudo/su)
34
+ attr_reader :priv_type
35
+ # The userid to use when escalating privileges (optional)
36
+ attr_reader :priv_username
37
+ # The password to use when escalating privileges (optional)
38
+ attr_reader :priv_password
33
39
 
34
40
  def initialize(isblob = false)
35
41
  @isblob = isblob
@@ -47,7 +53,16 @@ module Nexpose
47
53
  @realm = realm
48
54
  end
49
55
 
50
- # TODO: add description
56
+ # Sets privilege escalation credentials. Type should be either
57
+ # sudo/su.
58
+ def set_privilege_credentials(type, username, password)
59
+ @priv_type = type
60
+ @priv_username = username
61
+ @priv_password = password
62
+ end
63
+
64
+ # The name of the service. Possible values are outlined in the
65
+ # Nexpose API docs.
51
66
  def set_service(service)
52
67
  @service = service
53
68
  end
@@ -56,7 +71,9 @@ module Nexpose
56
71
  @host = host
57
72
  end
58
73
 
59
- # TODO: add description
74
+ # Credentials fetched from the API are encrypted into a
75
+ # securityblob. If you want to use those credentials on a
76
+ # different site, copy the blob into the credential.
60
77
  def set_blob(securityblob)
61
78
  @isblob = true
62
79
  @securityblob = securityblob
@@ -85,6 +102,10 @@ module Nexpose
85
102
  attributes['host'] = @host
86
103
  attributes['port'] = @port
87
104
 
105
+ attributes['privilegeelevationtype'] = @priv_type if @priv_type
106
+ attributes['privilegeelevationusername'] = @priv_username if @priv_username
107
+ attributes['privilegeelevationpassword'] = @priv_password if @priv_password
108
+
88
109
  data = isblob ? securityblob : ''
89
110
  xml = make_xml('adminCredentials', attributes, data)
90
111
  xml.add_element(@headers.to_xml_elem) if @headers
data/lib/nexpose/scan.rb CHANGED
@@ -55,7 +55,7 @@ module Nexpose
55
55
  # each active scan on the engines.
56
56
  #
57
57
  def scan_activity
58
- r = execute(make_xml('ScanActivityRequest', {}))
58
+ r = execute(make_xml('ScanActivityRequest'))
59
59
  res = []
60
60
  if r.success
61
61
  r.res.elements.each('//ScanSummary') do |scan|
data/lib/nexpose/site.rb CHANGED
@@ -172,6 +172,9 @@ module Nexpose
172
172
  # @see IPRange
173
173
  attr_accessor :assets
174
174
 
175
+ # [Array] Collection of excluded assets. May be IPv4, IPv6, or DNS names.
176
+ attr_accessor :exclude
177
+
175
178
  # Scan template to use when starting a scan job. Default: full-audit
176
179
  attr_accessor :scan_template
177
180
 
@@ -221,6 +224,7 @@ module Nexpose
221
224
  @schedules = []
222
225
  @credentials = []
223
226
  @alerts = []
227
+ @exclude = []
224
228
  end
225
229
 
226
230
  # Returns true when the site is dynamic.
@@ -314,9 +318,8 @@ module Nexpose
314
318
 
315
319
  response = connection.execute(xml)
316
320
  if response.success
317
- response.res.elements.each('/SiteScanResponse/Scan/') do |scan|
318
- return [scan.attributes['scan-id'].to_i, scan.attributes['engine-id'].to_i]
319
- end
321
+ scan = REXML::XPath.first(response.res, '/SiteScanResponse/Scan/')
322
+ [scan.attributes['scan-id'].to_i, scan.attributes['engine-id'].to_i]
320
323
  end
321
324
  end
322
325
 
@@ -329,6 +332,10 @@ module Nexpose
329
332
  xml << assets.reduce('') { |acc, host| acc << host.to_xml }
330
333
  xml << '</Hosts>'
331
334
 
335
+ xml << '<ExcludedHosts>'
336
+ xml << exclude.reduce('') { |acc, host| acc << host.to_xml }
337
+ xml << '</ExcludedHosts>'
338
+
332
339
  unless credentials.empty?
333
340
  xml << '<Credentials>'
334
341
  credentials.each do |c|
@@ -376,6 +383,20 @@ module Nexpose
376
383
  site.assets << HostName.new(host.text)
377
384
  end
378
385
 
386
+ s.elements.each('ExcludedHosts/range') do |r|
387
+ site.exclude << IPRange.new(r.attributes['from'], r.attributes['to'])
388
+ end
389
+ s.elements.each('ExcludedHosts/host') do |host|
390
+ site.exclude << HostName.new(host.text)
391
+ end
392
+
393
+ s.elements.each('Credentials/adminCredentials') do |credconf|
394
+ cred = AdminCredentials.new(true)
395
+ cred.set_service(credconf.attributes['service'])
396
+ cred.set_blob(credconf.get_text)
397
+ site.credentials << cred
398
+ end
399
+
379
400
  s.elements.each('ScanConfig') do |scan_config|
380
401
  site.scan_template_name = scan_config.attributes['name']
381
402
  site.scan_template = scan_config.attributes['templateID']
@@ -390,10 +411,6 @@ module Nexpose
390
411
  end
391
412
  end
392
413
 
393
- #s.elements.each('Credentials') do |cred|
394
- # # TODO
395
- #end
396
-
397
414
  s.elements.each('Alerting/Alert') do |a|
398
415
  a.elements.each('smtpAlert') do |smtp|
399
416
  smtp_alert = SMTPAlert.new(a.attributes['name'], smtp.attributes['sender'], smtp.attributes['limitText'], a.attributes['enabled'])
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 0.1.10
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2013-03-08 00:00:00.000000000 Z
14
+ date: 2013-03-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: librex