nexpose 0.1.9 → 0.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/lib/nexpose/connection.rb +9 -13
  2. data/lib/nexpose/creds.rb +23 -2
  3. data/lib/nexpose/scan.rb +1 -1
  4. data/lib/nexpose/site.rb +24 -7
  5. metadata +2 -2
data/lib/nexpose/connection.rb CHANGED
@@ -19,22 +19,11 @@ module Nexpose
19
19
  #
20
20
  # # //Logout
21
21
  # logout_success = nsc.logout
22
- # if (! logout_success)
23
- # puts "Logout Failure" + "<p>" + nsc.error_msg.to_s
24
- # end
25
22
  #
26
23
  class Connection
27
24
  include XMLUtils
28
25
  include NexposeAPI
29
26
 
30
- # true if an error condition exists; false otherwise
31
- attr_reader :error
32
- # Error message string
33
- attr_reader :error_msg
34
- # The last XML request sent by this object
35
- attr_reader :request_xml
36
- # The last XML response received by this object
37
- attr_reader :response_xml
38
27
  # Session ID of this connection
39
28
  attr_reader :session_id
40
29
  # The hostname or IP Address of the NSC
@@ -48,6 +37,11 @@ module Nexpose
48
37
  # The URL for communication
49
38
  attr_reader :url
50
39
 
40
+ # The last XML request sent by this object, useful for debugging.
41
+ attr_reader :request_xml
42
+ # The last XML response received by this object, useful for debugging.
43
+ attr_reader :response_xml
44
+
51
45
  # Constructor for Connection
52
46
  def initialize(ip, user, pass, port = 3780, silo_id = nil)
53
47
  @host = ip
@@ -56,7 +50,6 @@ module Nexpose
56
50
  @password = pass
57
51
  @silo_id = silo_id
58
52
  @session_id = nil
59
- @error = false
60
53
  @url = "https://#{@host}:#{@port}/api/API_VERSION/xml"
61
54
  end
62
55
 
@@ -88,8 +81,11 @@ module Nexpose
88
81
 
89
82
  # Execute an API request
90
83
  def execute(xml, version = '1.1')
84
+ @request_xml = xml.to_s
91
85
  @api_version = version
92
- APIRequest.execute(@url, xml.to_s, @api_version)
86
+ response = APIRequest.execute(@url, @request_xml, @api_version)
87
+ @response_xml = response.raw_response_data
88
+ response
93
89
  end
94
90
 
95
91
  # Download a specific URL, typically a report.
data/lib/nexpose/creds.rb CHANGED
@@ -30,6 +30,12 @@ module Nexpose
30
30
  # When using htmlforms, this represents the tho form to pass the
31
31
  # authentication request to.
32
32
  attr_reader :html_forms
33
+ # The type of privilege escalation to use (sudo/su)
34
+ attr_reader :priv_type
35
+ # The userid to use when escalating privileges (optional)
36
+ attr_reader :priv_username
37
+ # The password to use when escalating privileges (optional)
38
+ attr_reader :priv_password
33
39
 
34
40
  def initialize(isblob = false)
35
41
  @isblob = isblob
@@ -47,7 +53,16 @@ module Nexpose
47
53
  @realm = realm
48
54
  end
49
55
 
50
- # TODO: add description
56
+ # Sets privilege escalation credentials. Type should be either
57
+ # sudo/su.
58
+ def set_privilege_credentials(type, username, password)
59
+ @priv_type = type
60
+ @priv_username = username
61
+ @priv_password = password
62
+ end
63
+
64
+ # The name of the service. Possible values are outlined in the
65
+ # Nexpose API docs.
51
66
  def set_service(service)
52
67
  @service = service
53
68
  end
@@ -56,7 +71,9 @@ module Nexpose
56
71
  @host = host
57
72
  end
58
73
 
59
- # TODO: add description
74
+ # Credentials fetched from the API are encrypted into a
75
+ # securityblob. If you want to use those credentials on a
76
+ # different site, copy the blob into the credential.
60
77
  def set_blob(securityblob)
61
78
  @isblob = true
62
79
  @securityblob = securityblob
@@ -85,6 +102,10 @@ module Nexpose
85
102
  attributes['host'] = @host
86
103
  attributes['port'] = @port
87
104
 
105
+ attributes['privilegeelevationtype'] = @priv_type if @priv_type
106
+ attributes['privilegeelevationusername'] = @priv_username if @priv_username
107
+ attributes['privilegeelevationpassword'] = @priv_password if @priv_password
108
+
88
109
  data = isblob ? securityblob : ''
89
110
  xml = make_xml('adminCredentials', attributes, data)
90
111
  xml.add_element(@headers.to_xml_elem) if @headers
data/lib/nexpose/scan.rb CHANGED
@@ -55,7 +55,7 @@ module Nexpose
55
55
  # each active scan on the engines.
56
56
  #
57
57
  def scan_activity
58
- r = execute(make_xml('ScanActivityRequest', {}))
58
+ r = execute(make_xml('ScanActivityRequest'))
59
59
  res = []
60
60
  if r.success
61
61
  r.res.elements.each('//ScanSummary') do |scan|
data/lib/nexpose/site.rb CHANGED
@@ -172,6 +172,9 @@ module Nexpose
172
172
  # @see IPRange
173
173
  attr_accessor :assets
174
174
 
175
+ # [Array] Collection of excluded assets. May be IPv4, IPv6, or DNS names.
176
+ attr_accessor :exclude
177
+
175
178
  # Scan template to use when starting a scan job. Default: full-audit
176
179
  attr_accessor :scan_template
177
180
 
@@ -221,6 +224,7 @@ module Nexpose
221
224
  @schedules = []
222
225
  @credentials = []
223
226
  @alerts = []
227
+ @exclude = []
224
228
  end
225
229
 
226
230
  # Returns true when the site is dynamic.
@@ -314,9 +318,8 @@ module Nexpose
314
318
 
315
319
  response = connection.execute(xml)
316
320
  if response.success
317
- response.res.elements.each('/SiteScanResponse/Scan/') do |scan|
318
- return [scan.attributes['scan-id'].to_i, scan.attributes['engine-id'].to_i]
319
- end
321
+ scan = REXML::XPath.first(response.res, '/SiteScanResponse/Scan/')
322
+ [scan.attributes['scan-id'].to_i, scan.attributes['engine-id'].to_i]
320
323
  end
321
324
  end
322
325
 
@@ -329,6 +332,10 @@ module Nexpose
329
332
  xml << assets.reduce('') { |acc, host| acc << host.to_xml }
330
333
  xml << '</Hosts>'
331
334
 
335
+ xml << '<ExcludedHosts>'
336
+ xml << exclude.reduce('') { |acc, host| acc << host.to_xml }
337
+ xml << '</ExcludedHosts>'
338
+
332
339
  unless credentials.empty?
333
340
  xml << '<Credentials>'
334
341
  credentials.each do |c|
@@ -376,6 +383,20 @@ module Nexpose
376
383
  site.assets << HostName.new(host.text)
377
384
  end
378
385
 
386
+ s.elements.each('ExcludedHosts/range') do |r|
387
+ site.exclude << IPRange.new(r.attributes['from'], r.attributes['to'])
388
+ end
389
+ s.elements.each('ExcludedHosts/host') do |host|
390
+ site.exclude << HostName.new(host.text)
391
+ end
392
+
393
+ s.elements.each('Credentials/adminCredentials') do |credconf|
394
+ cred = AdminCredentials.new(true)
395
+ cred.set_service(credconf.attributes['service'])
396
+ cred.set_blob(credconf.get_text)
397
+ site.credentials << cred
398
+ end
399
+
379
400
  s.elements.each('ScanConfig') do |scan_config|
380
401
  site.scan_template_name = scan_config.attributes['name']
381
402
  site.scan_template = scan_config.attributes['templateID']
@@ -390,10 +411,6 @@ module Nexpose
390
411
  end
391
412
  end
392
413
 
393
- #s.elements.each('Credentials') do |cred|
394
- # # TODO
395
- #end
396
-
397
414
  s.elements.each('Alerting/Alert') do |a|
398
415
  a.elements.each('smtpAlert') do |smtp|
399
416
  smtp_alert = SMTPAlert.new(a.attributes['name'], smtp.attributes['sender'], smtp.attributes['limitText'], a.attributes['enabled'])
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.9
4
+ version: 0.1.10
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2013-03-08 00:00:00.000000000 Z
14
+ date: 2013-03-28 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: librex