nexpose 0.2.6 → 0.2.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/nexpose/common.rb +13 -13
- data/lib/nexpose/report.rb +32 -22
- data/lib/nexpose/site.rb +4 -8
- data/lib/nexpose/util.rb +1 -1
- data/lib/nexpose/vuln.rb +4 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f12897628d1710af3338cb1dd054b486bdf6366
|
|
4
|
+
data.tar.gz: 9791475b4e43ad471b8d540bda2f9bc02e7b8de3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 30abfc67f83742aba0c41f5b5289926dd9d3807680f8fc91cb8bda182db63706ab2ebd34259bf61d99466f0d8a204ba4f67ecd75d8926a95f132352a057e9e52
|
|
7
|
+
data.tar.gz: a6965ad2a9c31df45eef1efcc563bfa6fe9f7590716e5c5d6a3f70b71ed1be8ad6facffbde4d50b523ebb4582b44edc4f3c9fbd90e98e2acebff074245721e83
|
data/lib/nexpose/common.rb
CHANGED
|
@@ -110,9 +110,6 @@ module Nexpose
|
|
|
110
110
|
# The date after which the schedule is disabled, in ISO 8601 format.
|
|
111
111
|
attr_accessor :not_valid_after
|
|
112
112
|
|
|
113
|
-
# --
|
|
114
|
-
# TODO These are not captured or put to XML.
|
|
115
|
-
# ++
|
|
116
113
|
attr_accessor :incremental
|
|
117
114
|
attr_accessor :repeater_type
|
|
118
115
|
|
|
@@ -127,20 +124,23 @@ module Nexpose
|
|
|
127
124
|
xml = %Q{<Schedule enabled='#{@enabled ? 1 : 0}' type='#{@type}' interval='#{@interval}' start='#{@start}'}
|
|
128
125
|
xml << %Q{ maxDuration='#@max_duration'} if @max_duration
|
|
129
126
|
xml << %Q{ notValidAfter='#@not_valid_after'} if @not_valid_after
|
|
127
|
+
xml << %Q{ incremental='#{@incremental ? 1 : 0}'} if @incremental
|
|
128
|
+
xml << %Q{ repeaterType='#@repeater_type'} if @repeater_type
|
|
130
129
|
xml << '/>'
|
|
131
130
|
end
|
|
132
131
|
|
|
133
132
|
def self.parse(xml)
|
|
134
|
-
xml.
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
133
|
+
schedule = Schedule.new(xml.attributes['type'],
|
|
134
|
+
xml.attributes['interval'].to_i,
|
|
135
|
+
xml.attributes['start'],
|
|
136
|
+
xml.attributes['enabled'] != '0')
|
|
137
|
+
|
|
138
|
+
# Optional parameters.
|
|
139
|
+
schedule.max_duration = xml.attributes['maxDuration'].to_i if xml.attributes['maxDuration']
|
|
140
|
+
schedule.not_valid_after = xml.attributes['notValidAfter'] if xml.attributes['notValidAfter']
|
|
141
|
+
schedule.incremental = (xml.attributes['incremental'] && xml.attributes['incremental'] == '1')
|
|
142
|
+
schedule.repeater_type = xml.attributes['repeaterType'] if xml.attributes['repeaterType']
|
|
143
|
+
schedule
|
|
144
144
|
end
|
|
145
145
|
end
|
|
146
146
|
end
|
data/lib/nexpose/report.rb
CHANGED
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
module Nexpose
|
|
2
|
+
|
|
3
|
+
# NexposeAPI module is mixed into the Connection object, and all methods are
|
|
4
|
+
# expected to be called from there.
|
|
5
|
+
#
|
|
2
6
|
module NexposeAPI
|
|
3
7
|
include XMLUtils
|
|
4
8
|
|
|
5
9
|
# Generate a new report using the specified report definition.
|
|
6
10
|
def generate_report(report_id, wait = false)
|
|
7
|
-
xml = make_xml('ReportGenerateRequest', {'report-id' => report_id})
|
|
11
|
+
xml = make_xml('ReportGenerateRequest', { 'report-id' => report_id })
|
|
8
12
|
response = execute(xml)
|
|
9
13
|
if response.success
|
|
10
14
|
response.res.elements.each('//ReportSummary') do |summary|
|
|
11
15
|
summary = ReportSummary.parse(summary)
|
|
12
16
|
# If not waiting or the report is finished, return now.
|
|
13
|
-
return summary unless wait
|
|
17
|
+
return summary unless wait && summary.status == 'Started'
|
|
14
18
|
end
|
|
15
19
|
end
|
|
16
20
|
so_far = 0
|
|
@@ -29,11 +33,11 @@ module Nexpose
|
|
|
29
33
|
# Provide a history of all reports generated with the specified report
|
|
30
34
|
# definition.
|
|
31
35
|
def report_history(report_config_id)
|
|
32
|
-
xml = make_xml('ReportHistoryRequest', {'reportcfg-id' => report_config_id})
|
|
36
|
+
xml = make_xml('ReportHistoryRequest', { 'reportcfg-id' => report_config_id })
|
|
33
37
|
ReportSummary.parse_all(execute(xml))
|
|
34
38
|
end
|
|
35
39
|
|
|
36
|
-
# Get
|
|
40
|
+
# Get details of the last report generated with the specified report id.
|
|
37
41
|
def last_report(report_config_id)
|
|
38
42
|
history = report_history(report_config_id)
|
|
39
43
|
history.sort { |a, b| b.generated_on <=> a.generated_on }.first
|
|
@@ -42,13 +46,13 @@ module Nexpose
|
|
|
42
46
|
# Delete a previously generated report definition.
|
|
43
47
|
# Also deletes any reports generated from that configuration.
|
|
44
48
|
def delete_report_config(report_config_id)
|
|
45
|
-
xml = make_xml('ReportDeleteRequest', {'reportcfg-id' => report_config_id})
|
|
49
|
+
xml = make_xml('ReportDeleteRequest', { 'reportcfg-id' => report_config_id })
|
|
46
50
|
execute(xml).success
|
|
47
51
|
end
|
|
48
52
|
|
|
49
53
|
# Delete a previously generated report.
|
|
50
54
|
def delete_report(report_id)
|
|
51
|
-
xml = make_xml('ReportDeleteRequest', {'report-id' => report_id})
|
|
55
|
+
xml = make_xml('ReportDeleteRequest', { 'report-id' => report_id })
|
|
52
56
|
execute(xml).success
|
|
53
57
|
end
|
|
54
58
|
|
|
@@ -69,14 +73,14 @@ module Nexpose
|
|
|
69
73
|
|
|
70
74
|
# Retrieve the configuration for a report template.
|
|
71
75
|
def get_report_template(template_id)
|
|
72
|
-
xml = make_xml('ReportTemplateConfigRequest', {'template-id' => template_id})
|
|
76
|
+
xml = make_xml('ReportTemplateConfigRequest', { 'template-id' => template_id })
|
|
73
77
|
ReportTemplate.parse(execute(xml))
|
|
74
78
|
end
|
|
75
79
|
|
|
76
80
|
# Provide a listing of all report definitions the user can access on the
|
|
77
81
|
# Security Console.
|
|
78
82
|
def report_listing
|
|
79
|
-
r = execute(make_xml('ReportListingRequest'
|
|
83
|
+
r = execute(make_xml('ReportListingRequest'))
|
|
80
84
|
reports = []
|
|
81
85
|
if r.success
|
|
82
86
|
r.res.elements.each('//ReportConfigSummary') do |report|
|
|
@@ -90,7 +94,7 @@ module Nexpose
|
|
|
90
94
|
|
|
91
95
|
# Retrieve the configuration for a report definition.
|
|
92
96
|
def get_report_config(report_config_id)
|
|
93
|
-
xml = make_xml('ReportConfigRequest', {'reportcfg-id' => report_config_id})
|
|
97
|
+
xml = make_xml('ReportConfigRequest', { 'reportcfg-id' => report_config_id })
|
|
94
98
|
ReportConfig.parse(execute(xml))
|
|
95
99
|
end
|
|
96
100
|
end
|
|
@@ -160,7 +164,11 @@ module Nexpose
|
|
|
160
164
|
end
|
|
161
165
|
|
|
162
166
|
def self.parse(xml)
|
|
163
|
-
ReportSummary.new(xml.attributes['id'],
|
|
167
|
+
ReportSummary.new(xml.attributes['id'],
|
|
168
|
+
xml.attributes['cfg-id'],
|
|
169
|
+
xml.attributes['status'],
|
|
170
|
+
xml.attributes['generated-on'],
|
|
171
|
+
xml.attributes['report-URI'])
|
|
164
172
|
end
|
|
165
173
|
|
|
166
174
|
def self.parse_all(response)
|
|
@@ -229,7 +237,7 @@ module Nexpose
|
|
|
229
237
|
include XMLUtils
|
|
230
238
|
|
|
231
239
|
# Generate a report once using a simple configuration.
|
|
232
|
-
#
|
|
240
|
+
#
|
|
233
241
|
# For XML-based reports, only the raw report is returned and not any images.
|
|
234
242
|
#
|
|
235
243
|
# @param [Connection] connection Nexpose connection.
|
|
@@ -255,7 +263,7 @@ module Nexpose
|
|
|
255
263
|
if /.*base64.*/ =~ part.header.to_s
|
|
256
264
|
if @format =~ /(?:ht|x)ml/
|
|
257
265
|
if part.header.to_s =~ %r(text/(?:ht|x)ml)
|
|
258
|
-
return parse_xml(part.content.unpack(
|
|
266
|
+
return parse_xml(part.content.unpack('m*')[0]).to_s
|
|
259
267
|
end
|
|
260
268
|
else # text|pdf|csv|rtf
|
|
261
269
|
return part.content.unpack('m*')[0]
|
|
@@ -280,7 +288,7 @@ module Nexpose
|
|
|
280
288
|
# Array of user IDs which have access to resulting reports.
|
|
281
289
|
attr_accessor :users
|
|
282
290
|
# Configuration of when a report is generated.
|
|
283
|
-
attr_accessor :
|
|
291
|
+
attr_accessor :frequency
|
|
284
292
|
# Report delivery configuration.
|
|
285
293
|
attr_accessor :delivery
|
|
286
294
|
# Database export configuration.
|
|
@@ -313,7 +321,7 @@ module Nexpose
|
|
|
313
321
|
def self.build(connection, site_id, site_name, type, format, generate_now = false)
|
|
314
322
|
name = %Q{#{site_name} #{type} report in #{format}}
|
|
315
323
|
config = ReportConfig.new(name, type, format)
|
|
316
|
-
config.
|
|
324
|
+
config.frequency = Frequency.new(true, false)
|
|
317
325
|
config.filters << Filter.new('site', site_id)
|
|
318
326
|
config.save(connection, generate_now)
|
|
319
327
|
config
|
|
@@ -355,7 +363,7 @@ module Nexpose
|
|
|
355
363
|
xml << '</Users>'
|
|
356
364
|
|
|
357
365
|
xml << %Q{<Baseline compareTo='#{@baseline}' />} if @baseline
|
|
358
|
-
xml << @
|
|
366
|
+
xml << @frequency.to_xml if @frequency
|
|
359
367
|
xml << @delivery.to_xml if @delivery
|
|
360
368
|
xml << @db_export.to_xml if @db_export
|
|
361
369
|
|
|
@@ -385,7 +393,7 @@ module Nexpose
|
|
|
385
393
|
config.baseline = baseline.attributes['compareTo']
|
|
386
394
|
end
|
|
387
395
|
|
|
388
|
-
config.
|
|
396
|
+
config.frequency = Frequency.parse(cfg)
|
|
389
397
|
config.delivery = Delivery.parse(cfg)
|
|
390
398
|
config.db_export = DBExport.parse(cfg)
|
|
391
399
|
|
|
@@ -435,9 +443,9 @@ module Nexpose
|
|
|
435
443
|
end
|
|
436
444
|
|
|
437
445
|
# Data object associated with when a report is generated.
|
|
438
|
-
class
|
|
446
|
+
class Frequency
|
|
439
447
|
# Will the report be generated after a scan completes (true),
|
|
440
|
-
# or is it ad
|
|
448
|
+
# or is it ad hoc/scheduled (false).
|
|
441
449
|
attr_accessor :after_scan
|
|
442
450
|
# Whether or not a scan is scheduled.
|
|
443
451
|
attr_accessor :scheduled
|
|
@@ -459,13 +467,15 @@ module Nexpose
|
|
|
459
467
|
def self.parse(xml)
|
|
460
468
|
xml.elements.each('//Generate') do |generate|
|
|
461
469
|
if generate.attributes['after-scan'] == '1'
|
|
462
|
-
return
|
|
470
|
+
return Frequency.new(true, false)
|
|
463
471
|
else
|
|
464
472
|
if generate.attributes['schedule'] == '1'
|
|
465
|
-
|
|
466
|
-
|
|
473
|
+
generate.elements.each('Schedule') do |sched|
|
|
474
|
+
schedule = Schedule.parse(sched)
|
|
475
|
+
return Frequency.new(false, true, schedule)
|
|
476
|
+
end
|
|
467
477
|
end
|
|
468
|
-
return
|
|
478
|
+
return Frequency.new(false, false)
|
|
469
479
|
end
|
|
470
480
|
end
|
|
471
481
|
nil
|
data/lib/nexpose/site.rb
CHANGED
|
@@ -358,8 +358,8 @@ module Nexpose
|
|
|
358
358
|
xml << %Q(<ScanConfig configID="#{@id}" name="#{@scan_template_name || @scan_template}" templateID="#{@scan_template}" configVersion="#{@config_version || 3}" engineID="#{@engine}">)
|
|
359
359
|
|
|
360
360
|
xml << '<Schedules>'
|
|
361
|
-
@schedules.each do |
|
|
362
|
-
xml <<
|
|
361
|
+
@schedules.each do |schedule|
|
|
362
|
+
xml << schedule.to_xml
|
|
363
363
|
end
|
|
364
364
|
xml << '</Schedules>'
|
|
365
365
|
xml << '</ScanConfig>'
|
|
@@ -405,12 +405,8 @@ module Nexpose
|
|
|
405
405
|
site.scan_template = scan_config.attributes['templateID']
|
|
406
406
|
site.config_version = scan_config.attributes['configVersion'].to_i
|
|
407
407
|
site.engine = scan_config.attributes['engineID'].to_i
|
|
408
|
-
scan_config.elements.each('Schedules/Schedule') do |
|
|
409
|
-
|
|
410
|
-
sched.attributes['interval'],
|
|
411
|
-
sched.attributes['start'],
|
|
412
|
-
sched.attributes['enabled'])
|
|
413
|
-
site.schedules << schedule
|
|
408
|
+
scan_config.elements.each('Schedules/Schedule') do |schedule|
|
|
409
|
+
site.schedules << Schedule.parse(schedule)
|
|
414
410
|
end
|
|
415
411
|
end
|
|
416
412
|
|
data/lib/nexpose/util.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Nexpose
|
|
|
11
11
|
::REXML::Document.new(xml.to_s)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def make_xml(name, opts={}, data='', append_session_id=true)
|
|
14
|
+
def make_xml(name, opts = {}, data = '', append_session_id = true)
|
|
15
15
|
xml = REXML::Element.new(name)
|
|
16
16
|
if @session_id and append_session_id
|
|
17
17
|
xml.attributes['session-id'] = @session_id
|
data/lib/nexpose/vuln.rb
CHANGED
|
@@ -458,14 +458,13 @@ module Nexpose
|
|
|
458
458
|
end
|
|
459
459
|
|
|
460
460
|
expiration_date = input[:expiration_date]
|
|
461
|
-
if expiration_date && !expiration_date.empty? && expiration_date =~ /\A\
|
|
461
|
+
if expiration_date && !expiration_date.empty? && expiration_date =~ /\A\d{4}-(\d{2})-(\d{2})\z/
|
|
462
462
|
if $1.to_i > 12
|
|
463
463
|
raise ArgumentError.new 'The expiration date month value is invalid'
|
|
464
464
|
end
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
end
|
|
465
|
+
if $2.to_i > 31
|
|
466
|
+
raise ArgumentError.new 'The expiration date day value is invalid'
|
|
467
|
+
end
|
|
469
468
|
else
|
|
470
469
|
raise ArgumentError.new 'Expiration date is invalid'
|
|
471
470
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- HD Moore
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2013-
|
|
13
|
+
date: 2013-07-02 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: librex
|