nexpose 0.2.6 → 0.2.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/nexpose/common.rb +13 -13
- data/lib/nexpose/report.rb +32 -22
- data/lib/nexpose/site.rb +4 -8
- data/lib/nexpose/util.rb +1 -1
- data/lib/nexpose/vuln.rb +4 -5
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 3f12897628d1710af3338cb1dd054b486bdf6366
|
|
4
|
+
data.tar.gz: 9791475b4e43ad471b8d540bda2f9bc02e7b8de3
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 30abfc67f83742aba0c41f5b5289926dd9d3807680f8fc91cb8bda182db63706ab2ebd34259bf61d99466f0d8a204ba4f67ecd75d8926a95f132352a057e9e52
|
|
7
|
+
data.tar.gz: a6965ad2a9c31df45eef1efcc563bfa6fe9f7590716e5c5d6a3f70b71ed1be8ad6facffbde4d50b523ebb4582b44edc4f3c9fbd90e98e2acebff074245721e83
|
data/lib/nexpose/common.rb
CHANGED
|
@@ -110,9 +110,6 @@ module Nexpose
|
|
|
110
110
|
# The date after which the schedule is disabled, in ISO 8601 format.
|
|
111
111
|
attr_accessor :not_valid_after
|
|
112
112
|
|
|
113
|
-
# --
|
|
114
|
-
# TODO These are not captured or put to XML.
|
|
115
|
-
# ++
|
|
116
113
|
attr_accessor :incremental
|
|
117
114
|
attr_accessor :repeater_type
|
|
118
115
|
|
|
@@ -127,20 +124,23 @@ module Nexpose
|
|
|
127
124
|
xml = %Q{<Schedule enabled='#{@enabled ? 1 : 0}' type='#{@type}' interval='#{@interval}' start='#{@start}'}
|
|
128
125
|
xml << %Q{ maxDuration='#@max_duration'} if @max_duration
|
|
129
126
|
xml << %Q{ notValidAfter='#@not_valid_after'} if @not_valid_after
|
|
127
|
+
xml << %Q{ incremental='#{@incremental ? 1 : 0}'} if @incremental
|
|
128
|
+
xml << %Q{ repeaterType='#@repeater_type'} if @repeater_type
|
|
130
129
|
xml << '/>'
|
|
131
130
|
end
|
|
132
131
|
|
|
133
132
|
def self.parse(xml)
|
|
134
|
-
xml.
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
133
|
+
schedule = Schedule.new(xml.attributes['type'],
|
|
134
|
+
xml.attributes['interval'].to_i,
|
|
135
|
+
xml.attributes['start'],
|
|
136
|
+
xml.attributes['enabled'] != '0')
|
|
137
|
+
|
|
138
|
+
# Optional parameters.
|
|
139
|
+
schedule.max_duration = xml.attributes['maxDuration'].to_i if xml.attributes['maxDuration']
|
|
140
|
+
schedule.not_valid_after = xml.attributes['notValidAfter'] if xml.attributes['notValidAfter']
|
|
141
|
+
schedule.incremental = (xml.attributes['incremental'] && xml.attributes['incremental'] == '1')
|
|
142
|
+
schedule.repeater_type = xml.attributes['repeaterType'] if xml.attributes['repeaterType']
|
|
143
|
+
schedule
|
|
144
144
|
end
|
|
145
145
|
end
|
|
146
146
|
end
|
data/lib/nexpose/report.rb
CHANGED
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
module Nexpose
|
|
2
|
+
|
|
3
|
+
# NexposeAPI module is mixed into the Connection object, and all methods are
|
|
4
|
+
# expected to be called from there.
|
|
5
|
+
#
|
|
2
6
|
module NexposeAPI
|
|
3
7
|
include XMLUtils
|
|
4
8
|
|
|
5
9
|
# Generate a new report using the specified report definition.
|
|
6
10
|
def generate_report(report_id, wait = false)
|
|
7
|
-
xml = make_xml('ReportGenerateRequest', {'report-id' => report_id})
|
|
11
|
+
xml = make_xml('ReportGenerateRequest', { 'report-id' => report_id })
|
|
8
12
|
response = execute(xml)
|
|
9
13
|
if response.success
|
|
10
14
|
response.res.elements.each('//ReportSummary') do |summary|
|
|
11
15
|
summary = ReportSummary.parse(summary)
|
|
12
16
|
# If not waiting or the report is finished, return now.
|
|
13
|
-
return summary unless wait
|
|
17
|
+
return summary unless wait && summary.status == 'Started'
|
|
14
18
|
end
|
|
15
19
|
end
|
|
16
20
|
so_far = 0
|
|
@@ -29,11 +33,11 @@ module Nexpose
|
|
|
29
33
|
# Provide a history of all reports generated with the specified report
|
|
30
34
|
# definition.
|
|
31
35
|
def report_history(report_config_id)
|
|
32
|
-
xml = make_xml('ReportHistoryRequest', {'reportcfg-id' => report_config_id})
|
|
36
|
+
xml = make_xml('ReportHistoryRequest', { 'reportcfg-id' => report_config_id })
|
|
33
37
|
ReportSummary.parse_all(execute(xml))
|
|
34
38
|
end
|
|
35
39
|
|
|
36
|
-
# Get
|
|
40
|
+
# Get details of the last report generated with the specified report id.
|
|
37
41
|
def last_report(report_config_id)
|
|
38
42
|
history = report_history(report_config_id)
|
|
39
43
|
history.sort { |a, b| b.generated_on <=> a.generated_on }.first
|
|
@@ -42,13 +46,13 @@ module Nexpose
|
|
|
42
46
|
# Delete a previously generated report definition.
|
|
43
47
|
# Also deletes any reports generated from that configuration.
|
|
44
48
|
def delete_report_config(report_config_id)
|
|
45
|
-
xml = make_xml('ReportDeleteRequest', {'reportcfg-id' => report_config_id})
|
|
49
|
+
xml = make_xml('ReportDeleteRequest', { 'reportcfg-id' => report_config_id })
|
|
46
50
|
execute(xml).success
|
|
47
51
|
end
|
|
48
52
|
|
|
49
53
|
# Delete a previously generated report.
|
|
50
54
|
def delete_report(report_id)
|
|
51
|
-
xml = make_xml('ReportDeleteRequest', {'report-id' => report_id})
|
|
55
|
+
xml = make_xml('ReportDeleteRequest', { 'report-id' => report_id })
|
|
52
56
|
execute(xml).success
|
|
53
57
|
end
|
|
54
58
|
|
|
@@ -69,14 +73,14 @@ module Nexpose
|
|
|
69
73
|
|
|
70
74
|
# Retrieve the configuration for a report template.
|
|
71
75
|
def get_report_template(template_id)
|
|
72
|
-
xml = make_xml('ReportTemplateConfigRequest', {'template-id' => template_id})
|
|
76
|
+
xml = make_xml('ReportTemplateConfigRequest', { 'template-id' => template_id })
|
|
73
77
|
ReportTemplate.parse(execute(xml))
|
|
74
78
|
end
|
|
75
79
|
|
|
76
80
|
# Provide a listing of all report definitions the user can access on the
|
|
77
81
|
# Security Console.
|
|
78
82
|
def report_listing
|
|
79
|
-
r = execute(make_xml('ReportListingRequest'
|
|
83
|
+
r = execute(make_xml('ReportListingRequest'))
|
|
80
84
|
reports = []
|
|
81
85
|
if r.success
|
|
82
86
|
r.res.elements.each('//ReportConfigSummary') do |report|
|
|
@@ -90,7 +94,7 @@ module Nexpose
|
|
|
90
94
|
|
|
91
95
|
# Retrieve the configuration for a report definition.
|
|
92
96
|
def get_report_config(report_config_id)
|
|
93
|
-
xml = make_xml('ReportConfigRequest', {'reportcfg-id' => report_config_id})
|
|
97
|
+
xml = make_xml('ReportConfigRequest', { 'reportcfg-id' => report_config_id })
|
|
94
98
|
ReportConfig.parse(execute(xml))
|
|
95
99
|
end
|
|
96
100
|
end
|
|
@@ -160,7 +164,11 @@ module Nexpose
|
|
|
160
164
|
end
|
|
161
165
|
|
|
162
166
|
def self.parse(xml)
|
|
163
|
-
ReportSummary.new(xml.attributes['id'],
|
|
167
|
+
ReportSummary.new(xml.attributes['id'],
|
|
168
|
+
xml.attributes['cfg-id'],
|
|
169
|
+
xml.attributes['status'],
|
|
170
|
+
xml.attributes['generated-on'],
|
|
171
|
+
xml.attributes['report-URI'])
|
|
164
172
|
end
|
|
165
173
|
|
|
166
174
|
def self.parse_all(response)
|
|
@@ -229,7 +237,7 @@ module Nexpose
|
|
|
229
237
|
include XMLUtils
|
|
230
238
|
|
|
231
239
|
# Generate a report once using a simple configuration.
|
|
232
|
-
#
|
|
240
|
+
#
|
|
233
241
|
# For XML-based reports, only the raw report is returned and not any images.
|
|
234
242
|
#
|
|
235
243
|
# @param [Connection] connection Nexpose connection.
|
|
@@ -255,7 +263,7 @@ module Nexpose
|
|
|
255
263
|
if /.*base64.*/ =~ part.header.to_s
|
|
256
264
|
if @format =~ /(?:ht|x)ml/
|
|
257
265
|
if part.header.to_s =~ %r(text/(?:ht|x)ml)
|
|
258
|
-
return parse_xml(part.content.unpack(
|
|
266
|
+
return parse_xml(part.content.unpack('m*')[0]).to_s
|
|
259
267
|
end
|
|
260
268
|
else # text|pdf|csv|rtf
|
|
261
269
|
return part.content.unpack('m*')[0]
|
|
@@ -280,7 +288,7 @@ module Nexpose
|
|
|
280
288
|
# Array of user IDs which have access to resulting reports.
|
|
281
289
|
attr_accessor :users
|
|
282
290
|
# Configuration of when a report is generated.
|
|
283
|
-
attr_accessor :
|
|
291
|
+
attr_accessor :frequency
|
|
284
292
|
# Report delivery configuration.
|
|
285
293
|
attr_accessor :delivery
|
|
286
294
|
# Database export configuration.
|
|
@@ -313,7 +321,7 @@ module Nexpose
|
|
|
313
321
|
def self.build(connection, site_id, site_name, type, format, generate_now = false)
|
|
314
322
|
name = %Q{#{site_name} #{type} report in #{format}}
|
|
315
323
|
config = ReportConfig.new(name, type, format)
|
|
316
|
-
config.
|
|
324
|
+
config.frequency = Frequency.new(true, false)
|
|
317
325
|
config.filters << Filter.new('site', site_id)
|
|
318
326
|
config.save(connection, generate_now)
|
|
319
327
|
config
|
|
@@ -355,7 +363,7 @@ module Nexpose
|
|
|
355
363
|
xml << '</Users>'
|
|
356
364
|
|
|
357
365
|
xml << %Q{<Baseline compareTo='#{@baseline}' />} if @baseline
|
|
358
|
-
xml << @
|
|
366
|
+
xml << @frequency.to_xml if @frequency
|
|
359
367
|
xml << @delivery.to_xml if @delivery
|
|
360
368
|
xml << @db_export.to_xml if @db_export
|
|
361
369
|
|
|
@@ -385,7 +393,7 @@ module Nexpose
|
|
|
385
393
|
config.baseline = baseline.attributes['compareTo']
|
|
386
394
|
end
|
|
387
395
|
|
|
388
|
-
config.
|
|
396
|
+
config.frequency = Frequency.parse(cfg)
|
|
389
397
|
config.delivery = Delivery.parse(cfg)
|
|
390
398
|
config.db_export = DBExport.parse(cfg)
|
|
391
399
|
|
|
@@ -435,9 +443,9 @@ module Nexpose
|
|
|
435
443
|
end
|
|
436
444
|
|
|
437
445
|
# Data object associated with when a report is generated.
|
|
438
|
-
class
|
|
446
|
+
class Frequency
|
|
439
447
|
# Will the report be generated after a scan completes (true),
|
|
440
|
-
# or is it ad
|
|
448
|
+
# or is it ad hoc/scheduled (false).
|
|
441
449
|
attr_accessor :after_scan
|
|
442
450
|
# Whether or not a scan is scheduled.
|
|
443
451
|
attr_accessor :scheduled
|
|
@@ -459,13 +467,15 @@ module Nexpose
|
|
|
459
467
|
def self.parse(xml)
|
|
460
468
|
xml.elements.each('//Generate') do |generate|
|
|
461
469
|
if generate.attributes['after-scan'] == '1'
|
|
462
|
-
return
|
|
470
|
+
return Frequency.new(true, false)
|
|
463
471
|
else
|
|
464
472
|
if generate.attributes['schedule'] == '1'
|
|
465
|
-
|
|
466
|
-
|
|
473
|
+
generate.elements.each('Schedule') do |sched|
|
|
474
|
+
schedule = Schedule.parse(sched)
|
|
475
|
+
return Frequency.new(false, true, schedule)
|
|
476
|
+
end
|
|
467
477
|
end
|
|
468
|
-
return
|
|
478
|
+
return Frequency.new(false, false)
|
|
469
479
|
end
|
|
470
480
|
end
|
|
471
481
|
nil
|
data/lib/nexpose/site.rb
CHANGED
|
@@ -358,8 +358,8 @@ module Nexpose
|
|
|
358
358
|
xml << %Q(<ScanConfig configID="#{@id}" name="#{@scan_template_name || @scan_template}" templateID="#{@scan_template}" configVersion="#{@config_version || 3}" engineID="#{@engine}">)
|
|
359
359
|
|
|
360
360
|
xml << '<Schedules>'
|
|
361
|
-
@schedules.each do |
|
|
362
|
-
xml <<
|
|
361
|
+
@schedules.each do |schedule|
|
|
362
|
+
xml << schedule.to_xml
|
|
363
363
|
end
|
|
364
364
|
xml << '</Schedules>'
|
|
365
365
|
xml << '</ScanConfig>'
|
|
@@ -405,12 +405,8 @@ module Nexpose
|
|
|
405
405
|
site.scan_template = scan_config.attributes['templateID']
|
|
406
406
|
site.config_version = scan_config.attributes['configVersion'].to_i
|
|
407
407
|
site.engine = scan_config.attributes['engineID'].to_i
|
|
408
|
-
scan_config.elements.each('Schedules/Schedule') do |
|
|
409
|
-
|
|
410
|
-
sched.attributes['interval'],
|
|
411
|
-
sched.attributes['start'],
|
|
412
|
-
sched.attributes['enabled'])
|
|
413
|
-
site.schedules << schedule
|
|
408
|
+
scan_config.elements.each('Schedules/Schedule') do |schedule|
|
|
409
|
+
site.schedules << Schedule.parse(schedule)
|
|
414
410
|
end
|
|
415
411
|
end
|
|
416
412
|
|
data/lib/nexpose/util.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Nexpose
|
|
|
11
11
|
::REXML::Document.new(xml.to_s)
|
|
12
12
|
end
|
|
13
13
|
|
|
14
|
-
def make_xml(name, opts={}, data='', append_session_id=true)
|
|
14
|
+
def make_xml(name, opts = {}, data = '', append_session_id = true)
|
|
15
15
|
xml = REXML::Element.new(name)
|
|
16
16
|
if @session_id and append_session_id
|
|
17
17
|
xml.attributes['session-id'] = @session_id
|
data/lib/nexpose/vuln.rb
CHANGED
|
@@ -458,14 +458,13 @@ module Nexpose
|
|
|
458
458
|
end
|
|
459
459
|
|
|
460
460
|
expiration_date = input[:expiration_date]
|
|
461
|
-
if expiration_date && !expiration_date.empty? && expiration_date =~ /\A\
|
|
461
|
+
if expiration_date && !expiration_date.empty? && expiration_date =~ /\A\d{4}-(\d{2})-(\d{2})\z/
|
|
462
462
|
if $1.to_i > 12
|
|
463
463
|
raise ArgumentError.new 'The expiration date month value is invalid'
|
|
464
464
|
end
|
|
465
|
-
|
|
466
|
-
|
|
467
|
-
|
|
468
|
-
end
|
|
465
|
+
if $2.to_i > 31
|
|
466
|
+
raise ArgumentError.new 'The expiration date day value is invalid'
|
|
467
|
+
end
|
|
469
468
|
else
|
|
470
469
|
raise ArgumentError.new 'Expiration date is invalid'
|
|
471
470
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.2.
|
|
4
|
+
version: 0.2.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- HD Moore
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: bin
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2013-
|
|
13
|
+
date: 2013-07-02 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: librex
|