nexpose 0.2.8 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/nexpose.rb +18 -9
- data/lib/nexpose/ajax.rb +127 -0
- data/lib/nexpose/alert.rb +29 -36
- data/lib/nexpose/common.rb +13 -12
- data/lib/nexpose/connection.rb +18 -13
- data/lib/nexpose/creds.rb +16 -55
- data/lib/nexpose/dag.rb +73 -0
- data/lib/nexpose/data_table.rb +134 -0
- data/lib/nexpose/device.rb +111 -0
- data/lib/nexpose/engine.rb +194 -0
- data/lib/nexpose/filter.rb +341 -0
- data/lib/nexpose/group.rb +33 -37
- data/lib/nexpose/manage.rb +4 -0
- data/lib/nexpose/pool.rb +142 -0
- data/lib/nexpose/report.rb +72 -278
- data/lib/nexpose/report_template.rb +249 -0
- data/lib/nexpose/scan.rb +196 -54
- data/lib/nexpose/scan_template.rb +103 -0
- data/lib/nexpose/site.rb +91 -237
- data/lib/nexpose/ticket.rb +173 -119
- data/lib/nexpose/user.rb +11 -3
- data/lib/nexpose/vuln.rb +81 -338
- data/lib/nexpose/vuln_exception.rb +368 -0
- metadata +12 -4
- data/lib/nexpose/misc.rb +0 -35
- data/lib/nexpose/scan_engine.rb +0 -325
data/lib/nexpose/scan_engine.rb
DELETED
@@ -1,325 +0,0 @@
|
|
1
|
-
module Nexpose
|
2
|
-
module NexposeAPI
|
3
|
-
include XMLUtils
|
4
|
-
|
5
|
-
# Removes a scan engine from the list of available engines.
|
6
|
-
def delete_engine(engine_id)
|
7
|
-
xml = make_xml('EngineDeleteRequest', {'engine-id' => engine_id})
|
8
|
-
execute(xml, '1.2')
|
9
|
-
end
|
10
|
-
|
11
|
-
# Provide a list of current scan activities for a specific Scan Engine.
|
12
|
-
#
|
13
|
-
# @return [Array[ScanSummary]] Array of ScanSummary objects associated with
|
14
|
-
# each active scan on the engine.
|
15
|
-
#
|
16
|
-
def engine_activity(engine_id)
|
17
|
-
xml = make_xml('EngineActivityRequest', {'engine-id' => engine_id})
|
18
|
-
r = execute(xml)
|
19
|
-
arr = []
|
20
|
-
if r.success
|
21
|
-
r.res.elements.each('//ScanSummary') do |scan_event|
|
22
|
-
arr << ScanSummary.parse(scan_event)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
arr
|
26
|
-
end
|
27
|
-
|
28
|
-
# Retrieve a list of all Scan Engines managed by the Security Console.
|
29
|
-
#
|
30
|
-
# @return [Array[EngineSummary]] Array of EngineSummary objects associated with
|
31
|
-
# each engine associated with this security console.
|
32
|
-
#
|
33
|
-
def list_engines
|
34
|
-
response = execute(make_xml('EngineListingRequest'))
|
35
|
-
arr = []
|
36
|
-
if response.success
|
37
|
-
response.res.elements.each('//EngineSummary') do |engine|
|
38
|
-
arr << EngineSummary.new(engine.attributes['id'].to_i,
|
39
|
-
engine.attributes['name'],
|
40
|
-
engine.attributes['address'],
|
41
|
-
engine.attributes['port'].to_i,
|
42
|
-
engine.attributes['status'])
|
43
|
-
end
|
44
|
-
end
|
45
|
-
arr
|
46
|
-
end
|
47
|
-
|
48
|
-
alias_method :engines, :list_engines
|
49
|
-
end
|
50
|
-
|
51
|
-
# Object representing the current details of a scan engine attached to the security console.
|
52
|
-
#
|
53
|
-
class EngineSummary
|
54
|
-
|
55
|
-
# A unique ID that identifies this scan engine.
|
56
|
-
attr_reader :id
|
57
|
-
# The name of this scan engine.
|
58
|
-
attr_reader :name
|
59
|
-
# The hostname or IP address of the engine.
|
60
|
-
attr_reader :address
|
61
|
-
# The port there the engine is listening.
|
62
|
-
attr_reader :port
|
63
|
-
# The engine status. One of: active|pending-auth|incompatible|not-responding|unknown
|
64
|
-
attr_reader :status
|
65
|
-
# A parameter that specifies whether the engine has a global
|
66
|
-
# or silo-specific scope.
|
67
|
-
attr_reader :scope
|
68
|
-
|
69
|
-
def initialize(id, name, address, port, status, scope = 'silo')
|
70
|
-
@id = id
|
71
|
-
@name = name
|
72
|
-
@address = address
|
73
|
-
@port = port
|
74
|
-
@status = status
|
75
|
-
@scope = scope
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
#-------------------------------------------------------------------------------------------------------------------
|
80
|
-
#
|
81
|
-
#-------------------------------------------------------------------------------------------------------------------
|
82
|
-
class EngineConfig
|
83
|
-
attr_accessor :id
|
84
|
-
attr_accessor :address
|
85
|
-
attr_accessor :name
|
86
|
-
attr_accessor :port
|
87
|
-
attr_accessor :scope
|
88
|
-
attr_accessor :priority
|
89
|
-
|
90
|
-
# An array of site IDs. Currently do not support 'name' value,
|
91
|
-
# which is optional in the API.
|
92
|
-
attr_accessor :sites
|
93
|
-
|
94
|
-
def initialize(connection, id = -1)
|
95
|
-
@connection = connection
|
96
|
-
@id = id
|
97
|
-
@address = nil
|
98
|
-
@name = nil
|
99
|
-
@port = 40814
|
100
|
-
@scope = 'silo'
|
101
|
-
@priority = 'normal'
|
102
|
-
@sites = []
|
103
|
-
|
104
|
-
# If valid ID provided, retrieve data from server.
|
105
|
-
if id > 0
|
106
|
-
xml = '<EngineConfigRequest session-id="' + @connection.session_id + '"'
|
107
|
-
xml << %Q{ engine-id="#{id}"}
|
108
|
-
xml << ' />'
|
109
|
-
r = @connection.execute(xml, '1.2')
|
110
|
-
|
111
|
-
if r.success
|
112
|
-
r.res.elements.each('EngineConfigResponse/EngineConfig') do |v|
|
113
|
-
@id = v.attributes['id']
|
114
|
-
@address = v.attributes['address']
|
115
|
-
@name = v.attributes['name']
|
116
|
-
@port = v.attributes['port']
|
117
|
-
@scope = v.attributes['scope']
|
118
|
-
v.elements.each('Site') do |s|
|
119
|
-
@sites << s.attributes['id']
|
120
|
-
end
|
121
|
-
end
|
122
|
-
else
|
123
|
-
@error = true
|
124
|
-
@error_msg = 'EngineConfigRequest Parse Error'
|
125
|
-
end
|
126
|
-
end
|
127
|
-
end
|
128
|
-
|
129
|
-
def add_site(site_id)
|
130
|
-
sites << site_id
|
131
|
-
end
|
132
|
-
|
133
|
-
def to_xml
|
134
|
-
xml = '<EngineConfig'
|
135
|
-
xml << %Q{ id="#{id}"}
|
136
|
-
xml << %Q{ address="#{address}"}
|
137
|
-
xml << %Q{ name="#{name}"}
|
138
|
-
xml << %Q{ port="#{port}"}
|
139
|
-
xml << %Q{ scope="#{scope}"}
|
140
|
-
xml << %Q{ priority="#{priority}"} if (priority)
|
141
|
-
xml << '>'
|
142
|
-
sites.each do |site|
|
143
|
-
xml << %Q{<Site id="#{site}" />}
|
144
|
-
end
|
145
|
-
xml << '</EngineConfig>'
|
146
|
-
xml
|
147
|
-
end
|
148
|
-
|
149
|
-
# Save this engine configuration
|
150
|
-
# Example usage:
|
151
|
-
# engine = EngineConfig.new(@nsc)
|
152
|
-
# engine.address = 'atlanta.company.com'
|
153
|
-
# engine.name = 'Atlanta Engine'
|
154
|
-
# engine.save()
|
155
|
-
def save
|
156
|
-
xml = '<EngineSaveRequest session-id="' + @connection.session_id + '">'
|
157
|
-
xml << to_xml
|
158
|
-
xml << '</EngineSaveRequest>'
|
159
|
-
|
160
|
-
r = @connection.execute(xml, '1.2')
|
161
|
-
if r.success
|
162
|
-
r.res.elements.each('EngineSaveResponse/EngineConfig') do |v|
|
163
|
-
return @id = v.attributes['id']
|
164
|
-
end
|
165
|
-
else (r.success)
|
166
|
-
@error = true
|
167
|
-
@error_msg = 'EngineSaveRequest Parse Error'
|
168
|
-
end
|
169
|
-
end
|
170
|
-
|
171
|
-
def delete
|
172
|
-
@connection.delete_engine(@id)
|
173
|
-
end
|
174
|
-
end
|
175
|
-
|
176
|
-
# Core objects for creating an engine pool
|
177
|
-
# Example usage:
|
178
|
-
# pool = EnginePool.new('East Coast Pool')
|
179
|
-
# pool.add('New York Engine')
|
180
|
-
# pool.add('Georgia Engine')
|
181
|
-
# pool.create(@nsc)
|
182
|
-
class EnginePool
|
183
|
-
attr_accessor :id
|
184
|
-
attr_accessor :name
|
185
|
-
attr_accessor :scope
|
186
|
-
# Array containing (EngineSummary*)
|
187
|
-
attr_accessor :engines
|
188
|
-
|
189
|
-
def initialize(name, id = -1, scope = 'silo')
|
190
|
-
@name = name
|
191
|
-
@id = id
|
192
|
-
@scope = scope
|
193
|
-
@engines = []
|
194
|
-
end
|
195
|
-
|
196
|
-
# Add an engine to the pool by name (not ID).
|
197
|
-
# Only use this for creating pools.
|
198
|
-
def add(engine)
|
199
|
-
@engines << EngineSummary.new(-1, engine, 'nowhere', 40814, 'unknown')
|
200
|
-
end
|
201
|
-
|
202
|
-
# Creates a new engine pool, and adds scan engines to the pool.
|
203
|
-
def create(connection)
|
204
|
-
xml = '<EnginePoolCreateRequest session-id="' + connection.session_id + '">'
|
205
|
-
xml << %Q{<EnginePool name="#{@name}" scope="#{@scope}">}
|
206
|
-
@engines.each do |engine|
|
207
|
-
xml << %Q{<Engine name="#{engine.name}" />}
|
208
|
-
end
|
209
|
-
xml << '</EnginePool>'
|
210
|
-
xml << '</EnginePoolCreateRequest>'
|
211
|
-
|
212
|
-
r = connection.execute(xml, '1.2')
|
213
|
-
if r.success
|
214
|
-
r.res.elements.each('EnginePoolCreateResponse') do |v|
|
215
|
-
@id = v.attributes['id']
|
216
|
-
end
|
217
|
-
else
|
218
|
-
@error = true
|
219
|
-
@error_msg = 'EnginePoolCreateResponse Parse Error'
|
220
|
-
end
|
221
|
-
end
|
222
|
-
|
223
|
-
# Deletes an engine pool
|
224
|
-
def delete(connection)
|
225
|
-
xml = '<EnginePoolDeleteRequest session-id="' + connection.session_id + '">'
|
226
|
-
xml << %Q{<EnginePool name="#{@name}" scope="#{@scope}" />}
|
227
|
-
xml << '</EnginePoolDeleteRequest>'
|
228
|
-
|
229
|
-
r = connection.execute(xml, '1.2')
|
230
|
-
unless r.success
|
231
|
-
@error = true
|
232
|
-
@error_msg = 'EnginePoolDeleteResponse Parse Error'
|
233
|
-
end
|
234
|
-
end
|
235
|
-
|
236
|
-
# Updates a specific role with new information. An EnginePoolUpdate is
|
237
|
-
# similar to an EnginePoolCreate, except that an EnginePoolUpdate replaces
|
238
|
-
# any previously existing information with the new information specified in
|
239
|
-
# the EnginePoolUpdateRequest.
|
240
|
-
def update(connection)
|
241
|
-
xml = '<EnginePoolUpdateRequest session-id="' + connection.session_id + '">'
|
242
|
-
xml << %Q{<EnginePool id="#{@id}" name="#{@name}" scope="#{@scope}">}
|
243
|
-
@engines.each do |engine|
|
244
|
-
xml << %Q{<Engine name="#{engine.name}" />}
|
245
|
-
end
|
246
|
-
xml << '</EnginePool>'
|
247
|
-
xml << '</EnginePoolUpdateRequest>'
|
248
|
-
|
249
|
-
r = connection.execute(xml, '1.2')
|
250
|
-
if r.success
|
251
|
-
r.res.elements.each('EnginePoolUpdateResponse') do |v|
|
252
|
-
@id = v.attributes['id']
|
253
|
-
end
|
254
|
-
else
|
255
|
-
@error = true
|
256
|
-
@error_msg = 'EnginePoolCreateResponse Parse Error'
|
257
|
-
end
|
258
|
-
end
|
259
|
-
|
260
|
-
# Returns detailed information about a single engine pool.
|
261
|
-
def load_details(connection)
|
262
|
-
xml = '<EnginePoolDetailsRequest session-id="' + connection.session_id + '">'
|
263
|
-
xml << %Q{<EnginePool name="#{@name}" scope="#{@scope}" />}
|
264
|
-
xml << '</EnginePoolDetailsRequest>'
|
265
|
-
|
266
|
-
r = connection.execute(xml, '1.2')
|
267
|
-
if r.success
|
268
|
-
r.res.elements.each('EnginePoolDetailsResponse/EnginePool') do |pool|
|
269
|
-
@id = pool.attributes['id']
|
270
|
-
@name = pool.attributes['name']
|
271
|
-
@scope = pool.attributes['scope']
|
272
|
-
@engines = []
|
273
|
-
r.res.elements.each('EnginePoolDetailsResponse/EnginePool/EngineSummary') do |summary|
|
274
|
-
@engines.push(EngineSummary.new(summary.attributes['id'].to_i,
|
275
|
-
summary.attributes['name'],
|
276
|
-
summary.attributes['address'],
|
277
|
-
summary.attributes['port'].to_i,
|
278
|
-
summary.attributes['status'],
|
279
|
-
summary.attributes['scope']))
|
280
|
-
end
|
281
|
-
end
|
282
|
-
else
|
283
|
-
@error = true
|
284
|
-
@error_msg = 'EnginePoolListingResponse Parse Error'
|
285
|
-
end
|
286
|
-
end
|
287
|
-
|
288
|
-
def to_s
|
289
|
-
"Engine Pool: #{@name} [ID: #{@id}], Scope: #{@scope}\n" + @engines.map { |engine| " #{engine}" }.join("\n")
|
290
|
-
end
|
291
|
-
end
|
292
|
-
|
293
|
-
# A summary of an engine pool.
|
294
|
-
class EnginePoolSummary
|
295
|
-
attr_reader :id
|
296
|
-
attr_reader :name
|
297
|
-
attr_reader :scope
|
298
|
-
|
299
|
-
def initialize(id, name, scope = 'silo')
|
300
|
-
@id = id
|
301
|
-
@name = name
|
302
|
-
@scope = scope
|
303
|
-
end
|
304
|
-
|
305
|
-
def to_s
|
306
|
-
"Engine Pool: #{@name} [ID: #{@id}], scope: #{@scope}"
|
307
|
-
end
|
308
|
-
|
309
|
-
# Returns a summary list of all engine pools.
|
310
|
-
def self.listing(connection)
|
311
|
-
xml = '<EnginePoolListingRequest session-id="' + connection.session_id + '" />'
|
312
|
-
r = connection.execute(xml, '1.2')
|
313
|
-
if r.success
|
314
|
-
list = []
|
315
|
-
r.res.elements.each('EnginePoolListingResponse/EnginePoolSummary') do |eps|
|
316
|
-
list << EnginePoolSummary.new(eps.attributes['id'], eps.attributes['name'], eps.attributes['scope'])
|
317
|
-
end
|
318
|
-
list
|
319
|
-
else
|
320
|
-
@error = true
|
321
|
-
@error_msg = 'EnginePoolListingResponse Parse Error'
|
322
|
-
end
|
323
|
-
end
|
324
|
-
end
|
325
|
-
end
|