nexpose 0.5.2 → 0.5.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 375665364ba49ff95d55ef5cf904955697a1ba5d
-  data.tar.gz: 863da9f7656341a934e154e5f576a6225afc3df4
+  metadata.gz: e8935aa7f34673791e16d2ef7f0018d4b426f868
+  data.tar.gz: 3dfda1fcff2281812f79c257ef588c5db6cb47b3
 SHA512:
-  metadata.gz: 882e9bec98184b52d96c897c84cf36d226ed638125d8faa66ef1e7aa2ad8994792977b03ce799b312971c6ff677fa4cfbc5db7b511af5d502e04fb333a3d095e
-  data.tar.gz: 4b6460e699d3723cb50bc86f81aa0a7ddf6a1de1a9e7a3e2fc0dd1f28b761794e25f80eb063aef83b46c16eee19d6b03e2b4c4ea579078c8ed562175de02fb73
+  metadata.gz: 31e32bae88bbd50208c24c224656c613cf9936643a2e5551d3b5c686235063693994718372064b0e3f68f7c8419b3830bb136304b4751c00b5fbfc4ae31e066d
+  data.tar.gz: 2ea765ea307bda92fdd33d9c50cf58a498edbb7be00c720693c3bd2a7ecadfa25e658f803d942e79149105f76488e6bbd4c635a4ed0c43eeacff9c3bb27225f2

data/lib/README.md

@@ -1,5 +1,3 @@
 # Nexpose Client
 
 The nexpose.rb file should act simply as a means of collecing all the sub-elements of the client into a single module.
-
-If adding or adjusting code, please note that all calls directly against the Connection object are currently implemented within the NexposeAPI module. This style of call should mostly be for listing and simple query calls, and not for configuration requests that will return an editable class.

data/lib/nexpose/ajax.rb

@@ -119,7 +119,7 @@ module Nexpose
       when Net::HTTPOK
         response.body
       else
-        req_type = request.class.name.split('::').last
+        req_type = request.class.name.split('::').last.upcase
         raise Nexpose::APIError.new(response, "#{req_type} request to #{request.path} failed. #{request.body}")
       end
     end

data/lib/nexpose/backup.rb

@@ -1,6 +1,6 @@
 module Nexpose
 
-  module NexposeAPI
+  class Connection
 
     # Retrieve a list of all backups currently stored on the Console.
     #

data/lib/nexpose/connection.rb

@@ -25,7 +25,6 @@ module Nexpose
   #
   class Connection
     include XMLUtils
-    include NexposeAPI
 
     # Session ID of this connection
     attr_reader :session_id

data/lib/nexpose/device.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Find a Device by its address.

data/lib/nexpose/engine.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Removes a scan engine from the list of available engines.

data/lib/nexpose/filter.rb

@@ -1,6 +1,6 @@
 module Nexpose
 
-  module NexposeAPI
+  class Connection
 
     # Perform an asset filter search that will locate assets matching the
     # provided conditions.

data/lib/nexpose/group.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Delete an asset group and all associated data.

data/lib/nexpose/manage.rb

@@ -1,6 +1,7 @@
 # General management and diagnostic functions.
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Execute an arbitrary console command that is supplied as text via the

data/lib/nexpose/pool.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Retrieve a list of all Scan Engine Pools managed by the Security Console.

data/lib/nexpose/report.rb

@@ -1,9 +1,6 @@
 module Nexpose
 
-  # NexposeAPI module is mixed into the Connection object, and all methods are
-  # expected to be called from there.
-  #
-  module NexposeAPI
+  class Connection
     include XMLUtils
 
     # Provide a listing of all report definitions the user can access on the

data/lib/nexpose/report_template.rb

@@ -1,9 +1,6 @@
 module Nexpose
 
-  # NexposeAPI module is mixed into the Connection object, and all methods are
-  # expected to be called from there.
-  #
-  module NexposeAPI
+  class Connection
     include XMLUtils
 
     # Provide a list of all report templates the user can access on the

data/lib/nexpose/role.rb

@@ -44,7 +44,7 @@ module Nexpose
     end
   end
 
-  module NexposeAPI
+  class Connection
     include XMLUtils
 
     # Returns a summary list of all roles.

data/lib/nexpose/scan.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Perform an ad hoc scan of a single device.

data/lib/nexpose/scan_template.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
 
     # List the scan templates currently configured on the console.
     #
@@ -23,68 +24,307 @@ module Nexpose
   end
 
   # Configuration object for a scan template.
+  #
+  # The constructor is designed to take a valid XML representation of a scan
+  # template. If you wish to create a new scan template from scratch, use the
+  # #load method without a template ID. If you wish to copy and modify an
+  # existing template, use the #copy method.
+  #
   # This class is only a partial representation of some of the features
   # available for configuration.
   #
   class ScanTemplate
 
-    # Unique identifier of the scan template.
-    attr_accessor :id
+    # Parsed XML of a scan template.
+    attr_reader :xml
 
-    attr_accessor :name
-    attr_accessor :description
+    # @param [String] xml XML representation of a scan template.
+    def initialize(xml)
+      @xml = REXML::Document.new(xml)
+    end
 
-    # Whether to correlate reliable checks with regular checks.
-    attr_accessor :correlate
+    # @return [String] Unique identifier of the scan template.
+    def id
+      root = REXML::XPath.first(xml, 'ScanTemplate')
+      root.attributes['id']
+    end
 
-    # Parsed XML of a scan template
-    attr_accessor :xml
+    # @return [String] Name or title of this scan template.
+    def name
+      desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
+      desc.nil? ? nil : desc.attributes['title']
+    end
 
-    def initialize(xml)
-      @xml = xml
+    # Assign name to this scan template. Required attribute.
+    # @param [String] name Title to assign.
+    def name=(name)
+      desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
+      if desc
+        desc.attributes['title'] = name
+      else
+        root = REXML::XPath.first(xml, 'ScanTemplate')
+        desc = REXML::Element.new('templateDescription')
+        desc.add_attribute('title', name)
+        root.add_element(desc)
+      end
+    end
 
-      root = REXML::XPath.first(xml, 'ScanTemplate')
-      @id = root.attributes['id']
+    # @return [String] Description of this scan template.
+    def description
+      desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
+      desc.nil? ? nil : desc.text.to_s
+    end
 
-      desc = REXML::XPath.first(root, 'templateDescription')
-      @name = desc.attributes['title']
-      @description = desc.text.to_s
+    # Assign a description to this scan template. Require attribute.
+    # @param [String] description Description of the scan template.
+    def description=(description)
+      desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
+      if desc
+        desc.text = description
+      else
+        root = REXML::XPath.first(xml, 'ScanTemplate')
+        desc = REXML::Element.new('templateDescription')
+        desc.add_text(description)
+        root.add_element(desc)
+      end
+    end
 
-      vuln_checks = REXML::XPath.first(root, 'VulnerabilityChecks')
-      @correlate = vuln_checks.attributes['correlate'] == '1'
+    # @return [Boolean] Whether vuln scanning in enabled.
+    def vuln_scanning?
+      gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
+      gen.attributes['disableVulnScan'] == '0'
     end
 
-    # Save this scan template configuration to a Nexpose console.
+    # Adjust whether to perform vuln scanning with this template.
+    # @param [Boolean] enable Whether to turn on vuln scanning.
+    def vuln_scanning=(enable)
+      gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
+      gen.attributes['disableVulnScan'] = enable ? '0' : '1'
+    end
+
+    # @return [Boolean] Whether policy scanning in enabled.
+    def policy_scanning?
+      gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
+      gen.attributes['disablePolicyScan'] == '0'
+    end
+
+    # Adjust whether to perform policy scanning with this template.
+    # @param [Boolean] enable Whether to turn on policy scanning.
+    def policy_scanning=(enable)
+      gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
+      gen.attributes['disablePolicyScan'] = enable ? '0' : '1'
+    end
+
+    # @return [Boolean] Whether web spidering in enabled.
+    def web_spidering?
+      gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
+      gen.attributes['disableWebSpider'] == '0'
+    end
+
+    # Adjust whether to perform web spidering with this template.
+    # @param [Boolean] enable Whether to turn on web spider scanning.
+    def web_spidering=(enable)
+      gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
+      gen.attributes['disableWebSpider'] = enable ? '0' : '1'
+    end
+
+    # @return [Boolean] Whether to correlate reliable checks with regular checks.
+    def correlate?
+      vuln_checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
+      vuln_checks.attributes['correlate'] == '1'
+    end
+
+    # Adjust whether to correlate reliable checks with regular checks.
+    # @param [Boolean] enable Whether to turn on vulnerability correlation.
+    def correlate=(enable)
+      vuln_checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
+      vuln_checks.attributes['correlate'] = enable ? '1' : '0'
+    end
+
+    # @return [Boolean] Whether unsafe vulnerability checks are performed
+    #   by this template.
+    def unsafe_checks?
+      checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
+      checks.attributes['unsafe'] == '1'
+    end
+
+    # Adjust whether to perform unsafe vulnerability checks with this template.
+    # @param [Boolean] enable Whether to turn on unsafe checks.
+    def unsafe_checks=(enable)
+      checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
+      checks.attributes['unsafe'] = enable ? '1' : '0'
+    end
+
+    # @return [Boolean] Whether potential vulnerability checks are performed
+    #   with this template.
+    def potential_checks?
+      checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
+      checks.attributes['potential'] == '1'
+    end
+
+    # Adjust whether to perform potential vulnerability checks with this template.
+    # @param [Boolean] enable Whether to turn on potential checks.
+    def potential_checks=(enable)
+      checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
+      checks.attributes['potential'] = enable ? '1' : '0'
+    end
+
+    # Get a list of the check categories enabled for this scan template.
     #
-    def save(nsc)
-      root = REXML::XPath.first(@xml, 'ScanTemplate')
-      existing = root.attributes['id'] == @id
-      root.attributes['id'] = @id unless existing
+    # @return [Array[String]] List of enabled categories.
+    #
+    def checks_by_category
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
+      checks.elements.to_a('VulnCategory').map { |c| c.attributes['name'] }
+    end
 
-      desc = REXML::XPath.first(root, 'templateDescription')
-      desc.attributes['title'] = @name
-      desc.text = @description
+    # Enable checks by category for this template.
+    #
+    # @param [String] category Category to enable. @see #list_vuln_categories
+    #
+    def enable_checks_by_category(category)
+      _enable_check(category, 'VulnCategory')
+    end
 
-      vuln_checks = REXML::XPath.first(root, 'VulnerabilityChecks')
-      vuln_checks.attributes['correlate'] = (@correlate ? '1' : '0')
+    # Disable checks by category for this template.
+    #
+    # @param [String] category Category to disable. @see #list_vuln_categories
+    #
+    def disable_checks_by_category(category)
+      _disable_check(category, 'VulnCategory')
+    end
 
-      if existing
-        response = AJAX.put(nsc, "/data/scan/templates/#{URI.encode(id)}", xml)
-      else
+    # Remove checks by category for this template. Removes both enabled and
+    # disabled checks.
+    #
+    # @param [String] category Category to remove. @see #list_vuln_categories
+    #
+    def remove_checks_by_category(category)
+      _remove_check(category, 'VulnCategory')
+    end
+
+    # Get a list of the check types enabled for this scan template.
+    #
+    # @return [Array[String]] List of enabled check types.
+    #
+    def checks_by_type
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
+      checks.elements.to_a('CheckType').map { |c| c.attributes['name'] }
+    end
+
+    # Enable checks by type for this template.
+    #
+    # @param [String] type Type to enable. @see #list_vuln_types
+    #
+    def enable_checks_by_type(type)
+      _enable_check(type, 'CheckType')
+    end
+
+    # Disable checks by type for this template.
+    #
+    # @param [String] type Type to disable. @see #list_vuln_types
+    #
+    def disable_checks_by_type(type)
+      _disable_check(type, 'CheckType')
+    end
+
+    # Remove checks by type for this template. Removes both enabled and
+    # disabled checks.
+    #
+    # @param [String] type Type to remove. @see #list_vuln_types
+    #
+    def remove_checks_by_type(type)
+      _remove_check(type, 'CheckType')
+    end
+
+    def _enable_check(check, elem)
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
+      checks.elements.delete("Disabled/#{elem}[@name='#{check}']")
+      checks.elements['Enabled'].add_element(elem, { 'name' => check })
+    end
+
+    def _disable_check(check, elem)
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
+      checks.elements.delete("Enabled/#{elem}[@name='#{check}']")
+      checks.elements['Disabled'].add_element(elem, { 'name' => check })
+    end
+
+    def _remove_check(check, elem)
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
+      checks.elements.delete("Disabled/#{elem}[@name='#{check}']")
+      checks.elements.delete("Enabled/#{elem}[@name='#{check}']")
+    end
+
+    # Get a list of the individual vuln checks enabled for this scan template.
+    #
+    # @return [Array[String]] List of enabled vulnerability checks.
+    #
+    def vuln_checks
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
+      checks.elements.to_a('Check').map { |c| c.attributes['id'] }
+    end
+
+    # Enable individual check for this template.
+    #
+    # @param [String] check_id Unique identifier of vuln check.
+    #
+    def enable_vuln_check(check_id)
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
+      checks.elements.delete("Disabled/Check[@id='#{check_id}']")
+      checks.elements['Enabled'].add_element('Check', { 'id' => check_id })
+    end
+
+    # Disable individual check for this template.
+    #
+    # @param [String] check_id Unique identifier of vuln check.
+    #
+    def disable_vuln_check(check_id)
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
+      checks.elements.delete("Enabled/Check[@id='#{check_id}']")
+      checks.elements['Disabled'].add_element('Check', { 'id' => check_id })
+    end
+
+    # Remove individual check for this template. Removes both enabled and
+    # disabled checks.
+    #
+    # @param [String] check_id Unique identifier of vuln check.
+    #
+    def remove_vuln_check(check_id)
+      checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
+      checks.elements.delete("Disabled/Check[@id='#{check_id}']")
+      checks.elements.delete("Enabled/Check[@id='#{check_id}']")
+    end
+
+    # Save this scan template configuration to a Nexpose console.
+    #
+    # @param [Connection] nsc API connection to a Nexpose console.
+    #
+    def save(nsc)
+      root = REXML::XPath.first(@xml, 'ScanTemplate')
+      if root.attributes['id'] == '#NewScanTemplate#'
         response = JSON.parse(AJAX.post(nsc, '/data/scan/templates', xml))
-        @id = response['value']
+        root.attributes['id'] = response['value']
+      else
+        response = JSON.parse(AJAX.put(nsc, "/data/scan/templates/#{URI.encode(id)}", xml))
       end
+      response['value']
     end
 
-    # Load an existing scan template.
+    # Load a scan template.
     #
     # @param [Connection] nsc API connection to a Nexpose console.
     # @param [String] id Unique identifier of an existing scan template.
+    #   If no ID is provided, a blank, base template will be returned.
     # @return [ScanTemplate] The requested scan template configuration.
     #
-    def self.load(nsc, id)
-      response = JSON.parse(AJAX.get(nsc, "/data/scan/templates/#{URI.encode(id)}"))
-      new(REXML::Document.new(response['value']))
+    def self.load(nsc, id = nil)
+      if id
+        response = JSON.parse(AJAX.get(nsc, "/data/scan/templates/#{URI.encode(id)}"))
+        xml = response['value']
+      else
+        xml = AJAX.get(nsc, '/ajax/scantemplate_config.txml')
+      end
+      new(xml)
     end
 
     # Copy an existing scan template, changing the id and title.
@@ -95,9 +335,18 @@ module Nexpose
     #
     def self.copy(nsc, id)
       dupe = load(nsc, id)
-      dupe.id = "#{dupe.id}-copy"
+      dupe.id = '#NewScanTemplate#'
       dupe.title = "#{dupe.title} Copy"
       dupe
     end
+
+    # Delete this scan template from the console.
+    # Cannot be used to delete a built-in template.
+    #
+    # @param [Connection] nsc API connection to a Nexpose console.
+    #
+    def delete(nsc)
+      nsc.delete_scan_template(@id)
+    end
   end
 end

data/lib/nexpose/shared_cred.rb

@@ -1,6 +1,6 @@
 module Nexpose
 
-  module NexposeAPI
+  class Connection
 
     def list_shared_credentials
       creds = DataTable._get_json_table(self,

data/lib/nexpose/silo.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     ###################

data/lib/nexpose/site.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Retrieve a list of all sites the user is authorized to view or manage.

data/lib/nexpose/ticket.rb

@@ -1,6 +1,6 @@
 module Nexpose
 
-  module NexposeAPI
+  class Connection
     include XMLUtils
 
     def list_tickets

data/lib/nexpose/user.rb

@@ -1,6 +1,6 @@
 module Nexpose
 
-  module NexposeAPI
+  class Connection
     include XMLUtils
 
     # Retrieve a list of all users configured on this console.

data/lib/nexpose/util.rb

@@ -1,4 +1,5 @@
 module Nexpose
+
   module Sanitize
     def replace_entities(str)
       str.to_s.gsub(/&/, '&amp;').gsub(/'/, '&apos;').gsub(/"/, '&quot;').gsub(/</, '&lt;').gsub(/>/, '&gt;')

data/lib/nexpose/vuln.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Retrieve summary details of all vulnerabilities.
@@ -30,6 +31,28 @@ module Nexpose
 
     alias_method :vulns, :list_vulns
 
+    # Retrieve a list of the different vulnerability check categories.
+    #
+    # @return [Array[String]] Array of currently valid check categories.
+    #
+    def list_vuln_categories
+      data = DataTable._get_dyn_table(self, '/data/vulnerability/categories/dyntable.xml?tableID=VulnCategorySynopsis')
+      data.map { |c| c['Category'] }
+    end
+
+    alias_method :vuln_categories, :list_vuln_categories
+
+    # Retrieve a list of the different vulnerability check types.
+    #
+    # @return [Array[String]] Array of currently valid check types.
+    #
+    def list_vuln_types
+      data = DataTable._get_dyn_table(self, '/ajax/vulnck_cat_synopsis.txml')
+      data.map { |c| c['Category'] }
+    end
+
+    alias_method :vuln_types, :list_vuln_types
+
     # Retrieve details for a vulnerability.
     #
     # @param [String] vuln_id Nexpose vulnerability ID, such as 'windows-duqu-cve-2011-3402'.
@@ -61,6 +84,21 @@ module Nexpose
         VulnCheck.new(vuln)
       end
     end
+
+    # Find vulnerabilities by date available in Nexpose.
+    # This is not the date the original vulnerability was published, but the
+    # date the check was made available in Nexpose.
+    #
+    # @param [String] from Vulnerability publish date in format YYYY-MM-DD.
+    # @param [String] to Vulnerability publish date in format YYYY-MM-DD.
+    # @return [Array[VulnSynopsis]] List of vulnerabilities published in
+    #   Nexpose between the provided dates.
+    #
+    def find_vulns_by_date(from, to = nil)
+      uri = "/ajax/vuln_synopsis.txml?addedMin=#{from}"
+      uri += "&addedMax=#{to}" if to
+      DataTable._get_dyn_table(self, uri).map { |v| VulnSynopsis.new(v) }
+    end
   end
 
   # Basic vulnerability information. Only includes ID, title, and severity.
@@ -86,7 +124,10 @@ module Nexpose
   class VulnCheck < Vulnerability
 
     attr_reader :check_id
+    # @return [Array[String]] Categories that this check is a member of.
+    #   Note that this is note the same as the categories from #list_vuln_categories.
     attr_reader :categories
+    # @return [String] Check type. @see #list_vuln_types
     attr_reader :check_type
 
     def initialize(json)
@@ -235,4 +276,24 @@ module Nexpose
       @malware = json['malwareCount']
     end
   end
+
+  # Vulnerability synopsis information pulled from AJAX requests.
+  # Data uses a numeric, console-specific vuln ID, which may need to be
+  # cross-referenced to the String ID to be used elsewhere.
+  #
+  class VulnSynopsis < VulnFinding
+
+    def initialize(hash)
+      @id = hash['Vuln ID'].to_i
+      @title = hash['Vulnerability']
+      @cvss_vector = hash['CVSS Base Vector']
+      @cvss_score = hash['CVSS Score'].to_f
+      @risk = hash['Risk'].to_f
+      @published = Time.at(hash['Published On'].to_i / 1000)
+      @severity = hash['Severity'].to_i
+      @instances = hash['Instances'].to_i
+      @exploit = hash['ExploitSource']
+      @malware = hash['MalwareSource'] == 'true'
+    end
+  end
 end

data/lib/nexpose/vuln_exception.rb

@@ -1,5 +1,6 @@
 module Nexpose
-  module NexposeAPI
+
+  class Connection
     include XMLUtils
 
     # Retrieve vulnerability exceptions.

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.5.2
+  version: 0.5.3
 platform: ruby
 authors:
 - HD Moore
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2013-09-19 00:00:00.000000000 Z
+date: 2013-09-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: librex