nexpose 0.8.3 → 0.8.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: ef26ec8744d21085dbb8b96509cc0f4b339ca7a7
4
- data.tar.gz: 75abb058fee789fec9ded99082b6465a93fff39f
3
+ metadata.gz: dba4421357b0475f091f72cd2fd61ced926fb6ad
4
+ data.tar.gz: e7d37e55dcf159045a3249932c9dfa426e8f0705
5
5
  SHA512:
6
- metadata.gz: 34cb580b9d69d3211513d3d5be0b58afe0e62b63278326adc8435c912aa7d09d2f984452bd458e7727589c1263ab204c073b0150f9c4c6b11d0e8c9da9777258
7
- data.tar.gz: f79b3341e2536410659de763012473fd45a4fd23ec53db78e8d9e1ab444be7e650e52619caf5d74d8a2250749e9e493092b1e4a5740fbb0e93f53c6aafacae35
6
+ metadata.gz: abdef9b08034c3fce94402180e33af5dc7c01a05c4a48bb8a8a877e21f8599a19abfc0710fea5b22a5562ae24884198ebaaa4b19849e6b7e3cdf2713bc4adf14
7
+ data.tar.gz: 12f470900347b5cac2927cf3138f561f110fdab1246b232dd12dd1167035fd872db9dc9fcab2d87282c9ac8e71345dda73b2f8d76c0ac3e1b618eecadf081257
data/lib/nexpose.rb CHANGED
@@ -3,7 +3,7 @@
3
3
  #
4
4
  =begin
5
5
 
6
- Copyright (C) 2009-2013, Rapid7 LLC
6
+ Copyright (C) 2009-2014, Rapid7 LLC
7
7
  All rights reserved.
8
8
 
9
9
  Redistribution and use in source and binary forms, with or without modification,
data/lib/nexpose/ajax.rb CHANGED
@@ -110,7 +110,7 @@ module Nexpose
110
110
  # @param [Hash] parameters Hash of attributes that need to be sent
111
111
  # to the controller.
112
112
  # @return [Hash] The parameterized URI.
113
-
113
+ #
114
114
  def parameterize_uri(uri, parameters)
115
115
  params = Hash.try_convert(parameters)
116
116
  unless params.nil? || params.empty?
data/lib/nexpose/scan.rb CHANGED
@@ -209,6 +209,101 @@ module Nexpose
209
209
  end
210
210
  end
211
211
 
212
+ # Export the data associated with a single scan, and optionally store it in
213
+ # a zip-compressed file under the provided name.
214
+ #
215
+ # @param [Fixnum] scan_id Scan ID to remove data for.
216
+ # @param [String] zip_file Filename to export scan data to.
217
+ # @return [Fixnum] On success, returned the number of bytes written to
218
+ # zip_file, if provided. Otherwise, returns raw ZIP binary data.
219
+ #
220
+ def export_scan(scan_id, zip_file = nil)
221
+ http = AJAX._https(self)
222
+ headers = { 'Cookie' => "nexposeCCSessionID=#{@session_id}",
223
+ 'Accept-Encoding' => 'identity' }
224
+ resp = http.get("/data/scan/#{scan_id}/export", headers)
225
+
226
+ case resp
227
+ when Net::HTTPSuccess
228
+ if zip_file
229
+ File.open(zip_file, 'wb') { |file| file.write(resp.body) }
230
+ else
231
+ resp.body
232
+ end
233
+ when Net::HTTPForbidden
234
+ raise Nexpose::PermissionError.new(resp)
235
+ else
236
+ raise Nexpose::APIError.new(resp, "#{resp.class}: Unrecognized response.")
237
+ end
238
+ end
239
+
240
+ # Import scan data into a site. WARNING: Experimental!
241
+ #
242
+ # This code currently depends on a gem not in the gemspec. In order to use
243
+ # this method, you will need to add the following line to your script:
244
+ # require 'rest-client'
245
+ #
246
+ # This method is designed to work with export_scan to migrate scan data
247
+ # from one console to another. This method will import the data as if run
248
+ # from a local scan engine.
249
+ #
250
+ # Scan importing is restricted to only importing scans in chronological
251
+ # order. It assumes that it is the latest scan for a given site, and will
252
+ # abort if attempting to import an older scan.
253
+ #
254
+ # @param [Fixnum] site_id Site ID of the site to import the scan into.
255
+ # @param [String] zip_file Path to a previously exported scan archive.
256
+ # @return [String] An empty string on success.
257
+ #
258
+ def import_scan(site_id, zip_file)
259
+
260
+ # ## Ideally, this code should not depend upon rest-client, but should be
261
+ # # able to use the Rex library to generate the MIME message. I haven't
262
+ # # been able to figure out how, though. Leaving it here, commented out,
263
+ # # pending discovery of what to do.
264
+
265
+ # data = Rex::MIME::Message.new
266
+ # data.add_part(site_id.to_s, nil, nil, 'form-data; name="siteid"')
267
+ # data.add_part(self.session_id, nil, nil, 'form-data; name="nexposeCCSessionID"')
268
+
269
+ # scan = File.new(zip_file, 'rb')
270
+ # data.add_part(scan.read, 'application/zip', nil,
271
+ # "form-data; name=\"scan\"; filename=\"#{zip_file}\"")
272
+
273
+ # post = Net::HTTP::Post.new('/data/scan/import')
274
+ # ## rex 2.0.3 has a bug that requires this monkey-patch for Message#to_s
275
+ # # class String
276
+ # # def blank?
277
+ # # self !~ /\S/
278
+ # # end
279
+ # # end
280
+ # post.body = data.to_s
281
+ # post.set_content_type("multipart/form-data; boundary=#{data.bound}")
282
+ # AJAX._headers(nsc, post)
283
+
284
+ # http = AJAX._https(nsc)
285
+ # http.request(post)
286
+
287
+ scan = File.new(zip_file, 'rb')
288
+ url = "https://#{self.host}:#{self.port}/data/scan/import"
289
+ payload = { :siteid => site_id,
290
+ :scan => scan,
291
+ 'nexposeCCSessionID' => self.session_id }
292
+ request = RestClient::Request.new(:method => :post,
293
+ :url => url,
294
+ :verify_ssl => OpenSSL::SSL::VERIFY_NONE,
295
+ :payload => payload,
296
+ :cookies => { 'nexposeCCSessionID' => self.session_id })
297
+
298
+ begin
299
+ request.execute
300
+ rescue RestClient::Forbidden => fourOhThree
301
+ raise Nexpose::PermissionError.new(fourOhThree)
302
+ rescue RestClient::InternalServerError => e
303
+ raise Nexpose::APIError.new(request, e)
304
+ end
305
+ end
306
+
212
307
  # Delete a scan and all its data from a console.
213
308
  # Warning, this method is destructive and not guaranteed to leave a site
214
309
  # in a valid state. DBCC may need to be run to correct missing or empty
@@ -146,6 +146,20 @@ module Nexpose
146
146
  gen.attributes['disableWebSpider'] = enable ? '0' : '1'
147
147
  end
148
148
 
149
+ # Adjust the number of threads to use per scan engine for this template
150
+ # @param [Integer] threads the number of threads to use per engine
151
+ def scan_threads=(threads)
152
+ scan_threads = REXML::XPath.first(@xml, 'ScanTemplate/General/scanThreads')
153
+ scan_threads.text = threads.to_s
154
+ end
155
+
156
+ # Adjust the number of threads to use per asset for this template
157
+ # @param [Integer] threads the number of threads to use per asset
158
+ def host_threads=(threads)
159
+ host_threads = REXML::XPath.first(@xml, 'ScanTemplate/General/hostThreads')
160
+ host_threads.text = threads.to_s
161
+ end
162
+
149
163
  # Add custom TCP ports to scan for services
150
164
  # @param [Array] ports to scan
151
165
  def tcp_service_ports=(ports)
@@ -159,7 +159,7 @@ module Nexpose
159
159
 
160
160
  unless @global_scan_engines.empty?
161
161
  engines = xml.add_element('GlobalScanEngines')
162
- @global_report_templates.each do |engine|
162
+ @global_scan_engines.each do |engine|
163
163
  engines.add_element('GlobalScanEngine', {'name' => engine})
164
164
  end
165
165
  end
data/lib/nexpose/site.rb CHANGED
@@ -414,7 +414,7 @@ module Nexpose
414
414
  # ## TODO What is returned on failure?
415
415
  #
416
416
  def self.parse(rexml)
417
- rexml.elements.each('SiteConfigResponse/Site') do |s|
417
+ rexml.elements.each('//Site') do |s|
418
418
  site = Site.new(s.attributes['name'])
419
419
  site.id = s.attributes['id'].to_i
420
420
  site.description = s.attributes['description']
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.3
4
+ version: 0.8.4
5
5
  platform: ruby
6
6
  authors:
7
7
  - HD Moore
@@ -11,28 +11,28 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2014-08-08 00:00:00.000000000 Z
14
+ date: 2014-10-01 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
- name: librex
17
+ name: rex
18
18
  requirement: !ruby/object:Gem::Requirement
19
19
  requirements:
20
20
  - - "~>"
21
21
  - !ruby/object:Gem::Version
22
- version: '0.0'
22
+ version: 2.0.3
23
23
  - - ">="
24
24
  - !ruby/object:Gem::Version
25
- version: 0.0.68
25
+ version: 2.0.3
26
26
  type: :runtime
27
27
  prerelease: false
28
28
  version_requirements: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - "~>"
31
31
  - !ruby/object:Gem::Version
32
- version: '0.0'
32
+ version: 2.0.3
33
33
  - - ">="
34
34
  - !ruby/object:Gem::Version
35
- version: 0.0.68
35
+ version: 2.0.3
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: nokogiri
38
38
  requirement: !ruby/object:Gem::Requirement
@@ -131,4 +131,3 @@ signing_key:
131
131
  specification_version: 4
132
132
  summary: Ruby API for Rapid7 Nexpose
133
133
  test_files: []
134
- has_rdoc: