nexpose 0.8.3 → 0.8.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/nexpose.rb +1 -1
- data/lib/nexpose/ajax.rb +1 -1
- data/lib/nexpose/scan.rb +95 -0
- data/lib/nexpose/scan_template.rb +14 -0
- data/lib/nexpose/silo_profile.rb +1 -1
- data/lib/nexpose/site.rb +1 -1
- metadata +7 -8
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: dba4421357b0475f091f72cd2fd61ced926fb6ad
|
|
4
|
+
data.tar.gz: e7d37e55dcf159045a3249932c9dfa426e8f0705
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: abdef9b08034c3fce94402180e33af5dc7c01a05c4a48bb8a8a877e21f8599a19abfc0710fea5b22a5562ae24884198ebaaa4b19849e6b7e3cdf2713bc4adf14
|
|
7
|
+
data.tar.gz: 12f470900347b5cac2927cf3138f561f110fdab1246b232dd12dd1167035fd872db9dc9fcab2d87282c9ac8e71345dda73b2f8d76c0ac3e1b618eecadf081257
|
data/lib/nexpose.rb
CHANGED
data/lib/nexpose/ajax.rb
CHANGED
|
@@ -110,7 +110,7 @@ module Nexpose
|
|
|
110
110
|
# @param [Hash] parameters Hash of attributes that need to be sent
|
|
111
111
|
# to the controller.
|
|
112
112
|
# @return [Hash] The parameterized URI.
|
|
113
|
-
|
|
113
|
+
#
|
|
114
114
|
def parameterize_uri(uri, parameters)
|
|
115
115
|
params = Hash.try_convert(parameters)
|
|
116
116
|
unless params.nil? || params.empty?
|
data/lib/nexpose/scan.rb
CHANGED
|
@@ -209,6 +209,101 @@ module Nexpose
|
|
|
209
209
|
end
|
|
210
210
|
end
|
|
211
211
|
|
|
212
|
+
# Export the data associated with a single scan, and optionally store it in
|
|
213
|
+
# a zip-compressed file under the provided name.
|
|
214
|
+
#
|
|
215
|
+
# @param [Fixnum] scan_id Scan ID to remove data for.
|
|
216
|
+
# @param [String] zip_file Filename to export scan data to.
|
|
217
|
+
# @return [Fixnum] On success, returned the number of bytes written to
|
|
218
|
+
# zip_file, if provided. Otherwise, returns raw ZIP binary data.
|
|
219
|
+
#
|
|
220
|
+
def export_scan(scan_id, zip_file = nil)
|
|
221
|
+
http = AJAX._https(self)
|
|
222
|
+
headers = { 'Cookie' => "nexposeCCSessionID=#{@session_id}",
|
|
223
|
+
'Accept-Encoding' => 'identity' }
|
|
224
|
+
resp = http.get("/data/scan/#{scan_id}/export", headers)
|
|
225
|
+
|
|
226
|
+
case resp
|
|
227
|
+
when Net::HTTPSuccess
|
|
228
|
+
if zip_file
|
|
229
|
+
File.open(zip_file, 'wb') { |file| file.write(resp.body) }
|
|
230
|
+
else
|
|
231
|
+
resp.body
|
|
232
|
+
end
|
|
233
|
+
when Net::HTTPForbidden
|
|
234
|
+
raise Nexpose::PermissionError.new(resp)
|
|
235
|
+
else
|
|
236
|
+
raise Nexpose::APIError.new(resp, "#{resp.class}: Unrecognized response.")
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
|
|
240
|
+
# Import scan data into a site. WARNING: Experimental!
|
|
241
|
+
#
|
|
242
|
+
# This code currently depends on a gem not in the gemspec. In order to use
|
|
243
|
+
# this method, you will need to add the following line to your script:
|
|
244
|
+
# require 'rest-client'
|
|
245
|
+
#
|
|
246
|
+
# This method is designed to work with export_scan to migrate scan data
|
|
247
|
+
# from one console to another. This method will import the data as if run
|
|
248
|
+
# from a local scan engine.
|
|
249
|
+
#
|
|
250
|
+
# Scan importing is restricted to only importing scans in chronological
|
|
251
|
+
# order. It assumes that it is the latest scan for a given site, and will
|
|
252
|
+
# abort if attempting to import an older scan.
|
|
253
|
+
#
|
|
254
|
+
# @param [Fixnum] site_id Site ID of the site to import the scan into.
|
|
255
|
+
# @param [String] zip_file Path to a previously exported scan archive.
|
|
256
|
+
# @return [String] An empty string on success.
|
|
257
|
+
#
|
|
258
|
+
def import_scan(site_id, zip_file)
|
|
259
|
+
|
|
260
|
+
# ## Ideally, this code should not depend upon rest-client, but should be
|
|
261
|
+
# # able to use the Rex library to generate the MIME message. I haven't
|
|
262
|
+
# # been able to figure out how, though. Leaving it here, commented out,
|
|
263
|
+
# # pending discovery of what to do.
|
|
264
|
+
|
|
265
|
+
# data = Rex::MIME::Message.new
|
|
266
|
+
# data.add_part(site_id.to_s, nil, nil, 'form-data; name="siteid"')
|
|
267
|
+
# data.add_part(self.session_id, nil, nil, 'form-data; name="nexposeCCSessionID"')
|
|
268
|
+
|
|
269
|
+
# scan = File.new(zip_file, 'rb')
|
|
270
|
+
# data.add_part(scan.read, 'application/zip', nil,
|
|
271
|
+
# "form-data; name=\"scan\"; filename=\"#{zip_file}\"")
|
|
272
|
+
|
|
273
|
+
# post = Net::HTTP::Post.new('/data/scan/import')
|
|
274
|
+
# ## rex 2.0.3 has a bug that requires this monkey-patch for Message#to_s
|
|
275
|
+
# # class String
|
|
276
|
+
# # def blank?
|
|
277
|
+
# # self !~ /\S/
|
|
278
|
+
# # end
|
|
279
|
+
# # end
|
|
280
|
+
# post.body = data.to_s
|
|
281
|
+
# post.set_content_type("multipart/form-data; boundary=#{data.bound}")
|
|
282
|
+
# AJAX._headers(nsc, post)
|
|
283
|
+
|
|
284
|
+
# http = AJAX._https(nsc)
|
|
285
|
+
# http.request(post)
|
|
286
|
+
|
|
287
|
+
scan = File.new(zip_file, 'rb')
|
|
288
|
+
url = "https://#{self.host}:#{self.port}/data/scan/import"
|
|
289
|
+
payload = { :siteid => site_id,
|
|
290
|
+
:scan => scan,
|
|
291
|
+
'nexposeCCSessionID' => self.session_id }
|
|
292
|
+
request = RestClient::Request.new(:method => :post,
|
|
293
|
+
:url => url,
|
|
294
|
+
:verify_ssl => OpenSSL::SSL::VERIFY_NONE,
|
|
295
|
+
:payload => payload,
|
|
296
|
+
:cookies => { 'nexposeCCSessionID' => self.session_id })
|
|
297
|
+
|
|
298
|
+
begin
|
|
299
|
+
request.execute
|
|
300
|
+
rescue RestClient::Forbidden => fourOhThree
|
|
301
|
+
raise Nexpose::PermissionError.new(fourOhThree)
|
|
302
|
+
rescue RestClient::InternalServerError => e
|
|
303
|
+
raise Nexpose::APIError.new(request, e)
|
|
304
|
+
end
|
|
305
|
+
end
|
|
306
|
+
|
|
212
307
|
# Delete a scan and all its data from a console.
|
|
213
308
|
# Warning, this method is destructive and not guaranteed to leave a site
|
|
214
309
|
# in a valid state. DBCC may need to be run to correct missing or empty
|
|
@@ -146,6 +146,20 @@ module Nexpose
|
|
|
146
146
|
gen.attributes['disableWebSpider'] = enable ? '0' : '1'
|
|
147
147
|
end
|
|
148
148
|
|
|
149
|
+
# Adjust the number of threads to use per scan engine for this template
|
|
150
|
+
# @param [Integer] threads the number of threads to use per engine
|
|
151
|
+
def scan_threads=(threads)
|
|
152
|
+
scan_threads = REXML::XPath.first(@xml, 'ScanTemplate/General/scanThreads')
|
|
153
|
+
scan_threads.text = threads.to_s
|
|
154
|
+
end
|
|
155
|
+
|
|
156
|
+
# Adjust the number of threads to use per asset for this template
|
|
157
|
+
# @param [Integer] threads the number of threads to use per asset
|
|
158
|
+
def host_threads=(threads)
|
|
159
|
+
host_threads = REXML::XPath.first(@xml, 'ScanTemplate/General/hostThreads')
|
|
160
|
+
host_threads.text = threads.to_s
|
|
161
|
+
end
|
|
162
|
+
|
|
149
163
|
# Add custom TCP ports to scan for services
|
|
150
164
|
# @param [Array] ports to scan
|
|
151
165
|
def tcp_service_ports=(ports)
|
data/lib/nexpose/silo_profile.rb
CHANGED
|
@@ -159,7 +159,7 @@ module Nexpose
|
|
|
159
159
|
|
|
160
160
|
unless @global_scan_engines.empty?
|
|
161
161
|
engines = xml.add_element('GlobalScanEngines')
|
|
162
|
-
@
|
|
162
|
+
@global_scan_engines.each do |engine|
|
|
163
163
|
engines.add_element('GlobalScanEngine', {'name' => engine})
|
|
164
164
|
end
|
|
165
165
|
end
|
data/lib/nexpose/site.rb
CHANGED
|
@@ -414,7 +414,7 @@ module Nexpose
|
|
|
414
414
|
# ## TODO What is returned on failure?
|
|
415
415
|
#
|
|
416
416
|
def self.parse(rexml)
|
|
417
|
-
rexml.elements.each('
|
|
417
|
+
rexml.elements.each('//Site') do |s|
|
|
418
418
|
site = Site.new(s.attributes['name'])
|
|
419
419
|
site.id = s.attributes['id'].to_i
|
|
420
420
|
site.description = s.attributes['description']
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: nexpose
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.8.
|
|
4
|
+
version: 0.8.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- HD Moore
|
|
@@ -11,28 +11,28 @@ authors:
|
|
|
11
11
|
autorequire:
|
|
12
12
|
bindir: bin
|
|
13
13
|
cert_chain: []
|
|
14
|
-
date: 2014-
|
|
14
|
+
date: 2014-10-01 00:00:00.000000000 Z
|
|
15
15
|
dependencies:
|
|
16
16
|
- !ruby/object:Gem::Dependency
|
|
17
|
-
name:
|
|
17
|
+
name: rex
|
|
18
18
|
requirement: !ruby/object:Gem::Requirement
|
|
19
19
|
requirements:
|
|
20
20
|
- - "~>"
|
|
21
21
|
- !ruby/object:Gem::Version
|
|
22
|
-
version:
|
|
22
|
+
version: 2.0.3
|
|
23
23
|
- - ">="
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version:
|
|
25
|
+
version: 2.0.3
|
|
26
26
|
type: :runtime
|
|
27
27
|
prerelease: false
|
|
28
28
|
version_requirements: !ruby/object:Gem::Requirement
|
|
29
29
|
requirements:
|
|
30
30
|
- - "~>"
|
|
31
31
|
- !ruby/object:Gem::Version
|
|
32
|
-
version:
|
|
32
|
+
version: 2.0.3
|
|
33
33
|
- - ">="
|
|
34
34
|
- !ruby/object:Gem::Version
|
|
35
|
-
version:
|
|
35
|
+
version: 2.0.3
|
|
36
36
|
- !ruby/object:Gem::Dependency
|
|
37
37
|
name: nokogiri
|
|
38
38
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -131,4 +131,3 @@ signing_key:
|
|
|
131
131
|
specification_version: 4
|
|
132
132
|
summary: Ruby API for Rapid7 Nexpose
|
|
133
133
|
test_files: []
|
|
134
|
-
has_rdoc:
|