nexpose 0.8.7 → 0.8.8

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 4a34cdeb971857fcd6f7de262b1cd30823039f96
4
- data.tar.gz: 3cca7ce023e3826cef57e3ddd41280b20af48a8e
3
+ metadata.gz: 0895452fa39e68f031ad27edc40a94cef8337730
4
+ data.tar.gz: 051981f1f5ef5a0e04977c3a7f5bc1447b2cee3c
5
5
  SHA512:
6
- metadata.gz: d281a778836d4a11e1726dc8bd9c570025279cef9cf70f6ef056451ea45c995179f59d87abb648b3c4b22be4bd166c0bcd0052ed7b661c78e1bf7462c5cef729
7
- data.tar.gz: 47d847fbba3c67b893a033bc56ffd25cc9b6c57edcdbb07d015959109da46fa199d5e0fa16eb8d2c9e438c8a42da9d423b830d86cf7da24d0690079ba06160be
6
+ metadata.gz: 9ebb703fbacc51a22fc0d60e18b1ac063fe853406b22c6ee2b7b3d77b0f9feda1e2441f07d0cb8b5dfeb8cb96937451cc94a5088e24485a34a7e078a98d37187
7
+ data.tar.gz: 4f7c7f467df77177e2762f5bf927548fe67e70c641855e7108a0219e1761bb9f1996664862edaaeb2a017ebd3df252bccfaf71163ba80053a9147dd609b030b9
@@ -28,13 +28,19 @@ module Nexpose
28
28
  # 'table-id' => 'site-assets',
29
29
  # 'siteID' => site_id })
30
30
  #
31
- def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil)
31
+ def _get_json_table(console, address, parameters = {}, page_size = 500, records = nil, post = true)
32
32
  parameters['dir'] = 'DESC'
33
33
  parameters['startIndex'] = -1
34
34
  parameters['results'] = -1
35
35
 
36
- post = AJAX.form_post(console, address, parameters)
37
- data = JSON.parse(post)
36
+ if post
37
+ request = lambda { |p| AJAX.form_post(console, address, p) }
38
+ else
39
+ request = lambda { |p| AJAX.get(console, address.dup, AJAX::CONTENT_TYPE::JSON, p) }
40
+ end
41
+
42
+ response = request.(parameters)
43
+ data = JSON.parse(response)
38
44
  total = records || data['totalRecords']
39
45
  return [] if total == 0
40
46
 
@@ -43,7 +49,7 @@ module Nexpose
43
49
  while rows.length < total
44
50
  parameters['startIndex'] = rows.length
45
51
 
46
- data = JSON.parse(AJAX.form_post(console, address, parameters))
52
+ data = JSON.parse(request.(parameters))
47
53
  rows.concat data['records']
48
54
  end
49
55
  rows
@@ -58,6 +58,10 @@ module Nexpose
58
58
  # Valid Operators: IS, IS_NOT, STARTS_WITH, ENDS_WITH, CONTAINS, NOT_CONTAINS
59
59
  ASSET = 'ASSET'
60
60
 
61
+ # Search for an Asset by CVE ID
62
+ # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS
63
+ CVE_ID = 'CVE_ID'
64
+
61
65
  # Valid Operators: IS, IS_NOT
62
66
  # Valid Values (See Value::AccessComplexity): LOW, MEDIUM, HIGH
63
67
  CVSS_ACCESS_COMPLEXITY = 'CVSS_ACCESS_COMPLEXITY'
@@ -158,6 +162,10 @@ module Nexpose
158
162
  # Valid Operators: INCLUDE, DO_NOT_INCLUDE
159
163
  # Valid Values (See Value::VulnerabilityExposure): MALWARE, METASPLOIT, DATABASE
160
164
  VULNERABILITY_EXPOSURES = 'VULNERABILITY_EXPOSURES'
165
+
166
+ # Search by VULNERABILITY CATEGORY
167
+ # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS, STARTS_WITH, ENDS_WITH
168
+ VULN_CATEGORY = 'VULN_CATEGORY'
161
169
  end
162
170
 
163
171
  # List of acceptable operators. Not all fields accept all operators.
@@ -36,7 +36,7 @@ module Nexpose
36
36
  attr_reader :scope
37
37
 
38
38
  def initialize(id, name, scope = 'silo')
39
- @id = id
39
+ @id = id.to_i
40
40
  @name = name
41
41
  @scope = scope
42
42
  end
@@ -166,7 +166,7 @@ module Nexpose
166
166
  #
167
167
  def resume_scan(scan_id)
168
168
  r = execute(make_xml('ScanResumeRequest', { 'scan-id' => scan_id }), '1.1', timeout: 60)
169
- r.success ? r.attributes['success'] : nil
169
+ r.success ? r.attributes['success'] == '1' : false
170
170
  end
171
171
 
172
172
  # Pauses a scan.
@@ -175,7 +175,25 @@ module Nexpose
175
175
  #
176
176
  def pause_scan(scan_id)
177
177
  r = execute(make_xml('ScanPauseRequest', { 'scan-id' => scan_id }))
178
- r.success ? r.attributes['success'] : nil
178
+ r.success ? r.attributes['success'] == '1' : false
179
+ end
180
+
181
+ # Retrieve a list of current scan activities across all Scan Engines
182
+ # managed by Nexpose. This method returns lighter weight objects than
183
+ # scan_activity.
184
+ #
185
+ # @return [Array[ScanData]] Array of ScanData objects associated with
186
+ # each active scan on the engines.
187
+ #
188
+ def activity
189
+ r = execute(make_xml('ScanActivityRequest'))
190
+ res = []
191
+ if r.success
192
+ r.res.elements.each('//ScanSummary') do |scan|
193
+ res << ScanData.parse(scan)
194
+ end
195
+ end
196
+ res
179
197
  end
180
198
 
181
199
  # Retrieve a list of current scan activities across all Scan Engines
@@ -293,9 +311,11 @@ module Nexpose
293
311
  end
294
312
  end
295
313
 
296
- # Object that represents a summary of a scan.
314
+ # Minimal scan data object.
315
+ # Unlike ScanSummary, these objects don't collect vulnerability data, which
316
+ # can be rather verbose and isn't useful for many automation scenarios.
297
317
  #
298
- class ScanSummary
318
+ class ScanData
299
319
 
300
320
  # The Scan ID of the Scan
301
321
  attr_reader :scan_id
@@ -311,6 +331,40 @@ module Nexpose
311
331
  # One of: running|finished|stopped|error|dispatched|paused|aborted|uknown
312
332
  attr_reader :status
313
333
 
334
+ # Constructor
335
+ def initialize(scan_id, site_id, engine_id, status, start_time, end_time)
336
+ @scan_id, @site_id, @engine_id, @status, @start_time, @end_time = scan_id, site_id, engine_id, status, start_time, end_time
337
+ end
338
+ def self.parse(xml)
339
+ # Start time can be empty in some error conditions.
340
+ start_time = nil
341
+ unless xml.attributes['startTime'] == ''
342
+ start_time = DateTime.parse(xml.attributes['startTime'].to_s).to_time
343
+ # Timestamp is UTC, but parsed as local time.
344
+ start_time -= start_time.gmt_offset
345
+ end
346
+
347
+ # End time is often not present, since reporting on running scans.
348
+ end_time = nil
349
+ if xml.attributes['endTime']
350
+ end_time = DateTime.parse(xml.attributes['endTime'].to_s).to_time
351
+ # Timestamp is UTC, but parsed as local time.
352
+ end_time -= end_time.gmt_offset
353
+ end
354
+
355
+ ScanData.new(xml.attributes['scan-id'].to_i,
356
+ xml.attributes['site-id'].to_i,
357
+ xml.attributes['engine-id'].to_i,
358
+ xml.attributes['status'],
359
+ start_time,
360
+ end_time)
361
+ end
362
+ end
363
+
364
+ # Object that represents a summary of a scan.
365
+ #
366
+ class ScanSummary < ScanData
367
+
314
368
  # The reason the scan was stopped or failed, if applicable.
315
369
  attr_reader :message
316
370
 
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexpose
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.8.7
4
+ version: 0.8.8
5
5
  platform: ruby
6
6
  authors:
7
7
  - HD Moore
@@ -11,7 +11,7 @@ authors:
11
11
  autorequire:
12
12
  bindir: bin
13
13
  cert_chain: []
14
- date: 2014-10-14 00:00:00.000000000 Z
14
+ date: 2014-10-17 00:00:00.000000000 Z
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
17
17
  name: rex
@@ -19,20 +19,20 @@ dependencies:
19
19
  requirements:
20
20
  - - "~>"
21
21
  - !ruby/object:Gem::Version
22
- version: 2.0.3
22
+ version: 2.0.4
23
23
  - - ">="
24
24
  - !ruby/object:Gem::Version
25
- version: 2.0.3
25
+ version: 2.0.4
26
26
  type: :runtime
27
27
  prerelease: false
28
28
  version_requirements: !ruby/object:Gem::Requirement
29
29
  requirements:
30
30
  - - "~>"
31
31
  - !ruby/object:Gem::Version
32
- version: 2.0.3
32
+ version: 2.0.4
33
33
  - - ">="
34
34
  - !ruby/object:Gem::Version
35
- version: 2.0.3
35
+ version: 2.0.4
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: nokogiri
38
38
  requirement: !ruby/object:Gem::Requirement