nexpose 0.9.8 → 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/Gemfile.lock +1 -1
- data/lib/nexpose.rb +8 -4
- data/lib/nexpose/ajax.rb +29 -4
- data/lib/nexpose/alert.rb +160 -177
- data/lib/nexpose/api.rb +18 -0
- data/lib/nexpose/common.rb +144 -10
- data/lib/nexpose/credential.rb +185 -1
- data/lib/nexpose/discovery.rb +141 -16
- data/lib/nexpose/discovery/filter.rb +26 -3
- data/lib/nexpose/engine.rb +16 -0
- data/lib/nexpose/json_serializer.rb +92 -0
- data/lib/nexpose/scan.rb +131 -23
- data/lib/nexpose/scan_template.rb +1 -1
- data/lib/nexpose/shared_secret.rb +31 -0
- data/lib/nexpose/site.rb +339 -317
- data/lib/nexpose/site_credentials.rb +178 -0
- data/lib/nexpose/tag.rb +42 -1
- data/lib/nexpose/util.rb +11 -16
- data/lib/nexpose/version.rb +1 -1
- data/lib/nexpose/wait.rb +103 -0
- data/lib/nexpose/web_credentials.rb +252 -0
- metadata +18 -8
- data/lib/nexpose/site_credential.rb +0 -323
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- HD Moore
|
@@ -13,22 +13,28 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
|
-
date: 2015-
|
16
|
+
date: 2015-04-08 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: rex
|
20
20
|
requirement: !ruby/object:Gem::Requirement
|
21
21
|
requirements:
|
22
|
-
- -
|
22
|
+
- - "~>"
|
23
|
+
- !ruby/object:Gem::Version
|
24
|
+
version: '2.0'
|
25
|
+
- - ">="
|
23
26
|
- !ruby/object:Gem::Version
|
24
|
-
version: 2.0.
|
27
|
+
version: 2.0.8
|
25
28
|
type: :runtime
|
26
29
|
prerelease: false
|
27
30
|
version_requirements: !ruby/object:Gem::Requirement
|
28
31
|
requirements:
|
29
|
-
- -
|
32
|
+
- - "~>"
|
33
|
+
- !ruby/object:Gem::Version
|
34
|
+
version: '2.0'
|
35
|
+
- - ">="
|
30
36
|
- !ruby/object:Gem::Version
|
31
|
-
version: 2.0.
|
37
|
+
version: 2.0.8
|
32
38
|
- !ruby/object:Gem::Dependency
|
33
39
|
name: bundler
|
34
40
|
requirement: !ruby/object:Gem::Requirement
|
@@ -169,6 +175,7 @@ files:
|
|
169
175
|
- lib/nexpose/filter.rb
|
170
176
|
- lib/nexpose/global_settings.rb
|
171
177
|
- lib/nexpose/group.rb
|
178
|
+
- lib/nexpose/json_serializer.rb
|
172
179
|
- lib/nexpose/maint.rb
|
173
180
|
- lib/nexpose/manage.rb
|
174
181
|
- lib/nexpose/multi_tenant_user.rb
|
@@ -179,10 +186,11 @@ files:
|
|
179
186
|
- lib/nexpose/scan.rb
|
180
187
|
- lib/nexpose/scan_template.rb
|
181
188
|
- lib/nexpose/shared_credential.rb
|
189
|
+
- lib/nexpose/shared_secret.rb
|
182
190
|
- lib/nexpose/silo.rb
|
183
191
|
- lib/nexpose/silo_profile.rb
|
184
192
|
- lib/nexpose/site.rb
|
185
|
-
- lib/nexpose/
|
193
|
+
- lib/nexpose/site_credentials.rb
|
186
194
|
- lib/nexpose/tag.rb
|
187
195
|
- lib/nexpose/tag/criteria.rb
|
188
196
|
- lib/nexpose/ticket.rb
|
@@ -192,6 +200,8 @@ files:
|
|
192
200
|
- lib/nexpose/vuln.rb
|
193
201
|
- lib/nexpose/vuln_def.rb
|
194
202
|
- lib/nexpose/vuln_exception.rb
|
203
|
+
- lib/nexpose/wait.rb
|
204
|
+
- lib/nexpose/web_credentials.rb
|
195
205
|
homepage: https://github.com/rapid7/nexpose-client
|
196
206
|
licenses:
|
197
207
|
- BSD
|
@@ -204,7 +214,7 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
204
214
|
requirements:
|
205
215
|
- - ">="
|
206
216
|
- !ruby/object:Gem::Version
|
207
|
-
version: '1
|
217
|
+
version: '2.1'
|
208
218
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
209
219
|
requirements:
|
210
220
|
- - ">="
|
@@ -1,323 +0,0 @@
|
|
1
|
-
module Nexpose
|
2
|
-
|
3
|
-
# Object that represents administrative credentials to be used
|
4
|
-
# during a scan. When retrieved from an existing site configuration
|
5
|
-
# the credentials will be returned as a security blob and can only
|
6
|
-
# be passed back as is during a Site Save operation. This object
|
7
|
-
# can only be used to create a new set of credentials.
|
8
|
-
#
|
9
|
-
class SiteCredential < Credential
|
10
|
-
include XMLUtils
|
11
|
-
|
12
|
-
|
13
|
-
# Security blob for an existing set of credentials
|
14
|
-
attr_accessor :blob
|
15
|
-
# The service for these credentials.
|
16
|
-
attr_accessor :service
|
17
|
-
# The host for these credentials.
|
18
|
-
attr_accessor :host
|
19
|
-
# The port on which to use these credentials.
|
20
|
-
attr_accessor :port
|
21
|
-
# The password
|
22
|
-
attr_accessor :password
|
23
|
-
# The realm for these credentials
|
24
|
-
attr_accessor :realm
|
25
|
-
# When using httpheaders, this represents the set of headers to pass
|
26
|
-
# with the authentication request.
|
27
|
-
attr_accessor :headers
|
28
|
-
# When using htmlforms, this represents the tho form to pass the
|
29
|
-
# authentication request to.
|
30
|
-
attr_accessor :html_forms
|
31
|
-
# The type of privilege escalation to use (sudo/su)
|
32
|
-
attr_accessor :priv_type
|
33
|
-
# The userid to use when escalating privileges (optional)
|
34
|
-
attr_accessor :priv_username
|
35
|
-
# The password to use when escalating privileges (optional)
|
36
|
-
attr_accessor :priv_password
|
37
|
-
# The authentication type to use with SNMP v3 credentials
|
38
|
-
attr_accessor :auth_type
|
39
|
-
# The privacy/encryption type to use with SNMP v3 credentials
|
40
|
-
attr_accessor :privacy_type
|
41
|
-
# The privacy/encryption pass phrase to use with SNMP v3 credentials
|
42
|
-
attr_accessor :privacy_password
|
43
|
-
|
44
|
-
# Permission elevation type. See Nexpose::Credential::ElevationType.
|
45
|
-
attr_accessor :privilege_type
|
46
|
-
# The User ID or Username
|
47
|
-
attr_accessor :username
|
48
|
-
alias :userid :username
|
49
|
-
alias :userid= :username=
|
50
|
-
|
51
|
-
|
52
|
-
def self.for_service(service, user, password, realm = nil, host = nil, port = nil)
|
53
|
-
cred = new
|
54
|
-
cred.service = service
|
55
|
-
cred.username = user
|
56
|
-
cred.password = password
|
57
|
-
cred.realm = realm
|
58
|
-
cred.host = host
|
59
|
-
cred.port = port
|
60
|
-
cred
|
61
|
-
end
|
62
|
-
|
63
|
-
# Sets privilege escalation credentials. Type should be either sudo/su.
|
64
|
-
def add_privilege_credentials(type, username, password)
|
65
|
-
@priv_type = type
|
66
|
-
@priv_username = username
|
67
|
-
@priv_password = password
|
68
|
-
end
|
69
|
-
|
70
|
-
def add_snmpv3_credentials(auth_type, privacy_type, privacy_password)
|
71
|
-
@auth_type = auth_type
|
72
|
-
@privacy_type = privacy_type
|
73
|
-
@privacy_password = privacy_password
|
74
|
-
end
|
75
|
-
|
76
|
-
def self.parse(xml)
|
77
|
-
cred = new
|
78
|
-
cred.service = xml.attributes['service']
|
79
|
-
cred.host = xml.attributes['host']
|
80
|
-
cred.port = xml.attributes['port']
|
81
|
-
cred.blob = xml.get_text
|
82
|
-
cred
|
83
|
-
end
|
84
|
-
|
85
|
-
def to_xml
|
86
|
-
to_xml_elem.to_s
|
87
|
-
end
|
88
|
-
|
89
|
-
def as_xml
|
90
|
-
attributes = {}
|
91
|
-
attributes['service'] = @service
|
92
|
-
attributes['userid'] = @username
|
93
|
-
attributes['password'] = @password
|
94
|
-
attributes['realm'] = @realm
|
95
|
-
attributes['host'] = @host
|
96
|
-
attributes['port'] = @port
|
97
|
-
|
98
|
-
attributes['privilegeelevationtype'] = @priv_type if @priv_type
|
99
|
-
attributes['privilegeelevationusername'] = @priv_username if @priv_username
|
100
|
-
attributes['privilegeelevationpassword'] = @priv_password if @priv_password
|
101
|
-
|
102
|
-
attributes['snmpv3authtype'] = @auth_type if @auth_type
|
103
|
-
attributes['snmpv3privtype'] = @privacy_type if @privacy_type
|
104
|
-
attributes['snmpv3privpassword'] = @privacy_password if @privacy_password
|
105
|
-
|
106
|
-
xml = make_xml('adminCredentials', attributes, blob)
|
107
|
-
xml.add_element(@headers.to_xml_elem) if @headers
|
108
|
-
xml.add_element(@html_forms.to_xml_elem) if @html_forms
|
109
|
-
xml
|
110
|
-
end
|
111
|
-
alias_method :to_xml_elem, :as_xml
|
112
|
-
|
113
|
-
include Comparable
|
114
|
-
|
115
|
-
def <=>(other)
|
116
|
-
to_xml <=> other.to_xml
|
117
|
-
end
|
118
|
-
|
119
|
-
def eql?(other)
|
120
|
-
to_xml == other.to_xml
|
121
|
-
end
|
122
|
-
|
123
|
-
def hash
|
124
|
-
to_xml.hash
|
125
|
-
end
|
126
|
-
|
127
|
-
end
|
128
|
-
|
129
|
-
# Object that represents Header name-value pairs, associated with Web Session Authentication.
|
130
|
-
#
|
131
|
-
class Header
|
132
|
-
include XMLUtils
|
133
|
-
|
134
|
-
# Name, one per Header
|
135
|
-
attr_reader :name
|
136
|
-
# Value, one per Header
|
137
|
-
attr_reader :value
|
138
|
-
|
139
|
-
# Construct with name value pair
|
140
|
-
def initialize(name, value)
|
141
|
-
@name = name
|
142
|
-
@value = value
|
143
|
-
end
|
144
|
-
|
145
|
-
def as_xml
|
146
|
-
attributes = {}
|
147
|
-
attributes['name'] = @name
|
148
|
-
attributes['value'] = @value
|
149
|
-
|
150
|
-
make_xml('Header', attributes)
|
151
|
-
end
|
152
|
-
alias_method :to_xml_elem, :as_xml
|
153
|
-
end
|
154
|
-
|
155
|
-
# Object that represents Headers, associated with Web Session Authentication.
|
156
|
-
#
|
157
|
-
class Headers
|
158
|
-
include XMLUtils
|
159
|
-
|
160
|
-
# A regular expression used to match against the response to identify authentication failures.
|
161
|
-
attr_reader :soft403
|
162
|
-
# Base URL of the application for which the form authentication applies.
|
163
|
-
attr_reader :webapproot
|
164
|
-
# When using HTTP headers, this represents the set of headers to pass with the authentication request.
|
165
|
-
attr_reader :headers
|
166
|
-
|
167
|
-
def initialize(webapproot, soft403)
|
168
|
-
@headers = []
|
169
|
-
@webapproot = webapproot
|
170
|
-
@soft403 = soft403
|
171
|
-
end
|
172
|
-
|
173
|
-
def add_header(header)
|
174
|
-
@headers.push(header)
|
175
|
-
end
|
176
|
-
|
177
|
-
def as_xml
|
178
|
-
attributes = {}
|
179
|
-
attributes['webapproot'] = @webapproot
|
180
|
-
attributes['soft403'] = @soft403
|
181
|
-
|
182
|
-
xml = make_xml('Headers', attributes)
|
183
|
-
@headers.each do |header|
|
184
|
-
xml.add_element(header.to_xml_elem)
|
185
|
-
end
|
186
|
-
xml
|
187
|
-
end
|
188
|
-
alias_method :to_xml_elem, :as_xml
|
189
|
-
|
190
|
-
end
|
191
|
-
|
192
|
-
# When using HTML form, this represents the login form information.
|
193
|
-
#
|
194
|
-
class Field
|
195
|
-
include XMLUtils
|
196
|
-
|
197
|
-
# The name of the HTML field (form parameter).
|
198
|
-
attr_reader :name
|
199
|
-
# The value of the HTML field (form parameter).
|
200
|
-
attr_reader :value
|
201
|
-
# The type of the HTML field (form parameter).
|
202
|
-
attr_reader :type
|
203
|
-
# Is the HTML field (form parameter) dynamically generated? If so,
|
204
|
-
# the login page is requested and the value of the field is extracted
|
205
|
-
# from the response.
|
206
|
-
attr_reader :dynamic
|
207
|
-
# If the HTML field (form parameter) is a radio button, checkbox or select
|
208
|
-
# field, this flag determines if the field should be checked (selected).
|
209
|
-
attr_reader :checked
|
210
|
-
|
211
|
-
def initialize(name, value, type, dynamic, checked)
|
212
|
-
@name = name
|
213
|
-
@value = value
|
214
|
-
@type = type
|
215
|
-
@dynamic = dynamic
|
216
|
-
@checked = checked
|
217
|
-
end
|
218
|
-
|
219
|
-
def as_xml
|
220
|
-
attributes = {}
|
221
|
-
attributes['name'] = @name
|
222
|
-
attributes['value'] = @value
|
223
|
-
attributes['type'] = @type
|
224
|
-
attributes['dynamic'] = @dynamic
|
225
|
-
attributes['checked'] = @checked
|
226
|
-
|
227
|
-
make_xml('Field', attributes)
|
228
|
-
end
|
229
|
-
alias_method :to_xml_elem, :as_xml
|
230
|
-
end
|
231
|
-
|
232
|
-
# When using HTML form, this represents the login form information.
|
233
|
-
#
|
234
|
-
class HTMLForm
|
235
|
-
include XMLUtils
|
236
|
-
|
237
|
-
# The name of the form being submitted.
|
238
|
-
attr_reader :name
|
239
|
-
# The HTTP action (URL) through which to submit the login form.
|
240
|
-
attr_reader :action
|
241
|
-
# The HTTP request method with which to submit the form.
|
242
|
-
attr_reader :method
|
243
|
-
# The HTTP encoding type with which to submit the form.
|
244
|
-
attr_reader :enctype
|
245
|
-
# The fields in the HTML Form
|
246
|
-
attr_reader :fields
|
247
|
-
|
248
|
-
def initialize(name, action, method, enctype)
|
249
|
-
@name = name
|
250
|
-
@action = action
|
251
|
-
@method = method
|
252
|
-
@enctype = enctype
|
253
|
-
@fields = []
|
254
|
-
end
|
255
|
-
|
256
|
-
def add_field(field)
|
257
|
-
@fields << field
|
258
|
-
end
|
259
|
-
|
260
|
-
def as_xml
|
261
|
-
attributes = {}
|
262
|
-
attributes['name'] = @name
|
263
|
-
attributes['action'] = @action
|
264
|
-
attributes['method'] = @method
|
265
|
-
attributes['enctype'] = @enctype
|
266
|
-
|
267
|
-
xml = make_xml('HTMLForm', attributes)
|
268
|
-
|
269
|
-
fields.each() do |field|
|
270
|
-
xml.add_element(field.to_xml_elem)
|
271
|
-
end
|
272
|
-
xml
|
273
|
-
end
|
274
|
-
alias_method :to_xml_elem, :as_xml
|
275
|
-
end
|
276
|
-
|
277
|
-
# When using HTML form, this represents the login form information.
|
278
|
-
#
|
279
|
-
class HTMLForms
|
280
|
-
include XMLUtils
|
281
|
-
|
282
|
-
# The URL of the login page containing the login form.
|
283
|
-
attr_reader :parentpage
|
284
|
-
# A regular expression used to match against the response to identify
|
285
|
-
# authentication failures.
|
286
|
-
attr_reader :soft403
|
287
|
-
# Base URL of the application for which the form authentication applies.
|
288
|
-
attr_reader :webapproot
|
289
|
-
# The forms to authenticate with
|
290
|
-
attr_reader :html_forms
|
291
|
-
|
292
|
-
def initialize(parentpage, soft403, webapproot)
|
293
|
-
@parentpage = parentpage
|
294
|
-
@soft403 = soft403
|
295
|
-
@webapproot = webapproot
|
296
|
-
@html_forms = []
|
297
|
-
end
|
298
|
-
|
299
|
-
def add_html_form(html_form)
|
300
|
-
@html_forms << html_form
|
301
|
-
end
|
302
|
-
|
303
|
-
def as_xml
|
304
|
-
attributes = {}
|
305
|
-
attributes['parentpage'] = @parentpage
|
306
|
-
attributes['soft403'] = @soft403
|
307
|
-
attributes['webapproot'] = @webapproot
|
308
|
-
|
309
|
-
xml = make_xml('HTMLForms', attributes)
|
310
|
-
|
311
|
-
html_forms.each() do |html_form|
|
312
|
-
xml.add_element(html_form.to_xml_elem)
|
313
|
-
end
|
314
|
-
xml
|
315
|
-
end
|
316
|
-
alias_method :to_xml_elem, :as_xml
|
317
|
-
end
|
318
|
-
|
319
|
-
# When using ssh-key, this represents the PEM-format key-pair information.
|
320
|
-
class PEMKey
|
321
|
-
# TODO
|
322
|
-
end
|
323
|
-
end
|