nexpose 6.1.1 → 7.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +772 -0
- data/COPYING +27 -31
- data/Gemfile.lock +72 -30
- data/README.markdown +3 -1
- data/Rakefile +9 -0
- data/lib/nexpose.rb +1 -0
- data/lib/nexpose/ajax.rb +8 -6
- data/lib/nexpose/api_request.rb +27 -26
- data/lib/nexpose/connection.rb +28 -20
- data/lib/nexpose/credential.rb +16 -218
- data/lib/nexpose/credential_helper.rb +169 -0
- data/lib/nexpose/dag.rb +3 -3
- data/lib/nexpose/filter.rb +3 -1
- data/lib/nexpose/scan.rb +5 -1
- data/lib/nexpose/shared_credential.rb +13 -5
- data/lib/nexpose/site_credentials.rb +55 -9
- data/lib/nexpose/version.rb +1 -1
- metadata +32 -2
data/lib/nexpose/filter.rb
CHANGED
@@ -100,7 +100,7 @@ module Nexpose
|
|
100
100
|
# Valid Values (See Value::IPType): IPv4, IPv6
|
101
101
|
IP_ALT_ADDRESS_TYPE = 'IP_ALT_ADDRESS_TYPE'
|
102
102
|
|
103
|
-
# Valid Operators: IS, IS_NOT, IN_RANGE, NOT_IN_RANGE, IN, NOT_IN
|
103
|
+
# Valid Operators: IS, IS_NOT, IN_RANGE, NOT_IN_RANGE, IN, NOT_IN, LIKE, NOT_LIKE
|
104
104
|
IP_ADDRESS = 'IP_RANGE'
|
105
105
|
IP_RANGE = IP_ADDRESS
|
106
106
|
|
@@ -197,6 +197,8 @@ module Nexpose
|
|
197
197
|
DO_NOT_INCLUDE = 'DO_NOT_INCLUDE'
|
198
198
|
IS_APPLIED = 'IS_APPLIED'
|
199
199
|
IS_NOT_APPLIED = 'IS_NOT_APPLIED'
|
200
|
+
LIKE = 'LIKE'
|
201
|
+
NOT_LIKE = 'NOT_LIKE'
|
200
202
|
end
|
201
203
|
|
202
204
|
# Specialized values used by certain search fields
|
data/lib/nexpose/scan.rb
CHANGED
@@ -235,7 +235,7 @@ module Nexpose
|
|
235
235
|
xml.add_element('range', 'from' => asset.from, 'to' => asset.to)
|
236
236
|
else # Assume HostName
|
237
237
|
host = REXML::Element.new('host')
|
238
|
-
host.text = asset
|
238
|
+
host.text = asset
|
239
239
|
xml.add_element(host)
|
240
240
|
end
|
241
241
|
end
|
@@ -769,6 +769,8 @@ module Nexpose
|
|
769
769
|
attr_reader :type
|
770
770
|
# Name of the engine where the scan was run. Not the unique ID.
|
771
771
|
attr_reader :engine_name
|
772
|
+
# Name of the scan that was assigned.
|
773
|
+
attr_reader :scan_name
|
772
774
|
|
773
775
|
# Internal constructor to be called by #parse_json.
|
774
776
|
def initialize(&block)
|
@@ -790,6 +792,7 @@ module Nexpose
|
|
790
792
|
@risk_score = json['riskScore']
|
791
793
|
@type = json['startedByCD'] == 'S' ? :scheduled : :manual
|
792
794
|
@engine_name = json['scanEngineName']
|
795
|
+
@scan_name = json['scanName']
|
793
796
|
end
|
794
797
|
end
|
795
798
|
|
@@ -822,6 +825,7 @@ module Nexpose
|
|
822
825
|
@risk_score = json['riskScore']
|
823
826
|
@type = json['Scan Type'] == 'Manual' ? :manual : :scheduled
|
824
827
|
@engine_name = json['Scan Engine']
|
828
|
+
@scan_name = json['Scan Name']
|
825
829
|
end
|
826
830
|
end
|
827
831
|
|
@@ -35,8 +35,12 @@ module Nexpose
|
|
35
35
|
attr_accessor :domain
|
36
36
|
# User name.
|
37
37
|
attr_accessor :username
|
38
|
+
alias :user_name :username
|
39
|
+
alias :user_name= :username=
|
38
40
|
# User name to use when elevating permissions (e.g., sudo).
|
39
41
|
attr_accessor :privilege_username
|
42
|
+
alias :permission_elevation_user :privilege_username
|
43
|
+
alias :permission_elevation_user= :privilege_username=
|
40
44
|
# Boolean to indicate whether this credential applies to all sites.
|
41
45
|
attr_accessor :all_sites
|
42
46
|
# When this credential was last modified.
|
@@ -79,8 +83,12 @@ module Nexpose
|
|
79
83
|
attr_accessor :pem_key
|
80
84
|
# Password to use when elevating permissions (e.g., sudo).
|
81
85
|
attr_accessor :privilege_password
|
86
|
+
alias :permission_elevation_password :privilege_password
|
87
|
+
alias :permission_elevation_password= :privilege_password=
|
82
88
|
# Permission elevation type. See Nexpose::Credential::ElevationType.
|
83
89
|
attr_accessor :privilege_type
|
90
|
+
alias :permission_elevation_type :privilege_type
|
91
|
+
alias :permission_elevation_type= :privilege_type=
|
84
92
|
# Privacty password of SNMP v3 credential
|
85
93
|
attr_accessor :privacy_password
|
86
94
|
# Authentication type of SNMP v3 credential
|
@@ -98,8 +106,9 @@ module Nexpose
|
|
98
106
|
attr_accessor :disabled
|
99
107
|
|
100
108
|
def initialize(name, id = -1)
|
101
|
-
@name
|
102
|
-
@
|
109
|
+
@name = name
|
110
|
+
@id = id.to_i
|
111
|
+
@sites = []
|
103
112
|
@disabled = []
|
104
113
|
end
|
105
114
|
|
@@ -168,7 +177,7 @@ module Nexpose
|
|
168
177
|
|
169
178
|
# Test this credential against a target where the credentials should apply.
|
170
179
|
# Only works for a newly created credential. Loading an existing credential
|
171
|
-
# will likely fail.
|
180
|
+
# will likely fail due to the API not sending password.
|
172
181
|
#
|
173
182
|
# @param [Connection] nsc An active connection to the security console.
|
174
183
|
# @param [String] target Target host to check credentials against.
|
@@ -177,7 +186,7 @@ module Nexpose
|
|
177
186
|
#
|
178
187
|
def test(nsc, target, engine_id = nil, siteid = -1)
|
179
188
|
unless engine_id
|
180
|
-
engine_id = nsc.engines.
|
189
|
+
engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id
|
181
190
|
end
|
182
191
|
@port = Credential::DEFAULT_PORTS[@service] if @port.nil?
|
183
192
|
parameters = _to_param(target, engine_id, @port, siteid)
|
@@ -186,7 +195,6 @@ module Nexpose
|
|
186
195
|
result.attributes['success'].to_i == 1
|
187
196
|
end
|
188
197
|
|
189
|
-
|
190
198
|
def _to_param(target, engine_id, port, siteid)
|
191
199
|
{ engineid: engine_id,
|
192
200
|
sc_creds_dev: target,
|
@@ -56,6 +56,50 @@ module Nexpose
|
|
56
56
|
# scope of credential
|
57
57
|
attr_accessor :scope
|
58
58
|
|
59
|
+
# Test this credential against a target where the credentials should apply.
|
60
|
+
# Only works for a newly created credential. Loading an existing credential
|
61
|
+
# will likely fail due to the API not sending password.
|
62
|
+
#
|
63
|
+
# @param [Connection] nsc An active connection to the security console.
|
64
|
+
# @param [String] target Target host to check credentials against.
|
65
|
+
# @param [Fixnum] engine_id ID of the engine to use for testing credentials.
|
66
|
+
# Will default to the local engine if none is provided.
|
67
|
+
# @param [Fixnum] siteid
|
68
|
+
# @return [Boolean] If the credential is able to connect to the target.
|
69
|
+
#
|
70
|
+
def test(nsc, target, engine_id = nil, siteid = -1)
|
71
|
+
unless engine_id
|
72
|
+
engine_id = nsc.engines.detect { |e| e.name == 'Local scan engine' }.id
|
73
|
+
end
|
74
|
+
@port = Credential::DEFAULT_PORTS[@service] if @port.nil?
|
75
|
+
parameters = _to_param(target, engine_id, @port, siteid)
|
76
|
+
parameters = JSON.generate(parameters)
|
77
|
+
resp = JSON.parse(Nexpose::AJAX.post(nsc, '/data/credential/test', parameters, Nexpose::AJAX::CONTENT_TYPE::JSON))
|
78
|
+
resp['success'] == 'true'
|
79
|
+
end
|
80
|
+
|
81
|
+
|
82
|
+
def _to_param(target, engine_id, port, siteid)
|
83
|
+
{
|
84
|
+
dev: target,
|
85
|
+
port: port,
|
86
|
+
siteID: siteid,
|
87
|
+
engineID: engine_id,
|
88
|
+
service: @service,
|
89
|
+
domain: @domain,
|
90
|
+
database: @database,
|
91
|
+
userName: @user_name,
|
92
|
+
password: @password,
|
93
|
+
privilegeElevationUserName: @permission_elevation_user,
|
94
|
+
privilegeElevationPassword: @permission_elevation_password,
|
95
|
+
privilegeElevationType: @permission_elevation_type,
|
96
|
+
pemkey: @pem_format_private_key,
|
97
|
+
snmpv3AuthType: @authentication_type,
|
98
|
+
snmpv3PrivType: @privacy_type,
|
99
|
+
snmpv3PrivPassword: @privacy_password
|
100
|
+
}
|
101
|
+
end
|
102
|
+
|
59
103
|
#Create a credential object using name, id, description, host and port
|
60
104
|
def self.for_service(name, id = -1, desc = nil, host = nil, port = nil, service = Credential::Service::CIFS)
|
61
105
|
cred = new
|
@@ -88,6 +132,7 @@ module Nexpose
|
|
88
132
|
# Copy an existing configuration from a Nexpose instance.
|
89
133
|
# Returned object will reset the credential ID and append "Copy" to the existing
|
90
134
|
# name.
|
135
|
+
# Reminder: The password field will not be populated due to the API not sending password.
|
91
136
|
#
|
92
137
|
# @param [Connection] connection Connection to the security console.
|
93
138
|
# @param [String] id Unique identifier of an site.
|
@@ -95,23 +140,24 @@ module Nexpose
|
|
95
140
|
# @return [SiteCredentials] Site credential loaded from a Nexpose console.
|
96
141
|
#
|
97
142
|
def self.copy(connection, site_id, credential_id)
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
143
|
+
site_credential = self.load(connection, site_id, credential_id)
|
144
|
+
site_credential.id = -1
|
145
|
+
site_credential.name = "#{site_credential.name} Copy"
|
146
|
+
site_credential
|
102
147
|
end
|
103
148
|
|
104
149
|
# Copy an existing configuration from a site credential.
|
105
150
|
# Returned object will reset the credential ID and append "Copy" to the existing
|
106
151
|
# name.
|
152
|
+
# Reminder: The password field will not be populated due to the API not sending password.
|
107
153
|
#
|
108
|
-
# @param [siteCredential] site credential to be copied.
|
109
154
|
# @return [SiteCredentials] modified.
|
110
155
|
#
|
111
|
-
def
|
112
|
-
|
113
|
-
|
114
|
-
|
156
|
+
def copy
|
157
|
+
site_credential = self.clone
|
158
|
+
site_credential.id = -1
|
159
|
+
site_credential.name = "#{site_credential.name} Copy"
|
160
|
+
site_credential
|
115
161
|
end
|
116
162
|
|
117
163
|
def to_json
|
data/lib/nexpose/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexpose
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 7.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- HD Moore
|
@@ -13,7 +13,7 @@ authors:
|
|
13
13
|
autorequire:
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
|
-
date: 2017-
|
16
|
+
date: 2017-08-31 00:00:00.000000000 Z
|
17
17
|
dependencies:
|
18
18
|
- !ruby/object:Gem::Dependency
|
19
19
|
name: bundler
|
@@ -127,6 +127,34 @@ dependencies:
|
|
127
127
|
- - "~>"
|
128
128
|
- !ruby/object:Gem::Version
|
129
129
|
version: 2.9.3
|
130
|
+
- !ruby/object:Gem::Dependency
|
131
|
+
name: github_changelog_generator
|
132
|
+
requirement: !ruby/object:Gem::Requirement
|
133
|
+
requirements:
|
134
|
+
- - ">="
|
135
|
+
- !ruby/object:Gem::Version
|
136
|
+
version: '0'
|
137
|
+
type: :development
|
138
|
+
prerelease: false
|
139
|
+
version_requirements: !ruby/object:Gem::Requirement
|
140
|
+
requirements:
|
141
|
+
- - ">="
|
142
|
+
- !ruby/object:Gem::Version
|
143
|
+
version: '0'
|
144
|
+
- !ruby/object:Gem::Dependency
|
145
|
+
name: pry
|
146
|
+
requirement: !ruby/object:Gem::Requirement
|
147
|
+
requirements:
|
148
|
+
- - '='
|
149
|
+
- !ruby/object:Gem::Version
|
150
|
+
version: 0.9.12.6
|
151
|
+
type: :development
|
152
|
+
prerelease: false
|
153
|
+
version_requirements: !ruby/object:Gem::Requirement
|
154
|
+
requirements:
|
155
|
+
- - '='
|
156
|
+
- !ruby/object:Gem::Version
|
157
|
+
version: 0.9.12.6
|
130
158
|
description: This gem provides a Ruby API to the Nexpose vulnerability management
|
131
159
|
product by Rapid7.
|
132
160
|
email:
|
@@ -141,6 +169,7 @@ extensions: []
|
|
141
169
|
extra_rdoc_files:
|
142
170
|
- README.markdown
|
143
171
|
files:
|
172
|
+
- CHANGELOG.md
|
144
173
|
- COPYING
|
145
174
|
- Gemfile
|
146
175
|
- Gemfile.lock
|
@@ -158,6 +187,7 @@ files:
|
|
158
187
|
- lib/nexpose/connection.rb
|
159
188
|
- lib/nexpose/console.rb
|
160
189
|
- lib/nexpose/credential.rb
|
190
|
+
- lib/nexpose/credential_helper.rb
|
161
191
|
- lib/nexpose/dag.rb
|
162
192
|
- lib/nexpose/data_table.rb
|
163
193
|
- lib/nexpose/device.rb
|