nexpose 0.8.9 → 0.8.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 6698a2821faefa7c1822f324cc1bfd355869ad7f
-  data.tar.gz: 3a14efb354cbc7036cf829f60088ceeaa0f7a80b
+  metadata.gz: 81928c1e3298ba80b864e0d14499f58a9a41eae2
+  data.tar.gz: dcbe6c5b9df95b254fa98f3eb5ec2041492d389a
 SHA512:
-  metadata.gz: 219848942e56f658d1a3f43e8411ded2c12e693d5f258106196ddca5121c3434be50c17dffd45fe61504d5d76050bd77c123ea3d844e5f07a65656a353b03ea2
-  data.tar.gz: 89ae18299c87ef71a2805038ef3f1e3c7ab7a53cf87e0c66f799dbaa83e024f7714dc4198854d509156646472aea80d344f215c2de7b4fcfa6d71535ca87ef97
+  metadata.gz: aa9189178c6c2d497635cc871473f78277abe75374bcf32ac883303463b079b73bc5bdacdac0d8292fcfbd0d326f1d6754235fe2b3ab8d19dcbb260c651cb09e
+  data.tar.gz: 7fc4dc7d5a376c7a6e1a0f440e48b532cb73acb1c4470973528fb228be3d8ccbfb60d1d6acd55ce9c1ee00d3aed91dea79b691b484cfddd3bd0374bef0a5690e

data/lib/nexpose/ajax.rb

@@ -119,6 +119,15 @@ module Nexpose
       uri
     end
 
+    def preserving_preference(nsc, pref)
+      begin
+        orig = _get_rows(nsc, pref)
+        yield
+      ensure
+        _set_rows(nsc, pref, orig)
+      end
+    end
+
     ###
     # Internal helper methods
 
@@ -154,5 +163,27 @@ module Nexpose
         raise Nexpose::APIError.new(response, "#{req_type} request to #{request.path} failed. #{request.body}")
       end
     end
+
+    def _get_rows(nsc, pref)
+      uri = '/ajax/user_pref_get.txml'
+      resp = get(nsc, uri, CONTENT_TYPE::XML, 'name' => "#{pref}.rows")
+      xml = REXML::Document.new(resp)
+      if val = REXML::XPath.first(xml, 'GetUserPref/userPref')
+        val.text.to_i
+      else
+        10
+      end
+    end
+
+    def _set_rows(nsc, pref, value)
+      uri = '/ajax/user_pref_set.txml'
+      params = { 'name'  => "#{pref}.rows",
+                 'value' => value }
+      resp = get(nsc, uri, CONTENT_TYPE::XML, params)
+      xml = REXML::Document.new(resp)
+      if attr = REXML::XPath.first(xml, 'SetUserPref/@success')
+        attr.value == '1'
+      end
+    end
   end
 end

data/lib/nexpose/device.rb

@@ -93,6 +93,22 @@ module Nexpose
     alias_method :asset_vulns, :list_device_vulns
     alias_method :device_vulns, :list_device_vulns
 
+    # Retrieve a list of assets which completed in a given scan. If called
+    # during a scan, this method returns currently completed assets. A
+    # "completed" asset can be in one of three states: completed successfully,
+    # failed due to an error, or stopped by a user.
+    #
+    # @param [Fixnum] scan_id Unique identifier of a scan.
+    # @return [Array[CompletedAsset]] List of completed assets.
+    #
+    def completed_assets(scan_id)
+      uri = "/data/asset/scan/#{scan_id}/complete-assets"
+      AJAX.preserving_preference(self, 'scan-complete-assets') do
+        data = DataTable._get_json_table(self, uri, {}, 500, nil, false)
+        data.map(&CompletedAsset.method(:parse_json))
+      end
+    end
+
     def delete_device(device_id)
       r = execute(make_xml('DeviceDeleteRequest', { 'device-id' => device_id }))
       r.success
@@ -104,7 +120,6 @@ module Nexpose
   # Object that represents a single device in a Nexpose security console.
   #
   class Device
-
     # A unique device ID (assigned automatically by the Nexpose console).
     attr_reader :id
     # IP Address or Hostname of this device.
@@ -124,4 +139,53 @@ module Nexpose
       @risk_score = risk_score.to_f
     end
   end
+
+  # Summary object of a completed asset for a scan.
+  #
+  class CompletedAsset
+    # Unique identifier of an asset.
+    attr_reader :id
+    # IP address of the asset.
+    attr_reader :ip
+    # Host name of the asset, if discovered.
+    attr_reader :host_name
+    # Operating system fingerprint of the asset.
+    attr_reader :os
+    # Number of vulnerabilities discovered on the asset.
+    attr_reader :vulns
+    # Status of the asset on scan completion.
+    # One of :completed, :error, or :stopped.
+    attr_reader :status
+    # Time it took to scan the asset, in milliseconds.
+    attr_reader :duration
+
+    # Internal constructor to be called by #parse_json.
+    def initialize(&block)
+      instance_eval(&block) if block_given?
+    end
+
+    # Convenience method for assessing "ip" as "ip_address".
+    def ip_address
+      ip
+    end
+
+    # Convenience method for assessing "os" as "operating_system".
+    def operating_system
+      os
+    end
+
+    # Internal method for converting a JSON representation into a CompletedScan
+    # object.
+    def self.parse_json(json)
+      new do
+        @id = json['id'].to_i
+        @ip = json['ipAddress']
+        @host_name = json['hostName']
+        @os = json['operatingSystem']
+        @vulns = json['vulnerabilityCount']
+        @status = json['scanStatusTranslation'].downcase.to_sym
+        @duration = json['duration']
+      end
+    end
+  end
 end

data/lib/nexpose/discovery.rb

@@ -33,6 +33,14 @@ module Nexpose
     module Protocol
       HTTP = 'HTTP'
       HTTPS = 'HTTPS'
+      LDAP = 'LDAP'
+      LDAPS = 'LDAPS'
+    end
+
+    module Type
+      VSPHERE = 'VSPHERE'
+      AWS = 'AWS'
+      ACTIVESYNC = 'ACTIVESYNC'
     end
 
     # A unique identifier for this connection.
@@ -41,6 +49,9 @@ module Nexpose
     # A unique name for this connection.
     attr_accessor :name
 
+    # Type of discovery connection
+    attr_accessor :type
+
     # The IP address or fully qualified domain name of the server.
     attr_accessor :address
 
@@ -70,6 +81,7 @@ module Nexpose
     #
     def initialize(name, address, user, password = nil)
       @name, @address, @user, @password = name, address, user, password
+      @type = nil  # for backwards compatibilitly, at some point should set this to Type::VSPHERE
       @id = -1
       @port = 443
       @protocol = Protocol::HTTPS
@@ -131,12 +143,13 @@ module Nexpose
 
     def as_xml
       xml = REXML::Element.new('DiscoveryConnection')
-      xml.add_attributes({ 'name' => @name,
-                           'address' => @address,
-                           'port' => @port,
-                           'protocol' => @protocol,
-                           'user-name' => @user,
-                           'password' => @password })
+      xml.attributes['name']      = @name
+      xml.attributes['address']   = @address
+      xml.attributes['port']      = @port
+      xml.attributes['protocol']  = @protocol
+      xml.attributes['user-name'] = @user
+      xml.attributes['password']  = @password
+      xml.attributes['type']      = @type if @type
       xml
     end
 
@@ -188,4 +201,23 @@ module Nexpose
       end
     end
   end
+
+  class MobileDiscoveryConnection < DiscoveryConnection
+    # Create a new Mobile discovery connection.
+    #
+    # @param [String] name Name to assign to this connection.
+    # @param [DiscoveryConnection::Protocol] protocol The protocol to use for discovery - LDAPS or LDAP
+    # @param [String] address IP or fully qualified domain name of the
+    #    connection server.
+    # @param [String] user User name for credentials on this connection.
+    # @param [String] password Password for credentials on this connection.
+    #
+    def initialize(name, protocol, address, user, password = nil)
+      @name, @protocol, @address, @user, @password = name, protocol, address, user, password
+      @type = Type::ACTIVESYNC
+      @id = -1
+      @port = 443   #port not used for mobile connection
+    end
+
+  end
 end

data/lib/nexpose/discovery/filter.rb

@@ -2,6 +2,7 @@ module Nexpose
   module Search
     module Field
 
+      ###### vSphere Filters ######
       # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS, STARTS_WITH
       CLUSTER = 'CLUSTER'
 
@@ -23,6 +24,14 @@ module Nexpose
 
       # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS, STARTS_WITH
       VIRTUAL_MACHINE_NAME = 'VM'
+
+      ###### Mobile Filters ######
+      # Valid Operators: CONTAINS, NOT_CONTAINS
+      OPERATING_SYSTEM = 'DEVICE_OPERATING_SYSTEM'
+
+      # Valid Operators: IS, IS_NOT, CONTAINS, NOT_CONTAINS, STARTS_WITH
+      USER = 'DEVICE_USER_DISPLAY_NAME'
+
     end
 
     module Value

data/lib/nexpose/scan.rb

@@ -520,7 +520,6 @@ module Nexpose
       # and vuln-potential.
       #
       class Status
-
         attr_reader :severities, :count
 
         def initialize(severity = nil, count = 0)
@@ -547,7 +546,6 @@ module Nexpose
   # Struct class for tracking scan launch information.
   #
   class Scan
-
     # The scan ID when a scan is successfully launched.
     attr_reader :id
     # The engine the scan was dispatched to.
@@ -578,4 +576,48 @@ module Nexpose
       UNKNOWN = 'unknown'
     end
   end
+
+  # Summary object of a completed scan for a site.
+  #
+  class CompletedScan
+    # Unique identifier of a scan.
+    attr_reader :id
+    # Start time of the scan.
+    attr_reader :start_time
+    # Completion time of the scan.
+    attr_reader :end_time
+    # Elapsed time of the scan in milliseconds.
+    attr_reader :duration
+    # Number of vulnerabilities discovered in the scan.
+    attr_reader :vulns
+    # Number of live assets discovered in the scan.
+    attr_reader :assets
+    # Cumulative risk score for all assets in the scan.
+    attr_reader :risk_score
+    # Scan type. One of :scheduled or :manual
+    attr_reader :type
+    # Name of the engine where the scan was run. Not the unique ID.
+    attr_reader :engine_name
+
+    # Internal constructor to be called by #parse_json.
+    def initialize(&block)
+      instance_eval(&block) if block_given?
+    end
+
+    # Internal method for converting a JSON representation into a CompletedScan
+    # object.
+    def self.parse_json(json)
+      new do
+        @id = json['scanID']
+        @start_time = Time.at(json['startTime'] / 1000)
+        @end_time = Time.at(json['endTime'] / 1000)
+        @duration = json['duration']
+        @vulns = json['vulnerabilityCount']
+        @assets = json['liveHosts']
+        @risk_score = json['riskScore']
+        @type = json['startedByCD'] == 'S' ? :scheduled : :manual
+        @engine_name = json['scanEngineName']
+      end
+    end
+  end
 end

data/lib/nexpose/site.rb

@@ -29,7 +29,7 @@ module Nexpose
     # @return Whether or not the delete request succeeded.
     #
     def delete_site(site_id)
-      r = execute(make_xml('SiteDeleteRequest', {'site-id' => site_id}))
+      r = execute(make_xml('SiteDeleteRequest', { 'site-id' => site_id }))
       r.success
     end
 
@@ -40,7 +40,7 @@ module Nexpose
     #   each scan run to date on the site provided.
     #
     def site_scan_history(site_id)
-      r = execute(make_xml('SiteScanHistoryRequest', {'site-id' => site_id}))
+      r = execute(make_xml('SiteScanHistoryRequest', { 'site-id' => site_id }))
       scans = []
       if r.success
         r.res.elements.each('SiteScanHistoryResponse/ScanSummary') do |scan_event|
@@ -59,7 +59,18 @@ module Nexpose
     # @return [ScanSummary] details of the last completed scan for a site.
     #
     def last_scan(site_id)
-      site_scan_history(site_id).select { |scan| scan.end_time }.max_by { |scan| scan.end_time }
+      site_scan_history(site_id).select(&:end_time).max_by(&:end_time)
+    end
+
+    # Retrieve a history of the completed scans for a given site.
+    #
+    # @param [FixNum] site_id Site ID to find scans for.
+    # @return [CompletedScan] details of the completed scans for the site.
+    #
+    def completed_scans(site_id)
+      table = { 'table-id' => 'site-completed-scans' }
+      data = DataTable._get_json_table(self, "/data/scan/site/#{site_id}", table)
+      data.map(&CompletedScan.method(:parse_json))
     end
   end
 
@@ -178,7 +189,7 @@ module Nexpose
     #
     # @param [String] hostname FQDN or DNS-resolvable host name of an asset.
     def remove_host(hostname)
-      @assets = assets.reject { |asset| asset == HostName.new(hostname) } 
+      @assets = assets.reject { |asset| asset == HostName.new(hostname) }
     end
 
     # Adds an asset to this site by IP address.
@@ -228,8 +239,8 @@ module Nexpose
     #
     def remove_asset(asset)
       begin
-        # If the asset registers as a valid IP, store as IP.
-        ip = IPAddr.new(asset)
+        # If the asset registers as a valid IP, remove as IP.
+        IPAddr.new(asset)
         remove_ip(asset)
       rescue ArgumentError => e
         if e.message == 'invalid address'
@@ -531,7 +542,6 @@ module Nexpose
   # Object that represents the summary of a Nexpose Site.
   #
   class SiteSummary
-
     # The Site ID.
     attr_reader :id
     # The Site Name.
@@ -557,7 +567,6 @@ module Nexpose
   # Object that represents a hostname to be added to a site.
   #
   class HostName
-
     # Named host (usually DNS or Netbios name).
     attr_accessor :host
 
@@ -595,7 +604,6 @@ module Nexpose
   # If to is nil then the from field will be used to specify a single IP Address only.
   #
   class IPRange
-
     # Start of range *Required
     attr_accessor :from
     # End of range *Optional (If nil then IPRange is a single IP Address)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexpose
 version: !ruby/object:Gem::Version
-  version: 0.8.9
+  version: 0.8.10
 platform: ruby
 authors:
 - HD Moore
@@ -11,7 +11,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-20 00:00:00.000000000 Z
+date: 2014-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rex
@@ -96,7 +96,6 @@ files:
 - lib/nexpose/role.rb
 - lib/nexpose/scan.rb
 - lib/nexpose/scan_template.rb
-- lib/nexpose/settings.xml
 - lib/nexpose/shared_cred.rb
 - lib/nexpose/silo.rb
 - lib/nexpose/silo_profile.rb

data/lib/nexpose/settings.xml

@@ -1,14 +0,0 @@
-<GlobalSettings>
-  <riskModel id="real_risk" recalculation_duration="do_not_recalculate"></riskModel>
-  <RiskConfig includeRiskModifiers="false">
-    <RiskModifiers veryHigh="2" high="1.5" medium="1" low="0.75" veryLow="0.5"></RiskModifiers>
-  </RiskConfig>
-  <ControlsScan>
-    <enableControlsScan enabled="0"></enableControlsScan>
-  </ControlsScan>
-  <ExcludedHosts>
-    <range from="10.4.18.219"></range>
-    <range from="10.4.25.117"></range>
-  </ExcludedHosts>
-</GlobalSettings>
-