nexpose_thycotic 0.0.2

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 9cfe89f9e59547499a62f7d17adf19c1a3ab78cc
+  data.tar.gz: 84d2068ae67621f761ecc896c4deb666aa85513d
+SHA512:
+  metadata.gz: ce4458b781b8a05ace7d0303cfd261b95d0290871b89df994cae754547b33d489fe1df6ec3ffb3bf9db6d9a3477b593b65208c6c08022e06800fd26199cc2b70
+  data.tar.gz: ed741b2f034eabc2f0434c8040391983df6f4dd295f7d3bb7df882195e282d877b8ebf3e033c7b7a1fbfff0d711cac6d8881434ff5fe923239e7a651fe4126f0

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in nexpose_thycotic.gemspec
+gemspec

data/Gemfile.lock

@@ -0,0 +1,58 @@
+PATH
+  remote: .
+  specs:
+    nexpose_thycotic (0.0.2)
+      nexpose
+      rubyntlm
+      savon
+
+GEM
+  remote: https://rubygems.org/
+  specs:
+    akami (1.2.2)
+      gyoku (>= 0.4.0)
+      nokogiri
+    builder (3.2.2)
+    gyoku (1.1.1)
+      builder (>= 2.1.2)
+    httpi (2.2.5)
+      rack
+    librex (0.0.70)
+    macaddr (1.7.1)
+      systemu (~> 2.6.2)
+    mime-types (1.25.1)
+    mini_portile (0.6.0)
+    nexpose (0.8.3)
+      librex (~> 0.0, >= 0.0.68)
+      nokogiri (~> 1.6, >= 1.6.2)
+    nokogiri (1.6.3.1)
+      mini_portile (= 0.6.0)
+    nori (2.4.0)
+    rack (1.5.2)
+    rake (0.9.2.2)
+    rubyntlm (0.4.0)
+    savon (2.6.0)
+      akami (~> 1.2.0)
+      builder (>= 2.1.2)
+      gyoku (~> 1.1.0)
+      httpi (~> 2.2.3)
+      nokogiri (>= 1.4.0)
+      nori (~> 2.4.0)
+      uuid (~> 2.3.7)
+      wasabi (~> 3.3.0)
+    systemu (2.6.4)
+    uuid (2.3.7)
+      macaddr (~> 1.0)
+    wasabi (3.3.0)
+      httpi (~> 2.0)
+      mime-types (< 2.0.0)
+      nokogiri (>= 1.4.0)
+
+PLATFORMS
+  ruby
+  x86-mingw32
+
+DEPENDENCIES
+  bundler (~> 1.5)
+  nexpose_thycotic!
+  rake

data/LICENSE.txt

@@ -0,0 +1,22 @@
+Copyright (c) 2014 Rapid7
+
+MIT License
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,23 @@
+# NexposeThycotic
+
+Nexpose Thycotic Gem allows users to import credentials from Thycotic SecretServer into their Nexpose instance.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'nexpose_thycotic'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install nexpose_thycotic
+
+## Usage
+
+Edit the nx_thycotic.rb file in the /bin folder with a text editor. Add a proper username/password for both nexpose
+and SecretServer, followed by the URL for SecretServer webservice.
+Add the Site # to be managed by this integration, save and run on schedule.

data/Rakefile

@@ -0,0 +1 @@
+require "bundler/gem_tasks"

data/bin/nx_thycotic.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+# Please refer to the configuration documentation for instructions on how to run this gem
+# Do NOT run this gem without proper pre-configuration.
+require 'nexpose_thycotic'
+
+# Thycotic SecretServer URL.
+thycotic_url = 'http://YOURIP/SecretServer/webservices/sswebservice.asmx?wsdl'
+# Thycotic username.
+thycotic_username = 'nxadmin'
+# Thycotic password
+thycotic_password = 'nxadmin'
+
+
+### NEXPOSE CONFIGURATION ###
+# Nexpose IP Address
+nexpose_ip = 'your_nexpose_installation_ip'
+# Nexpose username
+nexpose_username = 'nxadmin'
+# Nexpose password
+nexpose_password = 'nxadmin'
+# Sites to collect credentials on, separated by commas.
+sites = [ 7 ]
+
+
+### DO NOT EDIT AFTER THIS LINE ###
+NexposeThycotic::NxLogger.log_message('Testing', 'debug')
+vault_options = { url: thycotic_url, username: thycotic_username, password: thycotic_password }
+nexpose_options = { nexpose_ip: nexpose_ip, nexpose_username: nexpose_username, nexpose_password: nexpose_password, sites: sites }
+NexposeThycotic.update_credentials(vault_options, nexpose_options)

data/lib/nexpose_thycotic.rb

@@ -0,0 +1,39 @@
+require "nexpose_thycotic/version"
+require 'nexpose_thycotic/operations'
+require 'nexpose_thycotic/nx_logger'
+require 'nexpose'
+
+module NexposeThycotic
+  def self.update_credentials(vault_options, nexpose_options = nil)
+    NxLogger.log_message('Starting integration.', 'info')
+    ss = ThycoticOperations.new(vault_options[:url])
+    NxLogger.log_message("Logging to Thycotic at #{vault_options[:url]}", 'info')
+    token = ss.authenticate(vault_options[:username], vault_options[:password])
+    @nx = NexposeOperations.new(nexpose_options[:nexpose_ip], nexpose_options[:nexpose_username], nexpose_options[:nexpose_password])
+    NxLogger.log_message('Processing sites', 'info')
+
+    nexpose_options[:sites].each do |site_id|
+    NxLogger.log_message("Processing site #{site_id}", 'debug')
+    ips = @nx.get_ips_from_site(site_id)
+    site_credentials = []
+    ips.each do |ip|
+      ip_from = ip.instance_of?(Nexpose::HostName) ? ip.host : ip.from
+      NxLogger.log_message("Getting credentials for #{ip_from}", 'debug')
+      secret_summary = ss.get_secret_id(token, ip_from)
+      unless secret_summary.nil?
+        NxLogger.log_message("Found credentials for #{ip_from}", 'debug')
+      # Gets OS
+        asset_data = {}
+        asset_data[:ip] = ip_from
+        res = ss.get_secret_simple(token, secret_summary[:secret_id])
+        asset_data[:username] = res[:username]
+        asset_data[:password] = res[:password]
+        credential = Nexpose::Credential.for_service(ss.check_type(secret_summary[:secret_type]), asset_data[:username], asset_data[:password], nil, ip.from )
+        site_credentials.push(credential)
+      end
+    end
+    @nx.save_site(site_id, site_credentials)
+    NxLogger.log_message("Finished processing #{site_id}", 'info')
+    end
+  end
+end

data/lib/nexpose_thycotic/nx_logger.rb

@@ -0,0 +1,19 @@
+module NexposeThycotic
+  module NxLogger
+    require 'logger'
+    LOGGER_FILE = File.join(File.dirname(__FILE__), '/log/nx_thycotic.log')
+    directory = File.dirname(LOGGER_FILE)
+    FileUtils.mkdir_p(directory) unless File.directory?(directory)
+    @log = Logger.new(LOGGER_FILE, 'monthly')
+    @log.level = Logger::INFO
+
+    def self.log_message(message, level)
+      case level
+        when 'info' then @log.info(message)
+        when 'debug' then @log.debug(message)
+        when 'error' then @log.error(message)
+        when 'warn' then @log.warn(message)
+      end
+    end
+  end
+end

data/lib/nexpose_thycotic/operations.rb

@@ -0,0 +1,132 @@
+module NexposeThycotic
+  class NexposeOperations
+    require 'nexpose'
+    include Nexpose
+    attr_reader :nsc
+
+    def initialize(ip, user, pass, port = 3780)
+      @nsc = Connection.new(ip, user, pass, port)
+      @nsc.login
+    end
+    def get_ips_from_site(site_id)
+      site = Site.load(@nsc, site_id)
+      site.assets
+    end
+
+    def save_site(site_id, credentials)
+      site = Site.load(@nsc, site_id)
+      site.credentials = credentials
+      site.save(@nsc)
+    end
+
+    def delete_site_credentials(site_id)
+      site = Site.load(@nsc, site_id)
+      site.credentials = []
+      site.save(@nsc)
+    end
+
+    def start_scan(site_id)
+      site = Site.load(@nsc, site_id)
+      site.scan(@nsc)
+    end
+
+    def scan_status(scan_id)
+      @nsc.scan_status(scan_id)
+    end
+  end
+
+  class ThycoticOperations
+    require 'savon'
+    attr_accessor :client
+    def initialize(url = nil)
+      # log: true, log_level: :info
+      @client = Savon.client(wsdl: url)
+    end
+
+    def operations
+      puts @client.operations
+    end
+
+    def check_type(type)
+      case type
+        when /.*unix.*/i then 'ssh'
+        when /.*windows.*/i then 'cifs'
+        when /.*ftp.*/i then 'ftp'
+        when /.*400.*/i then 'as400'
+        when /.*lotus.*/i then 'notes'
+        when /.*Microsoft.*SQL.*Server.*/i then 'tds'
+        when /.*Sybase.*SQL.*Server.*/i then 'sybase'
+        when /.*mysql.*/i then 'mysql'
+        when /.*DB2.*/i then 'db2'
+        when /.*postgresql.*/i then 'postgresql'
+        when /.*pop.*/i then 'pop'
+        when /.*Simple.*Network.*Management.*/i then 'snmp'
+        when /.*telnet.*/i then 'telnet'
+      end
+    end
+
+    def authenticate(username, password)
+      auth = @client.call(:authenticate, message: { username: username, password: password })
+      auth_response = auth.hash
+      auth_result = auth_response[:envelope][:body][:authenticate_response][:authenticate_result]
+      CheckForErrors(auth_result)
+      @token = auth_result[:token]
+    end
+
+    def parse_field(secret_response_result, fieldName)
+      items = secret_response_result[:secret][:items]
+      for item in items[:secret_item]
+        if	item[:field_display_name].downcase == fieldName.downcase then
+          return item[:value]
+        end
+      end
+    end
+
+    def get_secret_id(token, ip)
+      secret_id = @client.call( :search_secrets_by_field_value, message: { token: token, fieldName: 'machine', searchTerm: ip, showDeleted: true, showRestricted: true})
+      secret_result = secret_id.hash
+      unless secret_result[:envelope][:body][:search_secrets_by_field_value_response][:search_secrets_by_field_value_result][:secret_summaries].nil? then
+        secret_summary = secret_result[:envelope][:body][:search_secrets_by_field_value_response][:search_secrets_by_field_value_result][:secret_summaries][:secret_summary]
+        secret_info = { secret_id: secret_summary[:secret_id], secret_type: secret_summary[:secret_type_name] }
+      end
+    end
+
+    def get_secret_simple(token, secret_id)
+      secret = @client.call( :get_secret_legacy, message: { token: token, secretId: secret_id } )
+      secret_response = secret.hash
+      secret_response_result = secret_response[:envelope][:body][:get_secret_legacy_response][:get_secret_legacy_result]
+      CheckForErrors(secret_response_result)
+      username = parse_field(secret_response_result, "Username")
+      password = parse_field(secret_response_result, "Password")
+      asset = { username: username, password: password }
+
+    end
+
+    def get_secret(token, secret_id)
+      #Code Responses are used if additional information is required when getting the Secret (Ex: Requires Comment is turned on so need to pass Code Response as..)
+      code_response = nil
+      #code_response = @client.new("codeResponse")  #Code is not working, need to create object of type codeResponse from the wsdl
+      #code_response.ErrorCode = "COMMENT";
+      #code_response.Comment = "Running scan";
+
+      #CodeResponses is an array because there could be multiple additional responses needed
+      code_responses = [code_response]
+
+      secret = @client.call( :get_secret, message: { token: token, secretId: secret_id, CodeResponse: code_responses } )
+      secret_response = secret.hash
+      secret_response_result = secret_response[:envelope][:body][:get_secret_response][:get_secret_result]
+      CheckForErrors(secret_response_result)
+      username = parse_field(secret_response_result, "Username")
+      password = parse_field(secret_response_result, "Password")
+    end
+
+    def CheckForErrors(result)
+      errors = result[:errors]
+      if !errors.blank? then
+        puts errors
+        raise Exception.new(errors)
+      end
+
+    end
+  end
+end

data/lib/nexpose_thycotic/version.rb

@@ -0,0 +1,6 @@
+module NexposeThycotic
+  VERSION = "0.0.2"
+  def self.show_version
+    puts VERSION
+  end
+end

metadata

@@ -0,0 +1,126 @@
+--- !ruby/object:Gem::Specification
+name: nexpose_thycotic
+version: !ruby/object:Gem::Version
+  version: 0.0.2
+platform: ruby
+authors:
+- Damian Finol
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2014-11-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: savon
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rubyntlm
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: nexpose
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: This gem allows Nexpose users to poll credentials from Thycotic SecretServer
+  into Nexpose
+email:
+- damian_finol@rapid7.com
+executables:
+- nx_thycotic.rb
+extensions: []
+extra_rdoc_files: []
+files:
+- Gemfile
+- Gemfile.lock
+- LICENSE.txt
+- Rakefile
+- README.md
+- lib/nexpose_thycotic/nx_logger.rb
+- lib/nexpose_thycotic/operations.rb
+- lib/nexpose_thycotic/version.rb
+- lib/nexpose_thycotic.rb
+- bin/nx_thycotic.rb
+homepage: http://www.rapid7.com/
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.0.14
+signing_key: 
+specification_version: 4
+summary: Nexpose Thycotic Gem Integration
+test_files: []