nexpose_tpam 1.0.1-java
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/LICENSE.txt +22 -0
- data/TPAM-Nexpose - Integration Guide.pdf +0 -0
- data/bin/nx_tpam.rb +35 -0
- data/lib/nexpose_tpam.rb +47 -0
- data/lib/nexpose_tpam/lib/java/commons-logging-1.1.1.jar +0 -0
- data/lib/nexpose_tpam/lib/java/edmz-par-api.jar +0 -0
- data/lib/nexpose_tpam/lib/java/j2ssh-core-0.2.9.jar +0 -0
- data/lib/nexpose_tpam/nexpose_ops.rb +45 -0
- data/lib/nexpose_tpam/tpam_ops.rb +102 -0
- data/lib/nexpose_tpam/version.rb +3 -0
- metadata +111 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: ecd3795f84d26052a44a0f963791a1e7b3ff3f86
|
4
|
+
data.tar.gz: eb3684ad1aebb67e934e260f17a7925e97b2e766
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: c03ceda6a52c156933a1cc14ef45605b5877b40f7f4f5866ebfd8eb61b984437af50e2c7823328b1d610f128dec845f1f70b531538542d86e191e80ddf6b97f9
|
7
|
+
data.tar.gz: ba3baba8c708e762f68035df4f891be7ca84f98a876308be532dc0f63afe678c5963a0f998f2fc08b502ffa1abad620b52aff5be27674c72d2fada69d500fecb
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2015 Quest Dystrybucja Sp. z o.o.
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
Binary file
|
data/bin/nx_tpam.rb
ADDED
@@ -0,0 +1,35 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'nexpose_tpam'
|
3
|
+
|
4
|
+
# ---- TPAM Configuration ---- #
|
5
|
+
# TPAM IP Address
|
6
|
+
achost = '192.168.25.111'
|
7
|
+
# TPAM username
|
8
|
+
acuser = 'Rapid7'
|
9
|
+
# TPAM key
|
10
|
+
ackey = 'id_dsa'
|
11
|
+
# TPAM system with domain definition
|
12
|
+
acldap = 'QUEST-LAB_AD'
|
13
|
+
# ---- End TPAM Configuration ---- #
|
14
|
+
|
15
|
+
# ---- Nexpose Configuration ---- #
|
16
|
+
# Nexpose IP Address
|
17
|
+
nxip = '192.168.25.222'
|
18
|
+
# Nexpose username
|
19
|
+
nxuser = 'nxadmin'
|
20
|
+
# Nexpose password
|
21
|
+
nxpasswd = 'nxpassword'
|
22
|
+
# Sites to process credentials, separated by commas, ie: [3, 4, 6]
|
23
|
+
sites = [ 1 ]
|
24
|
+
# Start scans?
|
25
|
+
# This setting will start scans on those sites, wait for the site to complete and then remove the credentials
|
26
|
+
# If you prefer to let the scans run on schedule, set this to false, otherwise set to true.
|
27
|
+
start_scans = true
|
28
|
+
# ---- End Nexpose Configuration ---- #
|
29
|
+
|
30
|
+
# --- DO NOT EDIT BELOW THIS LINE --- #
|
31
|
+
tpam_options = { :achost => achost, :acuser => acuser, :ackey => ackey, :acldap => acldap }
|
32
|
+
nexpose_options = { :nxip => nxip, :nxuser => nxuser, :nxpassword => nxpasswd, :sites => sites }
|
33
|
+
|
34
|
+
NexposeTpam::PPM.update_credentials(tpam_options, nexpose_options)
|
35
|
+
NexposeTpam::PPM.start_scans(nexpose_options) if start_scans
|
data/lib/nexpose_tpam.rb
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
require_relative "nexpose_tpam/version"
|
2
|
+
require_relative "nexpose_tpam/tpam_ops"
|
3
|
+
require_relative "nexpose_tpam/nexpose_ops"
|
4
|
+
|
5
|
+
module NexposeTpam
|
6
|
+
module PPM
|
7
|
+
def self.update_credentials(tpam_options, nexpose_options = nil)
|
8
|
+
@nx = Ops::Nexpose.new(nexpose_options[:nxip], nexpose_options[:nxuser], nexpose_options[:nxpassword])
|
9
|
+
nexpose_options[:sites].each do |site_id|
|
10
|
+
# Get name for site
|
11
|
+
site_credentials = []
|
12
|
+
site_ips = @nx.get_ips_from_site(site_id)
|
13
|
+
site_ips.each do |asset|
|
14
|
+
host = ''
|
15
|
+
host = asset.host if asset.is_a?(HostName)
|
16
|
+
host = asset.from if asset.is_a?(IPRange)
|
17
|
+
tpam_options[:range_scenario] = false
|
18
|
+
if asset.is_a?(IPRange) then tpam_options[:range_scenario] = true unless asset.from.nil? end
|
19
|
+
tpam_options[:object] = host
|
20
|
+
#get password
|
21
|
+
asset_data = ComEdmzApi::Tpam.retrievePassword(tpam_options)
|
22
|
+
host = nil if tpam_options[:range_scenario]
|
23
|
+
unless asset_data[:password].nil?
|
24
|
+
credential = Credential.for_service(asset_data[:os], asset_data[:user], asset_data, nil, host)
|
25
|
+
site_credentials.push(credential)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
# Save site
|
29
|
+
@nx.save_site(site_id, site_credentials)
|
30
|
+
end
|
31
|
+
end
|
32
|
+
def self.start_scans(nexpose_options = nil)
|
33
|
+
@nx = Ops::Nexpose.new(nexpose_options[:nxip], nexpose_options[:nxuser], nexpose_options[:nxpassword])
|
34
|
+
nexpose_options[:sites].each do |site_id|
|
35
|
+
puts "Starting scan #{site_id}"
|
36
|
+
scan = @nx.start_scan(site_id)
|
37
|
+
begin
|
38
|
+
sleep(30)
|
39
|
+
status = @nx.scan_status(scan.id)
|
40
|
+
puts "Waiting for scan #{scan.id} to finish"
|
41
|
+
end while status == Scan::Status::RUNNING
|
42
|
+
puts "Deleting creds for #{site_id}"
|
43
|
+
@nx.delete_site_credentials(site_id)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
Binary file
|
Binary file
|
Binary file
|
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'nexpose'
|
2
|
+
include Nexpose
|
3
|
+
module Ops
|
4
|
+
class Nexpose
|
5
|
+
attr_accessor :nsc
|
6
|
+
def initialize(nxip, nxuser, nxpasword)
|
7
|
+
@nsc = Connection.new(nxip, nxuser, nxpasword)
|
8
|
+
@nsc.login
|
9
|
+
end
|
10
|
+
|
11
|
+
def get_ips_from_site(site_id)
|
12
|
+
site = Site.load(@nsc, site_id)
|
13
|
+
site.assets
|
14
|
+
end
|
15
|
+
|
16
|
+
def get_name_from_site(site_id)
|
17
|
+
site = Site.load(@nsc, site_id)
|
18
|
+
site.name
|
19
|
+
end
|
20
|
+
|
21
|
+
def save_site(site_id, credentials)
|
22
|
+
site = Site.load(@nsc, site_id)
|
23
|
+
site.credentials = credentials
|
24
|
+
site.save(@nsc)
|
25
|
+
end
|
26
|
+
|
27
|
+
def delete_site_credentials(site_id)
|
28
|
+
site = Site.load(@nsc, site_id)
|
29
|
+
#site.site_credentials = []
|
30
|
+
#site.shared_credentials = []
|
31
|
+
site.credentials = []
|
32
|
+
site.save(@nsc)
|
33
|
+
end
|
34
|
+
|
35
|
+
def start_scan(site_id)
|
36
|
+
site = Site.load(@nsc, site_id)
|
37
|
+
puts "Name: #{site.name}"
|
38
|
+
site.scan(@nsc)
|
39
|
+
end
|
40
|
+
|
41
|
+
def scan_status(scan_id)
|
42
|
+
@nsc.scan_status(scan_id)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'java'
|
2
|
+
require_relative 'lib/java/commons-logging-1.1.1.jar'
|
3
|
+
require_relative 'lib/java/edmz-par-api.jar'
|
4
|
+
require_relative 'lib/java/j2ssh-core-0.2.9.jar'
|
5
|
+
|
6
|
+
module ComEdmzApi
|
7
|
+
include_package "com.edmz.api"
|
8
|
+
|
9
|
+
java_import java.io.FileInputStream
|
10
|
+
java_import java.io.IOException
|
11
|
+
java_import java.io.PrintWriter
|
12
|
+
java_import java.io.StringWriter
|
13
|
+
java_import java.lang.InterruptedException
|
14
|
+
java_import java.util.ArrayList
|
15
|
+
java_import java.util.Iterator
|
16
|
+
java_import java.util.List
|
17
|
+
java_import java.util.Properties
|
18
|
+
|
19
|
+
java_import org.apache.commons.logging.Log
|
20
|
+
java_import org.apache.commons.logging.LogFactory
|
21
|
+
|
22
|
+
java_import com.edmz.api.bo.CodeMessageResult
|
23
|
+
java_import com.edmz.api.bo.EDMZSystem
|
24
|
+
java_import com.edmz.api.bo.ListResult
|
25
|
+
|
26
|
+
java_import com.edmz.api.filters.AccountFilter
|
27
|
+
java_import com.edmz.api.filters.SystemFilter
|
28
|
+
|
29
|
+
java_import com.sshtools.j2ssh.session.SessionChannelClient
|
30
|
+
java_import com.sshtools.j2ssh.transport.publickey.InvalidSshKeyException
|
31
|
+
java_import com.sshtools.j2ssh.util.InvalidStateException
|
32
|
+
|
33
|
+
class Tpam
|
34
|
+
def self.retrievePassword(tpam_options = {})
|
35
|
+
|
36
|
+
asset_data = {}
|
37
|
+
ac = ComEdmzApi::APIClient.new
|
38
|
+
|
39
|
+
begin
|
40
|
+
ac.connect(tpam_options[:achost])
|
41
|
+
ac.authenticate(tpam_options[:ackey], tpam_options[:acuser])
|
42
|
+
rescue InvalidSshKeyException, IOException => e
|
43
|
+
puts "#{e.message}"
|
44
|
+
end
|
45
|
+
|
46
|
+
begin
|
47
|
+
scc = ComEdmzApi::SessionChannelClient.new
|
48
|
+
scc = ac.createSessionChannel
|
49
|
+
acl = ComEdmzApi::APICommandLib.new(scc)
|
50
|
+
|
51
|
+
sf = ComEdmzApi::SystemFilter.new
|
52
|
+
puts "tpam_options[:object] = #{tpam_options[:object]}"
|
53
|
+
if tpam_options[:range_scenario] == true then
|
54
|
+
sf.networkAddress = tpam_options[:object]
|
55
|
+
else
|
56
|
+
sf.systemName = tpam_options[:object]
|
57
|
+
end
|
58
|
+
#sf.systemName = tpam_options[:system]
|
59
|
+
|
60
|
+
edmzs = []
|
61
|
+
lr = ComEdmzApi::ListResult.new
|
62
|
+
acl.listSystems(sf, lr, edmzs)
|
63
|
+
|
64
|
+
if ((lr.returnCode == 0) && (lr.rowCount == 1))
|
65
|
+
puts "retriving password"
|
66
|
+
if edmzs[0].getPlatformName.downcase.include? 'windows'
|
67
|
+
asset_data[:os] = 'cifs'
|
68
|
+
else
|
69
|
+
asset_data[:os] = 'ssh'
|
70
|
+
end
|
71
|
+
asset_data[:system] = edmzs[0].getSystemName
|
72
|
+
asset_data[:host] = edmzs[0].getNetworkAddress
|
73
|
+
if edmzs[0].getDomainFunctionalAccount.to_s == ''
|
74
|
+
asset_data[:user] = edmzs[0].getFunctionalAccount
|
75
|
+
asset_data[:domain] = ''
|
76
|
+
else
|
77
|
+
asset_data[:user] = edmzs[0].getDomainFunctionalAccount.split('\\').last
|
78
|
+
asset_data[:domain] = edmzs[0].getDomainFunctionalAccount.split('\\').first
|
79
|
+
end
|
80
|
+
|
81
|
+
scc = ac.createSessionChannel
|
82
|
+
acl = ComEdmzApi::APICommandLib.new(scc)
|
83
|
+
res = ComEdmzApi::CodeMessageResult.new
|
84
|
+
|
85
|
+
if asset_data[:domain].to_s == ''
|
86
|
+
acl.retrievePassword(asset_data[:system], asset_data[:user], "", "", res)
|
87
|
+
else
|
88
|
+
acl.retrievePassword(tpam_options[:acldap], asset_data[:user], "", "", res)
|
89
|
+
end
|
90
|
+
|
91
|
+
asset_data[:password] = res.getMessage
|
92
|
+
end
|
93
|
+
|
94
|
+
rescue IOException, InvalidStateException, InterruptedException => e
|
95
|
+
puts "#{e.message}"
|
96
|
+
ensure
|
97
|
+
ac.disconnect
|
98
|
+
end
|
99
|
+
asset_data
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
metadata
ADDED
@@ -0,0 +1,111 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: nexpose_tpam
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.1
|
5
|
+
platform: java
|
6
|
+
authors:
|
7
|
+
- Quest Dystrybucja Sp. z o.o.
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
date: 2015-09-10 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: bundler
|
15
|
+
version_requirements: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - ~>
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: '1.6'
|
20
|
+
requirement: !ruby/object:Gem::Requirement
|
21
|
+
requirements:
|
22
|
+
- - ~>
|
23
|
+
- !ruby/object:Gem::Version
|
24
|
+
version: '1.6'
|
25
|
+
prerelease: false
|
26
|
+
type: :development
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: rake
|
29
|
+
version_requirements: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - '>='
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
requirement: !ruby/object:Gem::Requirement
|
35
|
+
requirements:
|
36
|
+
- - '>='
|
37
|
+
- !ruby/object:Gem::Version
|
38
|
+
version: '0'
|
39
|
+
prerelease: false
|
40
|
+
type: :development
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: rspec
|
43
|
+
version_requirements: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ~>
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '2.1'
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
requirements:
|
50
|
+
- - ~>
|
51
|
+
- !ruby/object:Gem::Version
|
52
|
+
version: '2.1'
|
53
|
+
prerelease: false
|
54
|
+
type: :development
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: nexpose
|
57
|
+
version_requirements: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 0.6.0
|
62
|
+
requirement: !ruby/object:Gem::Requirement
|
63
|
+
requirements:
|
64
|
+
- - ~>
|
65
|
+
- !ruby/object:Gem::Version
|
66
|
+
version: 0.6.0
|
67
|
+
prerelease: false
|
68
|
+
type: :runtime
|
69
|
+
description: Nexpose TPAM integration provides credentials for authenticated scans in Nexpose.
|
70
|
+
email:
|
71
|
+
- info@quest-pol.com.pl
|
72
|
+
executables:
|
73
|
+
- nx_tpam.rb
|
74
|
+
extensions: []
|
75
|
+
extra_rdoc_files: []
|
76
|
+
files:
|
77
|
+
- LICENSE.txt
|
78
|
+
- TPAM-Nexpose - Integration Guide.pdf
|
79
|
+
- bin/nx_tpam.rb
|
80
|
+
- lib/nexpose_tpam.rb
|
81
|
+
- lib/nexpose_tpam/lib/java/commons-logging-1.1.1.jar
|
82
|
+
- lib/nexpose_tpam/lib/java/edmz-par-api.jar
|
83
|
+
- lib/nexpose_tpam/lib/java/j2ssh-core-0.2.9.jar
|
84
|
+
- lib/nexpose_tpam/nexpose_ops.rb
|
85
|
+
- lib/nexpose_tpam/tpam_ops.rb
|
86
|
+
- lib/nexpose_tpam/version.rb
|
87
|
+
homepage: http://quest-pol.com.pl
|
88
|
+
licenses:
|
89
|
+
- MIT
|
90
|
+
metadata: {}
|
91
|
+
post_install_message:
|
92
|
+
rdoc_options: []
|
93
|
+
require_paths:
|
94
|
+
- lib
|
95
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
96
|
+
requirements:
|
97
|
+
- - '>='
|
98
|
+
- !ruby/object:Gem::Version
|
99
|
+
version: '0'
|
100
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
101
|
+
requirements:
|
102
|
+
- - '>='
|
103
|
+
- !ruby/object:Gem::Version
|
104
|
+
version: '0'
|
105
|
+
requirements: []
|
106
|
+
rubyforge_project:
|
107
|
+
rubygems_version: 2.4.5
|
108
|
+
signing_key:
|
109
|
+
specification_version: 4
|
110
|
+
summary: Nexpose TPAM integration.
|
111
|
+
test_files: []
|