nexposecli 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55304881a72629484ab8661e51fa5f7add72f67a
4
- data.tar.gz: c3b6bda8e98491d93e0e8f68fca7336ff999af7b
3
+ metadata.gz: 32679195424a83f6b44efeca2e90d924d7c4fc87
4
+ data.tar.gz: 8dbe421c0b1e50ced40c6c2f9fbf15a64b9c8013
5
5
  SHA512:
6
- metadata.gz: 7ed6b2f14f1aa74ee8d49a5c1424b5a88d680c4145200ee590ca26e1e31c9c905d8b10268076f73a4b4759c25db43543d136e9214591b9b6ac694c319c40c0de
7
- data.tar.gz: 9dfecc38b96235615560ae57897ba19495910481a6db43c2aed4ed7453f1d5610b9fbcb825cea0a8e13e959014a2643f313cab65cf3913794daf476de908d803
6
+ metadata.gz: cc58cf7f660a44fff37f18522745a13927c6e1fad89254e5dafdbdc31129b6840cee42cd1338b3acef8cfe04999346f42db4cf704e5a95749afb593d8fab5257
7
+ data.tar.gz: 7c57f719981fce6ed6de548081bbf40c00adfdf779c5d91e485ef67fdb2513c9c61ddb180aefcc671b62dae0b5ce97f27639421eb958a75ba8688304d04d01ec
data/README.md CHANGED
@@ -59,10 +59,7 @@ where ./lab.yaml consists of the following:
59
59
 
60
60
  NOTE: Be sure to use your Nexpose Console's ip address and credentials
61
61
 
62
- TODO: Write more detailed usage instructions here
63
-
64
62
  Known Issues:
65
- * Currently expects a ./logs directory in working directory
66
63
  * A number of the target objects may not return anything to STDOUT without a -v
67
64
 
68
65
  ## Contributing
data/bin/nexposecli CHANGED
@@ -22,6 +22,7 @@ require 'rubygems'
22
22
  require 'nexpose'
23
23
  require 'nexposecli'
24
24
  require 'socket'
25
+ require 'net/ldap'
25
26
  require 'digest'
26
27
  require 'securerandom'
27
28
  require 'netaddr'
@@ -102,6 +103,12 @@ def read_config(conf)
102
103
  @nsc_user = config["config"]["user"]
103
104
  @nsc_passwd = config["config"]["password"]
104
105
  @nsc_sites = config["sites"]
106
+ if config["config"].key?("ldapserver")
107
+ @ldapserver = config["config"]["ldapserver"]
108
+ @ldapport = config["config"]["ldapport"]
109
+ @binduser = config["config"]["binduser"]
110
+ @bindpassword = config["config"]["bindpassword"]
111
+ end
105
112
  end
106
113
 
107
114
  def scan_activity()
@@ -297,8 +304,9 @@ uputs("CLI", "Checking for the requested action")
297
304
  @action |= 8 if args.update
298
305
  @action |= 16 if args.delete
299
306
  @action |= 32 if args.run
307
+ @action |= 64 if args.sync
300
308
  uputs("ACTION", "The requested action value is: #{@action.to_s}")
301
- raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32].include?(@action)
309
+ raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32,64].include?(@action)
302
310
 
303
311
  uputs("TARGET", "Checking for the requested target")
304
312
  @target = 0
@@ -395,7 +403,15 @@ when 1 # TARGET USER
395
403
  user.authsrcid = args.authsrc
396
404
  user.password = nil
397
405
  end
398
- user.save(@nsc)
406
+
407
+ # Begin User save attempt
408
+ begin
409
+ user.save(@nsc)
410
+ rescue Nexpose::APIError => e
411
+ STDERR.puts "ERROR [ #{e.to_s} ]"
412
+ exit(-1)
413
+ end
414
+
399
415
  puts "The user: #{user.name} was created with id: #{user.id}"
400
416
  uputs("USER", "New user created: #{user.name} (id:#{user.id})")
401
417
  upp user
@@ -420,6 +436,95 @@ when 1 # TARGET USER
420
436
  when 16 # delete
421
437
  uputs("ACTION", 'delete USER action requested')
422
438
  puts 'Not yet implemented'
439
+ when 64 # sync
440
+ uputs("ACTION", 'sync USER action requested')
441
+ if File.file?(args.ldapconf)
442
+ ldapconf = YAML.load_file(args.ldapconf)
443
+ else
444
+ STDERR.puts "The ldap configuration file can not be found"
445
+ exit(-1)
446
+ end
447
+
448
+ if !@ldapserver
449
+ STDERR.puts "The ldapserver configuration parameter was not found in the config file"
450
+ exit(-1)
451
+ end
452
+ ldap_args = {}
453
+ ldap_args[:host] = @ldapserver
454
+ ldap_args[:port] = @ldapport
455
+ if @ldapport.eql? 636
456
+ ldap_args[:encryption] = :simple_tls
457
+ end
458
+
459
+ ldap_auth = {}
460
+ ldap_auth[:username] = @binduser
461
+ ldap_auth[:password] = @bindpassword
462
+ ldap_auth[:method] = :simple
463
+ ldap_args[:auth] = ldap_auth
464
+ ldap = Net::LDAP.new(ldap_args)
465
+
466
+ adbase = ldapconf["ldap"]["searchbase"]
467
+ adgroup = ldapconf["ldap"]["searchgroup"]
468
+ aduserbase = ldapconf["ldap"]["userbase"]
469
+
470
+ puts "Searching for members of [" + adgroup + "]"
471
+ puts "-- To add users to Nexpose Console: #{@nsc_server}"
472
+
473
+ if ldap.bind
474
+ # authentication succeeded
475
+ filter = Net::LDAP::Filter.eq("cn", "#{adgroup}")
476
+ attrs = 'member'
477
+ newusers = 0
478
+ failedusers = 0
479
+ ldap.search( :base => adbase, :filter => filter, :attributes => attrs ) do |entry|
480
+ puts "The AD Security Group or Exchange DL: [" + entry[:dn].first.match(/^CN\=([^,]+),/)[1] + "] has the following members:"
481
+ entry[:member].each do |value|
482
+ userCN = value.match(/CN\=([^,]+),/)[1]
483
+ filter2 = Net::LDAP::Filter.eq("cn", userCN)
484
+ attrs = ['name', 'sAMAccountName', 'userPrincipalName', 'objectCategory']
485
+ ldap.search( :base => aduserbase, :filter => filter2, :attributes => attrs ) do |user|
486
+ objectCN = user[:objectcategory].to_s.match(/CN\=([^,]+),/)[1]
487
+ # puts " --> " + objectCN
488
+ if objectCN.eql? "Person"
489
+ puts " --> Attempting to add: " + user[:samaccountname].first + " / " + userCN + " (#{user[:userprincipalname].first})"
490
+
491
+ user = Nexpose::User.new(user[:samaccountname].first,
492
+ userCN,
493
+ password=nil,
494
+ role_name = ldapconf["ldap"]["nxdefaultrole"],
495
+ id = -1,
496
+ enabled = 1,
497
+ email = user[:userprincipalname].first,
498
+ all_sites = false,
499
+ all_groups = false,
500
+ token = nil)
501
+ user.authsrcid = ldapconf["ldap"]["nscauthsrc"]
502
+
503
+ # Begin User save attempt
504
+ begin
505
+ user.save(@nsc)
506
+ rescue Nexpose::APIError => e
507
+ STDERR.puts "ERROR [ #{e.to_s} ]"
508
+ failedusers += 1
509
+ next
510
+ end
511
+
512
+ newusers += 1
513
+ puts "The user: #{user.name} was created with id: #{user.id}"
514
+ uputs("USER", "New user created: #{user.name} (id:#{user.id})")
515
+ upp user
516
+
517
+ else
518
+ puts " --> " + user[:samaccountname].first + " is a " + user[:objectcategory].first
519
+ end
520
+ end
521
+ end
522
+ end
523
+ else
524
+ # bind/authentication failed
525
+ STDERR.puts "ERROR: ldap/ad bind failed."
526
+ exit(-1)
527
+ end
423
528
  else
424
529
  uputs("ACTION", 'The action requested is not implemented for target')
425
530
  puts 'The action requested is not implemented for target'
@@ -37,6 +37,12 @@ module Nexposecli
37
37
  short : d
38
38
  desc : The delete action is used to delete a single object
39
39
 
40
+ - name : history
41
+ desc : The history action is used to retrieve the history of certain objects, such as reports and scans
42
+
43
+ - name : sync
44
+ desc : The sync action is used to retrieve and sync certain objects, such as ldap/ad users
45
+
40
46
  - name : run
41
47
  desc : The run action is only used to issue commands to the COMMAND object
42
48
 
@@ -209,6 +215,10 @@ module Nexposecli
209
215
  desc : The config yaml file containing the connection details of the Nexpose Console Server
210
216
  required : true
211
217
 
218
+ - name : ldapconf
219
+ desc : The ldap/ad config yaml file containing the search details
220
+ required : true
221
+
212
222
  - name : nsc_server
213
223
  desc : The ip or hostname of the Nexpose Console Server
214
224
  required : true
@@ -1,3 +1,3 @@
1
1
  module Nexposecli
2
- VERSION = "0.2.1"
2
+ VERSION = "0.2.2"
3
3
  end
data/nexposecli.gemspec CHANGED
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
20
20
  spec.required_ruby_version = '>= 2.1'
21
21
  spec.add_runtime_dependency "nexpose", '~> 4.0', '>= 4.0.4'
22
22
  spec.add_runtime_dependency "netaddr", '~> 1.5', '>= 1.5.1'
23
+ spec.add_runtime_dependency "net-ldap", '~> 0.14', '>= 0.14.0'
23
24
 
24
25
  spec.add_development_dependency "bundler", "~> 1.12"
25
26
  spec.add_development_dependency "rake", "~> 10.0"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexposecli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Gomez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-06-16 00:00:00.000000000 Z
12
+ date: 2016-06-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: nexpose
@@ -51,6 +51,26 @@ dependencies:
51
51
  - - ">="
52
52
  - !ruby/object:Gem::Version
53
53
  version: 1.5.1
54
+ - !ruby/object:Gem::Dependency
55
+ name: net-ldap
56
+ requirement: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '0.14'
61
+ - - ">="
62
+ - !ruby/object:Gem::Version
63
+ version: 0.14.0
64
+ type: :runtime
65
+ prerelease: false
66
+ version_requirements: !ruby/object:Gem::Requirement
67
+ requirements:
68
+ - - "~>"
69
+ - !ruby/object:Gem::Version
70
+ version: '0.14'
71
+ - - ">="
72
+ - !ruby/object:Gem::Version
73
+ version: 0.14.0
54
74
  - !ruby/object:Gem::Dependency
55
75
  name: bundler
56
76
  requirement: !ruby/object:Gem::Requirement
@@ -120,7 +140,6 @@ files:
120
140
  - lib/nexposecli/role.rb
121
141
  - lib/nexposecli/scan.rb
122
142
  - lib/nexposecli/version.rb
123
- - nexposecli-0.1.11.gem
124
143
  - nexposecli.gemspec
125
144
  - spec/nexposecli_spec.rb
126
145
  - spec/spec_helper.rb
Binary file