nexposecli 0.2.1 → 0.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +0 -3
- data/bin/nexposecli +107 -2
- data/lib/nexposecli/args.rb +10 -0
- data/lib/nexposecli/version.rb +1 -1
- data/nexposecli.gemspec +1 -0
- metadata +22 -3
- data/nexposecli-0.1.11.gem +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 32679195424a83f6b44efeca2e90d924d7c4fc87
|
4
|
+
data.tar.gz: 8dbe421c0b1e50ced40c6c2f9fbf15a64b9c8013
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cc58cf7f660a44fff37f18522745a13927c6e1fad89254e5dafdbdc31129b6840cee42cd1338b3acef8cfe04999346f42db4cf704e5a95749afb593d8fab5257
|
7
|
+
data.tar.gz: 7c57f719981fce6ed6de548081bbf40c00adfdf779c5d91e485ef67fdb2513c9c61ddb180aefcc671b62dae0b5ce97f27639421eb958a75ba8688304d04d01ec
|
data/README.md
CHANGED
@@ -59,10 +59,7 @@ where ./lab.yaml consists of the following:
|
|
59
59
|
|
60
60
|
NOTE: Be sure to use your Nexpose Console's ip address and credentials
|
61
61
|
|
62
|
-
TODO: Write more detailed usage instructions here
|
63
|
-
|
64
62
|
Known Issues:
|
65
|
-
* Currently expects a ./logs directory in working directory
|
66
63
|
* A number of the target objects may not return anything to STDOUT without a -v
|
67
64
|
|
68
65
|
## Contributing
|
data/bin/nexposecli
CHANGED
@@ -22,6 +22,7 @@ require 'rubygems'
|
|
22
22
|
require 'nexpose'
|
23
23
|
require 'nexposecli'
|
24
24
|
require 'socket'
|
25
|
+
require 'net/ldap'
|
25
26
|
require 'digest'
|
26
27
|
require 'securerandom'
|
27
28
|
require 'netaddr'
|
@@ -102,6 +103,12 @@ def read_config(conf)
|
|
102
103
|
@nsc_user = config["config"]["user"]
|
103
104
|
@nsc_passwd = config["config"]["password"]
|
104
105
|
@nsc_sites = config["sites"]
|
106
|
+
if config["config"].key?("ldapserver")
|
107
|
+
@ldapserver = config["config"]["ldapserver"]
|
108
|
+
@ldapport = config["config"]["ldapport"]
|
109
|
+
@binduser = config["config"]["binduser"]
|
110
|
+
@bindpassword = config["config"]["bindpassword"]
|
111
|
+
end
|
105
112
|
end
|
106
113
|
|
107
114
|
def scan_activity()
|
@@ -297,8 +304,9 @@ uputs("CLI", "Checking for the requested action")
|
|
297
304
|
@action |= 8 if args.update
|
298
305
|
@action |= 16 if args.delete
|
299
306
|
@action |= 32 if args.run
|
307
|
+
@action |= 64 if args.sync
|
300
308
|
uputs("ACTION", "The requested action value is: #{@action.to_s}")
|
301
|
-
raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32].include?(@action)
|
309
|
+
raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32,64].include?(@action)
|
302
310
|
|
303
311
|
uputs("TARGET", "Checking for the requested target")
|
304
312
|
@target = 0
|
@@ -395,7 +403,15 @@ when 1 # TARGET USER
|
|
395
403
|
user.authsrcid = args.authsrc
|
396
404
|
user.password = nil
|
397
405
|
end
|
398
|
-
|
406
|
+
|
407
|
+
# Begin User save attempt
|
408
|
+
begin
|
409
|
+
user.save(@nsc)
|
410
|
+
rescue Nexpose::APIError => e
|
411
|
+
STDERR.puts "ERROR [ #{e.to_s} ]"
|
412
|
+
exit(-1)
|
413
|
+
end
|
414
|
+
|
399
415
|
puts "The user: #{user.name} was created with id: #{user.id}"
|
400
416
|
uputs("USER", "New user created: #{user.name} (id:#{user.id})")
|
401
417
|
upp user
|
@@ -420,6 +436,95 @@ when 1 # TARGET USER
|
|
420
436
|
when 16 # delete
|
421
437
|
uputs("ACTION", 'delete USER action requested')
|
422
438
|
puts 'Not yet implemented'
|
439
|
+
when 64 # sync
|
440
|
+
uputs("ACTION", 'sync USER action requested')
|
441
|
+
if File.file?(args.ldapconf)
|
442
|
+
ldapconf = YAML.load_file(args.ldapconf)
|
443
|
+
else
|
444
|
+
STDERR.puts "The ldap configuration file can not be found"
|
445
|
+
exit(-1)
|
446
|
+
end
|
447
|
+
|
448
|
+
if !@ldapserver
|
449
|
+
STDERR.puts "The ldapserver configuration parameter was not found in the config file"
|
450
|
+
exit(-1)
|
451
|
+
end
|
452
|
+
ldap_args = {}
|
453
|
+
ldap_args[:host] = @ldapserver
|
454
|
+
ldap_args[:port] = @ldapport
|
455
|
+
if @ldapport.eql? 636
|
456
|
+
ldap_args[:encryption] = :simple_tls
|
457
|
+
end
|
458
|
+
|
459
|
+
ldap_auth = {}
|
460
|
+
ldap_auth[:username] = @binduser
|
461
|
+
ldap_auth[:password] = @bindpassword
|
462
|
+
ldap_auth[:method] = :simple
|
463
|
+
ldap_args[:auth] = ldap_auth
|
464
|
+
ldap = Net::LDAP.new(ldap_args)
|
465
|
+
|
466
|
+
adbase = ldapconf["ldap"]["searchbase"]
|
467
|
+
adgroup = ldapconf["ldap"]["searchgroup"]
|
468
|
+
aduserbase = ldapconf["ldap"]["userbase"]
|
469
|
+
|
470
|
+
puts "Searching for members of [" + adgroup + "]"
|
471
|
+
puts "-- To add users to Nexpose Console: #{@nsc_server}"
|
472
|
+
|
473
|
+
if ldap.bind
|
474
|
+
# authentication succeeded
|
475
|
+
filter = Net::LDAP::Filter.eq("cn", "#{adgroup}")
|
476
|
+
attrs = 'member'
|
477
|
+
newusers = 0
|
478
|
+
failedusers = 0
|
479
|
+
ldap.search( :base => adbase, :filter => filter, :attributes => attrs ) do |entry|
|
480
|
+
puts "The AD Security Group or Exchange DL: [" + entry[:dn].first.match(/^CN\=([^,]+),/)[1] + "] has the following members:"
|
481
|
+
entry[:member].each do |value|
|
482
|
+
userCN = value.match(/CN\=([^,]+),/)[1]
|
483
|
+
filter2 = Net::LDAP::Filter.eq("cn", userCN)
|
484
|
+
attrs = ['name', 'sAMAccountName', 'userPrincipalName', 'objectCategory']
|
485
|
+
ldap.search( :base => aduserbase, :filter => filter2, :attributes => attrs ) do |user|
|
486
|
+
objectCN = user[:objectcategory].to_s.match(/CN\=([^,]+),/)[1]
|
487
|
+
# puts " --> " + objectCN
|
488
|
+
if objectCN.eql? "Person"
|
489
|
+
puts " --> Attempting to add: " + user[:samaccountname].first + " / " + userCN + " (#{user[:userprincipalname].first})"
|
490
|
+
|
491
|
+
user = Nexpose::User.new(user[:samaccountname].first,
|
492
|
+
userCN,
|
493
|
+
password=nil,
|
494
|
+
role_name = ldapconf["ldap"]["nxdefaultrole"],
|
495
|
+
id = -1,
|
496
|
+
enabled = 1,
|
497
|
+
email = user[:userprincipalname].first,
|
498
|
+
all_sites = false,
|
499
|
+
all_groups = false,
|
500
|
+
token = nil)
|
501
|
+
user.authsrcid = ldapconf["ldap"]["nscauthsrc"]
|
502
|
+
|
503
|
+
# Begin User save attempt
|
504
|
+
begin
|
505
|
+
user.save(@nsc)
|
506
|
+
rescue Nexpose::APIError => e
|
507
|
+
STDERR.puts "ERROR [ #{e.to_s} ]"
|
508
|
+
failedusers += 1
|
509
|
+
next
|
510
|
+
end
|
511
|
+
|
512
|
+
newusers += 1
|
513
|
+
puts "The user: #{user.name} was created with id: #{user.id}"
|
514
|
+
uputs("USER", "New user created: #{user.name} (id:#{user.id})")
|
515
|
+
upp user
|
516
|
+
|
517
|
+
else
|
518
|
+
puts " --> " + user[:samaccountname].first + " is a " + user[:objectcategory].first
|
519
|
+
end
|
520
|
+
end
|
521
|
+
end
|
522
|
+
end
|
523
|
+
else
|
524
|
+
# bind/authentication failed
|
525
|
+
STDERR.puts "ERROR: ldap/ad bind failed."
|
526
|
+
exit(-1)
|
527
|
+
end
|
423
528
|
else
|
424
529
|
uputs("ACTION", 'The action requested is not implemented for target')
|
425
530
|
puts 'The action requested is not implemented for target'
|
data/lib/nexposecli/args.rb
CHANGED
@@ -37,6 +37,12 @@ module Nexposecli
|
|
37
37
|
short : d
|
38
38
|
desc : The delete action is used to delete a single object
|
39
39
|
|
40
|
+
- name : history
|
41
|
+
desc : The history action is used to retrieve the history of certain objects, such as reports and scans
|
42
|
+
|
43
|
+
- name : sync
|
44
|
+
desc : The sync action is used to retrieve and sync certain objects, such as ldap/ad users
|
45
|
+
|
40
46
|
- name : run
|
41
47
|
desc : The run action is only used to issue commands to the COMMAND object
|
42
48
|
|
@@ -209,6 +215,10 @@ module Nexposecli
|
|
209
215
|
desc : The config yaml file containing the connection details of the Nexpose Console Server
|
210
216
|
required : true
|
211
217
|
|
218
|
+
- name : ldapconf
|
219
|
+
desc : The ldap/ad config yaml file containing the search details
|
220
|
+
required : true
|
221
|
+
|
212
222
|
- name : nsc_server
|
213
223
|
desc : The ip or hostname of the Nexpose Console Server
|
214
224
|
required : true
|
data/lib/nexposecli/version.rb
CHANGED
data/nexposecli.gemspec
CHANGED
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.required_ruby_version = '>= 2.1'
|
21
21
|
spec.add_runtime_dependency "nexpose", '~> 4.0', '>= 4.0.4'
|
22
22
|
spec.add_runtime_dependency "netaddr", '~> 1.5', '>= 1.5.1'
|
23
|
+
spec.add_runtime_dependency "net-ldap", '~> 0.14', '>= 0.14.0'
|
23
24
|
|
24
25
|
spec.add_development_dependency "bundler", "~> 1.12"
|
25
26
|
spec.add_development_dependency "rake", "~> 10.0"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexposecli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Erik Gomez
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-06-
|
12
|
+
date: 2016-06-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: nexpose
|
@@ -51,6 +51,26 @@ dependencies:
|
|
51
51
|
- - ">="
|
52
52
|
- !ruby/object:Gem::Version
|
53
53
|
version: 1.5.1
|
54
|
+
- !ruby/object:Gem::Dependency
|
55
|
+
name: net-ldap
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0.14'
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: 0.14.0
|
64
|
+
type: :runtime
|
65
|
+
prerelease: false
|
66
|
+
version_requirements: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - "~>"
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0.14'
|
71
|
+
- - ">="
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
version: 0.14.0
|
54
74
|
- !ruby/object:Gem::Dependency
|
55
75
|
name: bundler
|
56
76
|
requirement: !ruby/object:Gem::Requirement
|
@@ -120,7 +140,6 @@ files:
|
|
120
140
|
- lib/nexposecli/role.rb
|
121
141
|
- lib/nexposecli/scan.rb
|
122
142
|
- lib/nexposecli/version.rb
|
123
|
-
- nexposecli-0.1.11.gem
|
124
143
|
- nexposecli.gemspec
|
125
144
|
- spec/nexposecli_spec.rb
|
126
145
|
- spec/spec_helper.rb
|
data/nexposecli-0.1.11.gem
DELETED
Binary file
|