nexposecli 0.2.6 → 0.2.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f49f4e83f9ef01ac87442809f173e63aa37674f9
-  data.tar.gz: fa29239804d715454231171e514cb173e444f277
+  metadata.gz: a07316475b55fdc50b6e3fa3ee0541a43e5f2d5f
+  data.tar.gz: 46bbc3f787e9cc57a48d2faac0f80ef60ed902a3
 SHA512:
-  metadata.gz: 19c6e2b1b6f7b503f0a9fbd80ea454856d9fd69ee4d5ad22439dacc6d822f0e939bb965ad82013be8437929e800c519fb4f4e162bcc847208b12ce24dfa2d3a8
-  data.tar.gz: bcfa934b537318685021efc9f07f82d4f64e0eed9bcccce87cbb90299de18a6934c29f9b6f8001115406a0ca248e06d018c72cdfe7c93488a8148f7b5b886d1c
+  metadata.gz: c806214d80328f916283d549b127b5a1002d4d7b9047a545a2bfc327050354b4ed80f3d8a79893825546e738cbc0c4fc046a93c16a9d2b529acb3880ddc9e37a
+  data.tar.gz: 6a384917b44f606e4267052ddd5fafebe44d46d0c7e827abac61bdef11542f8d57ec70d402ac0145e186ab1934a1b7444c294a094eb13ef6e3a76f794df6e840

data/bin/nexposecli

@@ -35,8 +35,11 @@ require 'pp'
 
 ##############################################################################
 # Set default var values
+$nxport = 3780
 $debug = false
+$format = 'default'
 $dryrun = false
+$multitenant = false
 uf_scanners = ''
 
 @logpath = "./"
@@ -287,11 +290,11 @@ if args.scanpath
 end
 
 $debug = TRUE if args.verbose
+$multitenant = TRUE if args.silo
 $dryrun = TRUE if args.dryrun
 uputs("CLI", "Command-line verbosity mode is #{$debug.to_s}")
 uputs("CLI", "Command-line dry run mode is #{$dryrun.to_s}")
 uputs("CLI", "Command-line args parsed for #{$0}")
-uputs("CLI", "Command-line args parsed for #{$0}")
 uputs("CLI", "Args: #{args.inspect}")
 
 # Needs to potentially move, based on TARGET help vs general usage
@@ -335,8 +338,9 @@ uputs("TARGET", "Checking for the requested target")
 @target |= 32768  if args.AUTHSRC
 @target |= 65536  if args.GROUP
 @target |= 131072  if args.SCHEDULE
+@target |= 262144  if args.SILO
 uputs("TARGET", "The requested target value is: #{@target.to_s}")
-raise "You can only submit one target per task, see --help (#{@target})" unless [1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072].include?(@target)
+raise "You can only submit one target per task, see --help (#{@target})" unless [1,2,4,8,16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072,262144].include?(@target)
 
 # Needs to potentially move into TARGET object or module instance var
 ## First NSC Connection and Session creation
@@ -360,7 +364,11 @@ end
 # Make the initial connection to the NSC server
 uputs("CONNECT", "Attempting connection to NSC: #{@nsc_server.to_s} with user: #{@nsc_user.to_s}")
 begin
-  @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+  if $multitenant
+     @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s, $nxport, args.silo.to_s)
+  else
+     @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+  end
 rescue SystemCallError => e
   # EJG add conditional api error handling...
   uputs("CONNECT", "An error occurred while attempting to connect to the specified server: #{e.to_s}")
@@ -565,6 +573,7 @@ when 2   # TARGET ENGINE
     puts 'Not yet implemented'
   when 2   # list
     uputs("ACTION", 'list ENGINE action requested')
+
     uf_scanners = @nsc.engines
     if uf_scanners.length > 0
       if args.action
@@ -584,6 +593,7 @@ when 2   # TARGET ENGINE
         end
       else
         uf_scanners.each do |scanner|
+          upp scanner
           puts("\t- status: #{scanner.status}\t id:#{scanner.id}\t name:'#{scanner.name}'\n")
         end
       end
@@ -594,6 +604,8 @@ when 2   # TARGET ENGINE
   when 4   # show
     uputs("ACTION", 'show ENGINE action requested')
     puts 'Not yet implemented'
+    engine = Nexpose::Engine.load(@nsc, args.id)
+    upp engine
   when 8   # update
     uputs("ACTION", 'update ENGINE action requested')
     puts 'Not yet implemented'
@@ -722,7 +734,11 @@ when 8   # TARGET SCAN
       # Make a connection and login to the NSC server
       uputs("CONNECT", "Attempting connection to NSC: #{@nsc_server.to_s} with user: #{@nsc_user.to_s}")
       begin
-        @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+        if $multitenant
+           @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s, $nxport, args.silo.to_s)
+        else
+           @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+        end
         @nsc.login
       rescue SystemCallError => e
         # EJG add conditional api error handling and consider wrapping coonect/login into a method...
@@ -808,7 +824,11 @@ when 8   # TARGET SCAN
         # Make a connection and login to the NSC server
         uputs("CONNECT", "Attempting connection to NSC: #{@nsc_server.to_s} with user: #{@nsc_user.to_s}")
         begin
-          @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+          if $multitenant
+             @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s, $nxport, args.silo.to_s)
+          else
+             @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+          end
           @nsc.login
         rescue SystemCallError => e
           # EJG add conditional api error handling and consider wrapping coonect/login into a method...
@@ -908,7 +928,11 @@ when 8   # TARGET SCAN
          # Make a connection and login to the NSC server
          uputs("CONNECT", "Attempting connection to NSC: #{@nsc_server.to_s} with user: #{@nsc_user.to_s}")
          begin
-           @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+           if $multitenant
+              @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s, $nxport, args.silo.to_s)
+           else
+              @nsc = Nexpose::Connection.new( @nsc_server.to_s, @nsc_user.to_s, @nsc_passwd.to_s)
+           end
            @nsc.login
          rescue SystemCallError => e
            # EJG add conditional api error handling and consider wrapping coonect/login into a method...
@@ -942,13 +966,13 @@ when 8   # TARGET SCAN
    when 2   # list
       uputs("SCAN", 'list SCAN action requested')
       # EJG
-      scans = @nsc.past_scans(args.id.to_i)
-      puts "Requested: nsc.past_scans(#{args.id}), but past scans length is: #{scans.length}"
-      puts "Past Scans:"
-      scans.each do |scan|
-         puts " -  " + '%-6.6s' % scan.id + " " + '%-15.15s' % scan.engine_name + " " + '%-30.30s' % scan.end_time + " " + '%-25.25s' % scan.status
-      end
-      exit(0)
+      # scans = @nsc.past_scans(args.id.to_i)
+      # puts "Requested: nsc.past_scans(#{args.id}), but past scans length is: #{scans.length}"
+      # puts "Past Scans:"
+      # scans.each do |scan|
+      #    puts " -  " + '%-6.6s' % scan.id + " " + '%-15.15s' % scan.engine_name + " " + '%-30.30s' % scan.end_time + " " + '%-25.25s' % scan.status
+      # end
+      # exit(0)
 
       # EJG
       scan_activity = scan_activity()
@@ -1035,7 +1059,27 @@ when 16  # TARGET SITE
    case @action
    when 1   # create
       uputs("ACTION", 'create SITE action requested')
-      puts 'Not yet implemented, and not likely to be implemented'
+      unless (
+        args.name != nil && args.range && args.template
+      )
+        raise 'Please supply the site name, ip range, and scan template id to define the site, see --help'
+      end
+      site = Nexpose::Site.new(args.name, args.template)
+
+      if args.range.split('-').size == 2
+         site.included_addresses << Nexpose::IPRange.new(args.range.split('-')[0], args.range.split('-')[1])
+      else
+         site.included_addresses << Nexpose::IPRange.new(args.range)
+      end
+
+      begin
+         site_created = site.save(@nsc)
+      rescue Nexpose::APIError => e
+         uputs("SITE", "An error occurred while attempting to save the Site: #{e.to_s}")
+         STDERR.puts "ERROR [ " + e.to_s + " ]"
+         exit(-1)
+      end
+      puts "Site was successfully created. The Site Id is: #{site_created}"
    when 2   # list
       uputs("ACTION", 'list SITE action requested')
       site_listing = @nsc.list_sites
@@ -1068,20 +1112,26 @@ when 16  # TARGET SITE
       site.excluded_scan_targets[:addresses].each do |iprange|
          puts("  IPRange from: #{iprange.from} - #{iprange.to}\n")
       end
-      puts("--active assets:")
-      assets = @nsc.list_site_devices(scan_site_id)
-      assets.each do |asset|
-         print("   Asset Id: #{asset.id}, IP Address: #{asset.address}, Risk Score: #{asset.risk_score} Hostnames: [")
-         asset_detail = Nexpose::Asset.load(@nsc, asset.id)
-         if asset_detail.host_names
-            asset_detail.host_names.each do |hostname|
-               print("#{hostname},")
-            end
+      
+      # If detail is requested, note this will return all assets
+      if args.action
+        case args.action
+        when "assets", "detail"
+           puts("--active assets:")
+           assets = @nsc.list_site_devices(scan_site_id)
+           assets.each do |asset|
+              print("   Asset Id: #{asset.id}, IP Address: #{asset.address}, Risk Score: #{asset.risk_score} Hostnames: [")
+              asset_detail = Nexpose::Asset.load(@nsc, asset.id)
+              if asset_detail.host_names
+                 asset_detail.host_names.each do |hostname|
+                    print("#{hostname},")
+                 end
+              end
+              print("] OS: #{asset_detail.os_cpe}\n")
+              upp(asset_detail)
          end
-         print("] OS: #{asset_detail.os_cpe}\n")
-         upp(asset_detail)
+       end
       end
-      # upp site
    when 8   # update
       uputs("ACTION", 'update SITE action requested')
       site = ""
@@ -1389,8 +1439,11 @@ when 64  # TARGET REPORT
       puts "---\n- Report Id: " + report_config.id.to_s + " \n"
       puts "---\n- The report can be found via:\n https://#{@nsc_server}:3780" + report_summary.uri.to_s + "\n"
 
-      # download("https://#{@nsc_server}:3780" + report_summary.uri.to_s, "./tmp/RemediationPlan-" + Time.now.strftime("%Y%m%d_%H%M%S") + ".pdf", nsc)
-      download("https://#{@nsc_server}:3780" + report_summary.uri.to_s, "./tmp/doc.pdf", @nsc)
+      report_filename = report_summary.uri.split('/').last
+      if (args.name != nil)
+         report_filename.sub! 'Document', "#{args.name}"
+      end
+      download("https://#{@nsc_server}:3780" + report_summary.uri.to_s, "./#{Time.now.strftime("%Y%m%d_%H%M%S_")}#{report_filename}", @nsc)
    end
 
    when 2   # list
@@ -1828,9 +1881,8 @@ when 4096 # TARGET TEMPLATE
       templates = @nsc.list_scan_templates
       templates.each do |template|
          scan_template = Nexpose::ScanTemplate.load(@nsc, "#{template.id}")
-         puts "Scan Template Id: #{scan_template.id}"
-         puts "Scan Template Name: #{scan_template.name}"
-         # upp scan_template
+         puts "Scan Template Id: #{scan_template.id} \tScan Template Name: #{scan_template.name}"
+         upp scan_template
       end
    when 128  # copy
       uputs("ACTION", 'copy TEMPLATE action requested')
@@ -1981,6 +2033,61 @@ when 65536  # TARGET GROUP
       uputs("ACTION", 'The action requested is not implemented for target')
       puts 'The action requested is not implemented for target'
    end
+when 262144  # TARGET SILO
+   case @action
+   when 1   # create
+      uputs("ACTION", 'create SILO action requested')
+      silo = Nexpose::Silo.new
+      silo.max_assets = args.maxassets
+      silo.max_users = args.maxusers
+      silo.name = args.name
+      silo.id = args.id
+      silo.profile_id = 'default'
+      silo_create = 'SILO NOT CREATED'
+
+      begin
+        silo_create = silo.create(@nsc)
+      rescue Nexpose::APIError => e
+        # EJG add conditional api error handling...
+        uputs("SILO", "An error occurred while attempting to create the silo: #{e.to_s}")
+        STDERR.puts "ERROR [ " + e.to_s + " ]"
+        exit(-1)
+      end
+      puts "Silo successfully created for silo id: #{silo_create}"
+      upp silo
+
+      # Add current user as GA to the new silo
+      user = Nexpose::MultiTenantUser.load(@nsc, @nsc.get_user_id(@nsc_user).id)
+      user.silo_access << Nexpose::SiloAccess.new do |access|
+        access.silo_id = silo_create
+        access.role_name = Nexpose::Role::GLOBAL_ADMINISTRATOR
+        access.default = false
+        access.all_sites = true
+        access.all_groups = true
+      end
+      begin
+         user.save(@nsc)
+      rescue Nexpose::APIError => e
+        # EJG add conditional api error handling...
+        uputs("SILO", "An error occurred while attempting to the user: #{e.to_s}")
+        STDERR.puts "ERROR [ " + e.to_s + " ]"
+        exit(-1)
+      end
+      puts "Successfully added user[#{@nsc_user}] to silo id: #{silo_create}"
+      upp user
+   when 2   # list
+      uputs("ACTION", 'list SILO action requested')
+      silos = @nsc.list_silos
+      hdr = '%-15s' % 'id' + ' ' + '%-15s' % 'profile id' + ' ' + '%10s' % 'max users' + ' ' + '%15s' % 'max assets' + ' name'
+      puts hdr
+      silos.each do |silo|
+         puts "#{silo.id.to_s.ljust(15)} #{silo.profile_id.ljust(15)} #{silo.max_users.rjust(10)} #{silo.max_assets.rjust(15)} #{silo.name}"
+         upp silo
+      end
+   else
+      uputs("ACTION", 'The action requested is not implemented for target')
+      puts 'The action requested is not implemented for target'
+   end
 else
    # there is no default target
    uputs("ACTION", 'No default action requested')

data/lib/nexposecli/args.rb

@@ -78,6 +78,9 @@ module Nexposecli
        short                 : T
        desc                  : The SITE target is used to alter or create the SITE object
    
+     - name                  : SILO
+       desc                  : The SILO target is used to alter or create the SILO object
+   
      - name                  : ASSET
        short                 : A
        desc                  : The ASSET target is used to alter or create the ASSET object
@@ -166,10 +169,26 @@ module Nexposecli
        desc                  : The object id being acted upon
        required              : true
    
+     - name                  : template
+       desc                  : The scan template id of the entity being acted upon
+       required              : true
+   
+     - name                  : silo
+       desc                  : The silo of the entity being acted upon
+       required              : true
+   
      - name                  : site
        desc                  : The site id of the object being acted upon
        required              : true
    
+     - name                  : maxusers
+       desc                  : The create silo maximum number of users
+       required              : true
+   
+     - name                  : maxassets
+       desc                  : The create silo maximum number of assets
+       required              : true
+   
      - name                  : range
        short                 : r
        desc                  : The comma separated (begin,end) range of ip addresses to be acted upon
@@ -184,6 +203,10 @@ module Nexposecli
        desc                  : Argument vector for the action, in the form key:value pairs
        required              : true
    
+     - name                  : output
+       desc                  : The desired format of the output, default, csv
+       required              : true
+   
      - name                  : filter
        short                 : f
        desc                  : Filters which are applied to the action, in the form key:value pairs

data/lib/nexposecli/version.rb

@@ -1,3 +1,3 @@
 module Nexposecli
-  VERSION = "0.2.6"
+  VERSION = "0.2.7"
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexposecli
 version: !ruby/object:Gem::Version
-  version: 0.2.6
+  version: 0.2.7
 platform: ruby
 authors:
 - Erik Gomez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-10 00:00:00.000000000 Z
+date: 2017-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nexpose