nexposecli 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +0 -3
- data/bin/nexposecli +107 -2
- data/lib/nexposecli/args.rb +10 -0
- data/lib/nexposecli/version.rb +1 -1
- data/nexposecli.gemspec +1 -0
- metadata +22 -3
- data/nexposecli-0.1.11.gem +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 32679195424a83f6b44efeca2e90d924d7c4fc87
|
4
|
+
data.tar.gz: 8dbe421c0b1e50ced40c6c2f9fbf15a64b9c8013
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: cc58cf7f660a44fff37f18522745a13927c6e1fad89254e5dafdbdc31129b6840cee42cd1338b3acef8cfe04999346f42db4cf704e5a95749afb593d8fab5257
|
7
|
+
data.tar.gz: 7c57f719981fce6ed6de548081bbf40c00adfdf779c5d91e485ef67fdb2513c9c61ddb180aefcc671b62dae0b5ce97f27639421eb958a75ba8688304d04d01ec
|
data/README.md
CHANGED
@@ -59,10 +59,7 @@ where ./lab.yaml consists of the following:
|
|
59
59
|
|
60
60
|
NOTE: Be sure to use your Nexpose Console's ip address and credentials
|
61
61
|
|
62
|
-
TODO: Write more detailed usage instructions here
|
63
|
-
|
64
62
|
Known Issues:
|
65
|
-
* Currently expects a ./logs directory in working directory
|
66
63
|
* A number of the target objects may not return anything to STDOUT without a -v
|
67
64
|
|
68
65
|
## Contributing
|
data/bin/nexposecli
CHANGED
@@ -22,6 +22,7 @@ require 'rubygems'
|
|
22
22
|
require 'nexpose'
|
23
23
|
require 'nexposecli'
|
24
24
|
require 'socket'
|
25
|
+
require 'net/ldap'
|
25
26
|
require 'digest'
|
26
27
|
require 'securerandom'
|
27
28
|
require 'netaddr'
|
@@ -102,6 +103,12 @@ def read_config(conf)
|
|
102
103
|
@nsc_user = config["config"]["user"]
|
103
104
|
@nsc_passwd = config["config"]["password"]
|
104
105
|
@nsc_sites = config["sites"]
|
106
|
+
if config["config"].key?("ldapserver")
|
107
|
+
@ldapserver = config["config"]["ldapserver"]
|
108
|
+
@ldapport = config["config"]["ldapport"]
|
109
|
+
@binduser = config["config"]["binduser"]
|
110
|
+
@bindpassword = config["config"]["bindpassword"]
|
111
|
+
end
|
105
112
|
end
|
106
113
|
|
107
114
|
def scan_activity()
|
@@ -297,8 +304,9 @@ uputs("CLI", "Checking for the requested action")
|
|
297
304
|
@action |= 8 if args.update
|
298
305
|
@action |= 16 if args.delete
|
299
306
|
@action |= 32 if args.run
|
307
|
+
@action |= 64 if args.sync
|
300
308
|
uputs("ACTION", "The requested action value is: #{@action.to_s}")
|
301
|
-
raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32].include?(@action)
|
309
|
+
raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32,64].include?(@action)
|
302
310
|
|
303
311
|
uputs("TARGET", "Checking for the requested target")
|
304
312
|
@target = 0
|
@@ -395,7 +403,15 @@ when 1 # TARGET USER
|
|
395
403
|
user.authsrcid = args.authsrc
|
396
404
|
user.password = nil
|
397
405
|
end
|
398
|
-
|
406
|
+
|
407
|
+
# Begin User save attempt
|
408
|
+
begin
|
409
|
+
user.save(@nsc)
|
410
|
+
rescue Nexpose::APIError => e
|
411
|
+
STDERR.puts "ERROR [ #{e.to_s} ]"
|
412
|
+
exit(-1)
|
413
|
+
end
|
414
|
+
|
399
415
|
puts "The user: #{user.name} was created with id: #{user.id}"
|
400
416
|
uputs("USER", "New user created: #{user.name} (id:#{user.id})")
|
401
417
|
upp user
|
@@ -420,6 +436,95 @@ when 1 # TARGET USER
|
|
420
436
|
when 16 # delete
|
421
437
|
uputs("ACTION", 'delete USER action requested')
|
422
438
|
puts 'Not yet implemented'
|
439
|
+
when 64 # sync
|
440
|
+
uputs("ACTION", 'sync USER action requested')
|
441
|
+
if File.file?(args.ldapconf)
|
442
|
+
ldapconf = YAML.load_file(args.ldapconf)
|
443
|
+
else
|
444
|
+
STDERR.puts "The ldap configuration file can not be found"
|
445
|
+
exit(-1)
|
446
|
+
end
|
447
|
+
|
448
|
+
if !@ldapserver
|
449
|
+
STDERR.puts "The ldapserver configuration parameter was not found in the config file"
|
450
|
+
exit(-1)
|
451
|
+
end
|
452
|
+
ldap_args = {}
|
453
|
+
ldap_args[:host] = @ldapserver
|
454
|
+
ldap_args[:port] = @ldapport
|
455
|
+
if @ldapport.eql? 636
|
456
|
+
ldap_args[:encryption] = :simple_tls
|
457
|
+
end
|
458
|
+
|
459
|
+
ldap_auth = {}
|
460
|
+
ldap_auth[:username] = @binduser
|
461
|
+
ldap_auth[:password] = @bindpassword
|
462
|
+
ldap_auth[:method] = :simple
|
463
|
+
ldap_args[:auth] = ldap_auth
|
464
|
+
ldap = Net::LDAP.new(ldap_args)
|
465
|
+
|
466
|
+
adbase = ldapconf["ldap"]["searchbase"]
|
467
|
+
adgroup = ldapconf["ldap"]["searchgroup"]
|
468
|
+
aduserbase = ldapconf["ldap"]["userbase"]
|
469
|
+
|
470
|
+
puts "Searching for members of [" + adgroup + "]"
|
471
|
+
puts "-- To add users to Nexpose Console: #{@nsc_server}"
|
472
|
+
|
473
|
+
if ldap.bind
|
474
|
+
# authentication succeeded
|
475
|
+
filter = Net::LDAP::Filter.eq("cn", "#{adgroup}")
|
476
|
+
attrs = 'member'
|
477
|
+
newusers = 0
|
478
|
+
failedusers = 0
|
479
|
+
ldap.search( :base => adbase, :filter => filter, :attributes => attrs ) do |entry|
|
480
|
+
puts "The AD Security Group or Exchange DL: [" + entry[:dn].first.match(/^CN\=([^,]+),/)[1] + "] has the following members:"
|
481
|
+
entry[:member].each do |value|
|
482
|
+
userCN = value.match(/CN\=([^,]+),/)[1]
|
483
|
+
filter2 = Net::LDAP::Filter.eq("cn", userCN)
|
484
|
+
attrs = ['name', 'sAMAccountName', 'userPrincipalName', 'objectCategory']
|
485
|
+
ldap.search( :base => aduserbase, :filter => filter2, :attributes => attrs ) do |user|
|
486
|
+
objectCN = user[:objectcategory].to_s.match(/CN\=([^,]+),/)[1]
|
487
|
+
# puts " --> " + objectCN
|
488
|
+
if objectCN.eql? "Person"
|
489
|
+
puts " --> Attempting to add: " + user[:samaccountname].first + " / " + userCN + " (#{user[:userprincipalname].first})"
|
490
|
+
|
491
|
+
user = Nexpose::User.new(user[:samaccountname].first,
|
492
|
+
userCN,
|
493
|
+
password=nil,
|
494
|
+
role_name = ldapconf["ldap"]["nxdefaultrole"],
|
495
|
+
id = -1,
|
496
|
+
enabled = 1,
|
497
|
+
email = user[:userprincipalname].first,
|
498
|
+
all_sites = false,
|
499
|
+
all_groups = false,
|
500
|
+
token = nil)
|
501
|
+
user.authsrcid = ldapconf["ldap"]["nscauthsrc"]
|
502
|
+
|
503
|
+
# Begin User save attempt
|
504
|
+
begin
|
505
|
+
user.save(@nsc)
|
506
|
+
rescue Nexpose::APIError => e
|
507
|
+
STDERR.puts "ERROR [ #{e.to_s} ]"
|
508
|
+
failedusers += 1
|
509
|
+
next
|
510
|
+
end
|
511
|
+
|
512
|
+
newusers += 1
|
513
|
+
puts "The user: #{user.name} was created with id: #{user.id}"
|
514
|
+
uputs("USER", "New user created: #{user.name} (id:#{user.id})")
|
515
|
+
upp user
|
516
|
+
|
517
|
+
else
|
518
|
+
puts " --> " + user[:samaccountname].first + " is a " + user[:objectcategory].first
|
519
|
+
end
|
520
|
+
end
|
521
|
+
end
|
522
|
+
end
|
523
|
+
else
|
524
|
+
# bind/authentication failed
|
525
|
+
STDERR.puts "ERROR: ldap/ad bind failed."
|
526
|
+
exit(-1)
|
527
|
+
end
|
423
528
|
else
|
424
529
|
uputs("ACTION", 'The action requested is not implemented for target')
|
425
530
|
puts 'The action requested is not implemented for target'
|
data/lib/nexposecli/args.rb
CHANGED
@@ -37,6 +37,12 @@ module Nexposecli
|
|
37
37
|
short : d
|
38
38
|
desc : The delete action is used to delete a single object
|
39
39
|
|
40
|
+
- name : history
|
41
|
+
desc : The history action is used to retrieve the history of certain objects, such as reports and scans
|
42
|
+
|
43
|
+
- name : sync
|
44
|
+
desc : The sync action is used to retrieve and sync certain objects, such as ldap/ad users
|
45
|
+
|
40
46
|
- name : run
|
41
47
|
desc : The run action is only used to issue commands to the COMMAND object
|
42
48
|
|
@@ -209,6 +215,10 @@ module Nexposecli
|
|
209
215
|
desc : The config yaml file containing the connection details of the Nexpose Console Server
|
210
216
|
required : true
|
211
217
|
|
218
|
+
- name : ldapconf
|
219
|
+
desc : The ldap/ad config yaml file containing the search details
|
220
|
+
required : true
|
221
|
+
|
212
222
|
- name : nsc_server
|
213
223
|
desc : The ip or hostname of the Nexpose Console Server
|
214
224
|
required : true
|
data/lib/nexposecli/version.rb
CHANGED
data/nexposecli.gemspec
CHANGED
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
|
|
20
20
|
spec.required_ruby_version = '>= 2.1'
|
21
21
|
spec.add_runtime_dependency "nexpose", '~> 4.0', '>= 4.0.4'
|
22
22
|
spec.add_runtime_dependency "netaddr", '~> 1.5', '>= 1.5.1'
|
23
|
+
spec.add_runtime_dependency "net-ldap", '~> 0.14', '>= 0.14.0'
|
23
24
|
|
24
25
|
spec.add_development_dependency "bundler", "~> 1.12"
|
25
26
|
spec.add_development_dependency "rake", "~> 10.0"
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: nexposecli
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Erik Gomez
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2016-06-
|
12
|
+
date: 2016-06-21 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: nexpose
|
@@ -51,6 +51,26 @@ dependencies:
|
|
51
51
|
- - ">="
|
52
52
|
- !ruby/object:Gem::Version
|
53
53
|
version: 1.5.1
|
54
|
+
- !ruby/object:Gem::Dependency
|
55
|
+
name: net-ldap
|
56
|
+
requirement: !ruby/object:Gem::Requirement
|
57
|
+
requirements:
|
58
|
+
- - "~>"
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
version: '0.14'
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: 0.14.0
|
64
|
+
type: :runtime
|
65
|
+
prerelease: false
|
66
|
+
version_requirements: !ruby/object:Gem::Requirement
|
67
|
+
requirements:
|
68
|
+
- - "~>"
|
69
|
+
- !ruby/object:Gem::Version
|
70
|
+
version: '0.14'
|
71
|
+
- - ">="
|
72
|
+
- !ruby/object:Gem::Version
|
73
|
+
version: 0.14.0
|
54
74
|
- !ruby/object:Gem::Dependency
|
55
75
|
name: bundler
|
56
76
|
requirement: !ruby/object:Gem::Requirement
|
@@ -120,7 +140,6 @@ files:
|
|
120
140
|
- lib/nexposecli/role.rb
|
121
141
|
- lib/nexposecli/scan.rb
|
122
142
|
- lib/nexposecli/version.rb
|
123
|
-
- nexposecli-0.1.11.gem
|
124
143
|
- nexposecli.gemspec
|
125
144
|
- spec/nexposecli_spec.rb
|
126
145
|
- spec/spec_helper.rb
|
data/nexposecli-0.1.11.gem
DELETED
Binary file
|