nexposecli 0.2.1 → 0.2.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 55304881a72629484ab8661e51fa5f7add72f67a
4
- data.tar.gz: c3b6bda8e98491d93e0e8f68fca7336ff999af7b
3
+ metadata.gz: 32679195424a83f6b44efeca2e90d924d7c4fc87
4
+ data.tar.gz: 8dbe421c0b1e50ced40c6c2f9fbf15a64b9c8013
5
5
  SHA512:
6
- metadata.gz: 7ed6b2f14f1aa74ee8d49a5c1424b5a88d680c4145200ee590ca26e1e31c9c905d8b10268076f73a4b4759c25db43543d136e9214591b9b6ac694c319c40c0de
7
- data.tar.gz: 9dfecc38b96235615560ae57897ba19495910481a6db43c2aed4ed7453f1d5610b9fbcb825cea0a8e13e959014a2643f313cab65cf3913794daf476de908d803
6
+ metadata.gz: cc58cf7f660a44fff37f18522745a13927c6e1fad89254e5dafdbdc31129b6840cee42cd1338b3acef8cfe04999346f42db4cf704e5a95749afb593d8fab5257
7
+ data.tar.gz: 7c57f719981fce6ed6de548081bbf40c00adfdf779c5d91e485ef67fdb2513c9c61ddb180aefcc671b62dae0b5ce97f27639421eb958a75ba8688304d04d01ec
data/README.md CHANGED
@@ -59,10 +59,7 @@ where ./lab.yaml consists of the following:
59
59
 
60
60
  NOTE: Be sure to use your Nexpose Console's ip address and credentials
61
61
 
62
- TODO: Write more detailed usage instructions here
63
-
64
62
  Known Issues:
65
- * Currently expects a ./logs directory in working directory
66
63
  * A number of the target objects may not return anything to STDOUT without a -v
67
64
 
68
65
  ## Contributing
data/bin/nexposecli CHANGED
@@ -22,6 +22,7 @@ require 'rubygems'
22
22
  require 'nexpose'
23
23
  require 'nexposecli'
24
24
  require 'socket'
25
+ require 'net/ldap'
25
26
  require 'digest'
26
27
  require 'securerandom'
27
28
  require 'netaddr'
@@ -102,6 +103,12 @@ def read_config(conf)
102
103
  @nsc_user = config["config"]["user"]
103
104
  @nsc_passwd = config["config"]["password"]
104
105
  @nsc_sites = config["sites"]
106
+ if config["config"].key?("ldapserver")
107
+ @ldapserver = config["config"]["ldapserver"]
108
+ @ldapport = config["config"]["ldapport"]
109
+ @binduser = config["config"]["binduser"]
110
+ @bindpassword = config["config"]["bindpassword"]
111
+ end
105
112
  end
106
113
 
107
114
  def scan_activity()
@@ -297,8 +304,9 @@ uputs("CLI", "Checking for the requested action")
297
304
  @action |= 8 if args.update
298
305
  @action |= 16 if args.delete
299
306
  @action |= 32 if args.run
307
+ @action |= 64 if args.sync
300
308
  uputs("ACTION", "The requested action value is: #{@action.to_s}")
301
- raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32].include?(@action)
309
+ raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32,64].include?(@action)
302
310
 
303
311
  uputs("TARGET", "Checking for the requested target")
304
312
  @target = 0
@@ -395,7 +403,15 @@ when 1 # TARGET USER
395
403
  user.authsrcid = args.authsrc
396
404
  user.password = nil
397
405
  end
398
- user.save(@nsc)
406
+
407
+ # Begin User save attempt
408
+ begin
409
+ user.save(@nsc)
410
+ rescue Nexpose::APIError => e
411
+ STDERR.puts "ERROR [ #{e.to_s} ]"
412
+ exit(-1)
413
+ end
414
+
399
415
  puts "The user: #{user.name} was created with id: #{user.id}"
400
416
  uputs("USER", "New user created: #{user.name} (id:#{user.id})")
401
417
  upp user
@@ -420,6 +436,95 @@ when 1 # TARGET USER
420
436
  when 16 # delete
421
437
  uputs("ACTION", 'delete USER action requested')
422
438
  puts 'Not yet implemented'
439
+ when 64 # sync
440
+ uputs("ACTION", 'sync USER action requested')
441
+ if File.file?(args.ldapconf)
442
+ ldapconf = YAML.load_file(args.ldapconf)
443
+ else
444
+ STDERR.puts "The ldap configuration file can not be found"
445
+ exit(-1)
446
+ end
447
+
448
+ if !@ldapserver
449
+ STDERR.puts "The ldapserver configuration parameter was not found in the config file"
450
+ exit(-1)
451
+ end
452
+ ldap_args = {}
453
+ ldap_args[:host] = @ldapserver
454
+ ldap_args[:port] = @ldapport
455
+ if @ldapport.eql? 636
456
+ ldap_args[:encryption] = :simple_tls
457
+ end
458
+
459
+ ldap_auth = {}
460
+ ldap_auth[:username] = @binduser
461
+ ldap_auth[:password] = @bindpassword
462
+ ldap_auth[:method] = :simple
463
+ ldap_args[:auth] = ldap_auth
464
+ ldap = Net::LDAP.new(ldap_args)
465
+
466
+ adbase = ldapconf["ldap"]["searchbase"]
467
+ adgroup = ldapconf["ldap"]["searchgroup"]
468
+ aduserbase = ldapconf["ldap"]["userbase"]
469
+
470
+ puts "Searching for members of [" + adgroup + "]"
471
+ puts "-- To add users to Nexpose Console: #{@nsc_server}"
472
+
473
+ if ldap.bind
474
+ # authentication succeeded
475
+ filter = Net::LDAP::Filter.eq("cn", "#{adgroup}")
476
+ attrs = 'member'
477
+ newusers = 0
478
+ failedusers = 0
479
+ ldap.search( :base => adbase, :filter => filter, :attributes => attrs ) do |entry|
480
+ puts "The AD Security Group or Exchange DL: [" + entry[:dn].first.match(/^CN\=([^,]+),/)[1] + "] has the following members:"
481
+ entry[:member].each do |value|
482
+ userCN = value.match(/CN\=([^,]+),/)[1]
483
+ filter2 = Net::LDAP::Filter.eq("cn", userCN)
484
+ attrs = ['name', 'sAMAccountName', 'userPrincipalName', 'objectCategory']
485
+ ldap.search( :base => aduserbase, :filter => filter2, :attributes => attrs ) do |user|
486
+ objectCN = user[:objectcategory].to_s.match(/CN\=([^,]+),/)[1]
487
+ # puts " --> " + objectCN
488
+ if objectCN.eql? "Person"
489
+ puts " --> Attempting to add: " + user[:samaccountname].first + " / " + userCN + " (#{user[:userprincipalname].first})"
490
+
491
+ user = Nexpose::User.new(user[:samaccountname].first,
492
+ userCN,
493
+ password=nil,
494
+ role_name = ldapconf["ldap"]["nxdefaultrole"],
495
+ id = -1,
496
+ enabled = 1,
497
+ email = user[:userprincipalname].first,
498
+ all_sites = false,
499
+ all_groups = false,
500
+ token = nil)
501
+ user.authsrcid = ldapconf["ldap"]["nscauthsrc"]
502
+
503
+ # Begin User save attempt
504
+ begin
505
+ user.save(@nsc)
506
+ rescue Nexpose::APIError => e
507
+ STDERR.puts "ERROR [ #{e.to_s} ]"
508
+ failedusers += 1
509
+ next
510
+ end
511
+
512
+ newusers += 1
513
+ puts "The user: #{user.name} was created with id: #{user.id}"
514
+ uputs("USER", "New user created: #{user.name} (id:#{user.id})")
515
+ upp user
516
+
517
+ else
518
+ puts " --> " + user[:samaccountname].first + " is a " + user[:objectcategory].first
519
+ end
520
+ end
521
+ end
522
+ end
523
+ else
524
+ # bind/authentication failed
525
+ STDERR.puts "ERROR: ldap/ad bind failed."
526
+ exit(-1)
527
+ end
423
528
  else
424
529
  uputs("ACTION", 'The action requested is not implemented for target')
425
530
  puts 'The action requested is not implemented for target'
@@ -37,6 +37,12 @@ module Nexposecli
37
37
  short : d
38
38
  desc : The delete action is used to delete a single object
39
39
 
40
+ - name : history
41
+ desc : The history action is used to retrieve the history of certain objects, such as reports and scans
42
+
43
+ - name : sync
44
+ desc : The sync action is used to retrieve and sync certain objects, such as ldap/ad users
45
+
40
46
  - name : run
41
47
  desc : The run action is only used to issue commands to the COMMAND object
42
48
 
@@ -209,6 +215,10 @@ module Nexposecli
209
215
  desc : The config yaml file containing the connection details of the Nexpose Console Server
210
216
  required : true
211
217
 
218
+ - name : ldapconf
219
+ desc : The ldap/ad config yaml file containing the search details
220
+ required : true
221
+
212
222
  - name : nsc_server
213
223
  desc : The ip or hostname of the Nexpose Console Server
214
224
  required : true
@@ -1,3 +1,3 @@
1
1
  module Nexposecli
2
- VERSION = "0.2.1"
2
+ VERSION = "0.2.2"
3
3
  end
data/nexposecli.gemspec CHANGED
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
20
20
  spec.required_ruby_version = '>= 2.1'
21
21
  spec.add_runtime_dependency "nexpose", '~> 4.0', '>= 4.0.4'
22
22
  spec.add_runtime_dependency "netaddr", '~> 1.5', '>= 1.5.1'
23
+ spec.add_runtime_dependency "net-ldap", '~> 0.14', '>= 0.14.0'
23
24
 
24
25
  spec.add_development_dependency "bundler", "~> 1.12"
25
26
  spec.add_development_dependency "rake", "~> 10.0"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: nexposecli
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.2.1
4
+ version: 0.2.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Erik Gomez
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2016-06-16 00:00:00.000000000 Z
12
+ date: 2016-06-21 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: nexpose
@@ -51,6 +51,26 @@ dependencies:
51
51
  - - ">="
52
52
  - !ruby/object:Gem::Version
53
53
  version: 1.5.1
54
+ - !ruby/object:Gem::Dependency
55
+ name: net-ldap
56
+ requirement: !ruby/object:Gem::Requirement
57
+ requirements:
58
+ - - "~>"
59
+ - !ruby/object:Gem::Version
60
+ version: '0.14'
61
+ - - ">="
62
+ - !ruby/object:Gem::Version
63
+ version: 0.14.0
64
+ type: :runtime
65
+ prerelease: false
66
+ version_requirements: !ruby/object:Gem::Requirement
67
+ requirements:
68
+ - - "~>"
69
+ - !ruby/object:Gem::Version
70
+ version: '0.14'
71
+ - - ">="
72
+ - !ruby/object:Gem::Version
73
+ version: 0.14.0
54
74
  - !ruby/object:Gem::Dependency
55
75
  name: bundler
56
76
  requirement: !ruby/object:Gem::Requirement
@@ -120,7 +140,6 @@ files:
120
140
  - lib/nexposecli/role.rb
121
141
  - lib/nexposecli/scan.rb
122
142
  - lib/nexposecli/version.rb
123
- - nexposecli-0.1.11.gem
124
143
  - nexposecli.gemspec
125
144
  - spec/nexposecli_spec.rb
126
145
  - spec/spec_helper.rb
Binary file