nexposecli 0.2.1 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 55304881a72629484ab8661e51fa5f7add72f67a
-  data.tar.gz: c3b6bda8e98491d93e0e8f68fca7336ff999af7b
+  metadata.gz: 32679195424a83f6b44efeca2e90d924d7c4fc87
+  data.tar.gz: 8dbe421c0b1e50ced40c6c2f9fbf15a64b9c8013
 SHA512:
-  metadata.gz: 7ed6b2f14f1aa74ee8d49a5c1424b5a88d680c4145200ee590ca26e1e31c9c905d8b10268076f73a4b4759c25db43543d136e9214591b9b6ac694c319c40c0de
-  data.tar.gz: 9dfecc38b96235615560ae57897ba19495910481a6db43c2aed4ed7453f1d5610b9fbcb825cea0a8e13e959014a2643f313cab65cf3913794daf476de908d803
+  metadata.gz: cc58cf7f660a44fff37f18522745a13927c6e1fad89254e5dafdbdc31129b6840cee42cd1338b3acef8cfe04999346f42db4cf704e5a95749afb593d8fab5257
+  data.tar.gz: 7c57f719981fce6ed6de548081bbf40c00adfdf779c5d91e485ef67fdb2513c9c61ddb180aefcc671b62dae0b5ce97f27639421eb958a75ba8688304d04d01ec

data/README.md

@@ -59,10 +59,7 @@ where ./lab.yaml consists of the following:
 
 NOTE: Be sure to use your Nexpose Console's ip address and credentials
 
-TODO: Write more detailed usage instructions here
-
 Known Issues:
-* Currently expects a ./logs directory in working directory
 * A number of the target objects may not return anything to STDOUT without a -v
 
 ## Contributing

data/bin/nexposecli

@@ -22,6 +22,7 @@ require 'rubygems'
 require 'nexpose'
 require 'nexposecli'
 require 'socket'
+require 'net/ldap'
 require 'digest'
 require 'securerandom'
 require 'netaddr'
@@ -102,6 +103,12 @@ def read_config(conf)
   @nsc_user   = config["config"]["user"]
   @nsc_passwd   = config["config"]["password"]
   @nsc_sites = config["sites"]
+  if config["config"].key?("ldapserver")
+     @ldapserver = config["config"]["ldapserver"]
+     @ldapport = config["config"]["ldapport"]
+     @binduser = config["config"]["binduser"]
+     @bindpassword = config["config"]["bindpassword"]
+  end
 end
 
 def scan_activity()
@@ -297,8 +304,9 @@ uputs("CLI", "Checking for the requested action")
 @action |= 8 if args.update
 @action |= 16 if args.delete
 @action |= 32 if args.run
+@action |= 64 if args.sync
 uputs("ACTION", "The requested action value is: #{@action.to_s}")
-raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32].include?(@action)
+raise "You can only submit one action per task, see --help (action submitted: #{@action.to_s})" unless [1,2,4,8,16,32,64].include?(@action)
 
 uputs("TARGET", "Checking for the requested target")
 @target = 0
@@ -395,7 +403,15 @@ when 1   # TARGET USER
        user.authsrcid = args.authsrc
        user.password = nil
     end
-    user.save(@nsc)
+
+    # Begin User save attempt
+    begin
+       user.save(@nsc)
+    rescue Nexpose::APIError => e
+       STDERR.puts "ERROR [ #{e.to_s} ]"
+       exit(-1)
+    end
+
     puts "The user: #{user.name} was created with id: #{user.id}"
     uputs("USER", "New user created: #{user.name} (id:#{user.id})")
     upp user
@@ -420,6 +436,95 @@ when 1   # TARGET USER
   when 16  # delete
     uputs("ACTION", 'delete USER action requested')
     puts 'Not yet implemented'
+  when 64  # sync
+    uputs("ACTION", 'sync USER action requested')
+    if File.file?(args.ldapconf)
+       ldapconf = YAML.load_file(args.ldapconf)
+    else
+       STDERR.puts "The ldap configuration file can not be found"
+       exit(-1)
+    end
+
+    if !@ldapserver
+       STDERR.puts "The ldapserver configuration parameter was not found in the config file"
+       exit(-1)
+    end
+    ldap_args = {}
+    ldap_args[:host] = @ldapserver
+    ldap_args[:port] = @ldapport
+    if @ldapport.eql? 636
+       ldap_args[:encryption] = :simple_tls
+    end
+
+    ldap_auth = {}
+    ldap_auth[:username] = @binduser
+    ldap_auth[:password] = @bindpassword
+    ldap_auth[:method] = :simple
+    ldap_args[:auth] = ldap_auth
+    ldap = Net::LDAP.new(ldap_args)
+
+    adbase = ldapconf["ldap"]["searchbase"]
+    adgroup = ldapconf["ldap"]["searchgroup"]
+    aduserbase = ldapconf["ldap"]["userbase"]
+
+    puts "Searching for members of [" + adgroup + "]"
+    puts "-- To add users to Nexpose Console: #{@nsc_server}"
+
+    if ldap.bind
+       # authentication succeeded
+       filter = Net::LDAP::Filter.eq("cn", "#{adgroup}")
+       attrs  = 'member'
+       newusers = 0
+       failedusers = 0
+       ldap.search( :base => adbase, :filter => filter, :attributes => attrs ) do |entry|
+          puts "The AD Security Group or Exchange DL: [" + entry[:dn].first.match(/^CN\=([^,]+),/)[1] + "] has the following members:"
+            entry[:member].each do |value|
+              userCN = value.match(/CN\=([^,]+),/)[1]
+              filter2 = Net::LDAP::Filter.eq("cn", userCN)
+              attrs = ['name', 'sAMAccountName', 'userPrincipalName', 'objectCategory']
+              ldap.search( :base => aduserbase, :filter => filter2, :attributes => attrs ) do |user|
+                 objectCN = user[:objectcategory].to_s.match(/CN\=([^,]+),/)[1]
+                 # puts " --> " + objectCN
+                 if objectCN.eql? "Person"
+                    puts " --> Attempting to add: " + user[:samaccountname].first + " / " + userCN + " (#{user[:userprincipalname].first})"
+
+                    user = Nexpose::User.new(user[:samaccountname].first,
+                                             userCN,
+                                             password=nil,
+                                             role_name = ldapconf["ldap"]["nxdefaultrole"],
+                                             id = -1,
+                                             enabled = 1,
+                                             email = user[:userprincipalname].first,
+                                             all_sites = false,
+                                             all_groups = false,
+                                             token = nil)
+                    user.authsrcid = ldapconf["ldap"]["nscauthsrc"]
+
+                    # Begin User save attempt
+                    begin
+                       user.save(@nsc)
+                    rescue Nexpose::APIError => e
+                       STDERR.puts "ERROR [ #{e.to_s} ]"
+                       failedusers += 1
+                       next
+                    end
+
+                    newusers += 1
+                    puts "The user: #{user.name} was created with id: #{user.id}"
+                    uputs("USER", "New user created: #{user.name} (id:#{user.id})")
+                    upp user
+
+                 else
+                    puts " --> " + user[:samaccountname].first + " is a " + user[:objectcategory].first
+                 end
+              end
+            end
+        end
+    else
+       # bind/authentication failed
+       STDERR.puts "ERROR: ldap/ad bind failed."
+       exit(-1)
+    end
   else
     uputs("ACTION", 'The action requested is not implemented for target')
     puts 'The action requested is not implemented for target'

data/lib/nexposecli/args.rb

@@ -37,6 +37,12 @@ module Nexposecli
        short                 : d
        desc                  : The delete action is used to delete a single object
    
+     - name                  : history
+       desc                  : The history action is used to retrieve the history of certain objects, such as reports and scans
+   
+     - name                  : sync
+       desc                  : The sync action is used to retrieve and sync certain objects, such as ldap/ad users
+   
      - name                  : run
        desc                  : The run action is only used to issue commands to the COMMAND object
    
@@ -209,6 +215,10 @@ module Nexposecli
        desc                  : The config yaml file containing the connection details of the Nexpose Console Server
        required              : true
    
+     - name                  : ldapconf
+       desc                  : The ldap/ad config yaml file containing the search details
+       required              : true
+   
      - name                  : nsc_server
        desc                  : The ip or hostname of the Nexpose Console Server
        required              : true

data/lib/nexposecli/version.rb

@@ -1,3 +1,3 @@
 module Nexposecli
-  VERSION = "0.2.1"
+  VERSION = "0.2.2"
 end

data/nexposecli.gemspec

@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.required_ruby_version = '>= 2.1'
   spec.add_runtime_dependency "nexpose", '~> 4.0', '>= 4.0.4'
   spec.add_runtime_dependency "netaddr", '~> 1.5', '>= 1.5.1'
+  spec.add_runtime_dependency "net-ldap", '~> 0.14', '>= 0.14.0'
 
   spec.add_development_dependency "bundler", "~> 1.12"
   spec.add_development_dependency "rake", "~> 10.0"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: nexposecli
 version: !ruby/object:Gem::Version
-  version: 0.2.1
+  version: 0.2.2
 platform: ruby
 authors:
 - Erik Gomez
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-06-16 00:00:00.000000000 Z
+date: 2016-06-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nexpose
@@ -51,6 +51,26 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 1.5.1
+- !ruby/object:Gem::Dependency
+  name: net-ldap
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.14'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.14.0
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -120,7 +140,6 @@ files:
 - lib/nexposecli/role.rb
 - lib/nexposecli/scan.rb
 - lib/nexposecli/version.rb
-- nexposecli-0.1.11.gem
 - nexposecli.gemspec
 - spec/nexposecli_spec.rb
 - spec/spec_helper.rb