nexty 0.20

data/.gitignore

@@ -0,0 +1,20 @@
+*.csv
+*.swp
+config.yaml
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/.rvmrc

@@ -0,0 +1 @@
+rvm use 1.9.3@nexty

data/Gemfile

@@ -0,0 +1,6 @@
+source 'https://rubygems.org'
+
+gem "nexpose"#, :git=>"git@github.com:thesp0nge/nexpose-client.git", :branch=>"devel"
+gem "rainbow"
+gem "rake"
+gem "rspec"

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2010-2012 Paolo Perego
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,29 @@
+# Nexty
+
+TODO: Write a gem description
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'nexty'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install nexty
+
+## Usage
+
+TODO: Write usage instructions here
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Added some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,8 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+require "rspec/core/rake_task"
+
+RSpec::Core::RakeTask.new
+
+task :default => :spec
+task :test => :spec

data/bin/nexty

@@ -0,0 +1,107 @@
+#!/usr/bin/env ruby
+
+class String
+  def starts_with?(pattern)
+    ! self.match(/^#{pattern}/).nil?
+  end
+end
+
+class Numeric
+  def duration
+    secs  = self.to_int
+    mins  = secs / 60
+    hours = mins / 60
+    days  = hours / 24
+
+    return "#{days} days and #{hours % 24} hours" if days > 0
+    return "#{hours} hours and #{mins % 60} minutes" if days == 0 and hours > 0
+    return "#{mins} minutes and #{secs % 60} seconds" if days == 0 and hours == 0 and mins > 0
+    return "#{secs} seconds" if days == 0 and hours == 0 and mins == 0
+  end
+end
+
+if RUBY_VERSION.split('.')[1] == "8"
+require 'rubygems'
+end
+
+require 'time'
+require 'rainbow'
+require 'nexpose'
+require 'nexty'
+require 'getoptlong'
+require 'csv'
+
+opts = GetoptLong.new(
+  [ '--report', '-r', GetoptLong::REQUIRED_ARGUMENT ],
+  [ '--host', '-H', GetoptLong::REQUIRED_ARGUMENT ], 
+  [ '--full-export', '-f', GetoptLong::REQUIRED_ARGUMENT ],
+  [ '--download', '-d', GetoptLong::REQUIRED_ARGUMENT ]
+)
+
+
+
+trap("INT") { puts '['+'INTERRUPTED'.color(:red)+']'; exit -1 }
+
+
+# templates = nsc.report_template_listing
+# 
+# templates.each do |template|
+#   p template[:template_id]
+# end
+
+conn = Nexty::Connector.new
+nsc = conn.nsc
+
+begin 
+  printf "Connecting to #{conn.config["config"]["host"]}:#{conn.config["config"]["port"]} - ".color(:white)
+  nsc.login
+rescue ::Nexpose::APIError => e
+  printf "failed\n".color(:red)
+  $stderr.puts("#{e.reason}")
+  exit(1)
+end
+printf "succeded\n".color(:green)
+
+
+opts.each do |opt, arg|
+  case opt
+
+  when '--download'
+
+    file_name = "export_#{Time.now.strftime("%Y%m%d%H%M%s")}.csv"
+    puts "Report saved: #{Nexty::Report.download(arg, file_name, nsc)}".color(:white)
+
+  when '--full-export'
+   
+    fn = Nexty::Report.generate_from_a_template(arg, nsc)
+    file_name = "export_#{Time.now.strftime("%Y%m%d%H%M%s")}.csv"
+    nsc.logout
+    begin 
+      printf "Connecting to #{conn.config["config"]["host"]}:#{conn.config["config"]["port"]} - ".color(:white)
+      nsc.login
+    rescue ::Nexpose::APIError => e
+      printf "failed\n".color(:red)
+      $stderr.puts("#{e.reason}")
+      exit(1)
+    end
+    printf "succeded\n".color(:green)
+
+    puts "Report saved: #{Nexty::Report.download(fn, file_name, nsc)}".color(:white)
+
+  when '--report'
+    fn = Nexty::Report.generate_from_a_list_of_sites(arg, nsc)
+    puts "Report saved: #{fn}".color(:white)
+
+  when '--host'
+
+    dev= Nexty::Device.find_by_address(nsc, arg)
+    if ! dev.nil? 
+      puts "#{dev.address} found @ site #{dev.site_id}. Risk score = #{dev.riskscore} * #{dev.riskfactor}".color(:green)
+    else
+      puts "#{arg} not found".color{:red}
+    end
+  end
+end
+
+
+nsc.logout

data/conf/config.yaml.sample

@@ -0,0 +1,6 @@
+config:
+  host: "127.0.0.1"
+  port: "3790"
+  user: "nxadmin"
+  pass: "nxadmin"
+

data/lib/nexty/config.rb

@@ -0,0 +1,19 @@
+require 'singleton'
+require 'yaml'
+
+module Nexty
+  class Config
+    include Singleton
+
+    def read(file)
+      if file.nil? or !File.exists?(file)
+        return {"config" => {"host"=>"127.0.0.1", "port"=>"3790", "user"=>"nxadmin", "pass"=>"nxadmin"}}
+      end
+      config = YAML.load_file(file)
+
+      return config
+    end
+
+
+  end
+end

data/lib/nexty/connector.rb

@@ -0,0 +1,14 @@
+require 'nexty/config'
+module Nexty
+  class Connector
+    
+    attr_reader :nsc, :config
+    def initialize(file="./conf/config.yaml")
+      @config = Nexty::Config.instance.read(file)
+      @nsc = Nexpose::Connection.new(@config["config"]["host"], 
+                                     @config["config"]["user"],
+                                     @config["config"]["pass"],
+                                     @config["config"]["port"])
+    end
+  end
+end

data/lib/nexty/device.rb

@@ -0,0 +1,29 @@
+module Nexty
+  class Device
+    def self.all(connection)
+      @devices = []
+
+      r = connection.execute('<SiteDeviceListingRequest session-id="' + connection.session_id + '"/>')
+      if (r.success)
+        r.res.elements.each('SiteDeviceListingResponse/SiteDevices') do |rr|
+          @sid = rr.attribute("site-id")
+          rr.elements.each('device') do |d|
+            @devices.push(Nexpose::Device.new(d.attributes['id'], @sid, d.attributes["address"], d.attributes["riskfactor"], d.attributes['riskscore']))
+          end
+        end
+			end
+      @devices
+    end
+
+    def self.find_by_address(connection, address)
+      devices = Nexty::Device.all(connection)
+      devices.each do |d|
+        if d.address == address
+          return d
+        end
+      end
+
+      return nil
+    end
+  end
+end

data/lib/nexty/report.rb

@@ -0,0 +1,77 @@
+module Nexty
+  class Report
+    
+    # def self.generate_from_ip_list(ip_list, nsc)
+    #   ips = Nexty::Sites.load_from_file(ip_list)
+
+    #   report = Nexpose::ReportAdHoc.new(nsc, 'SOX Vulns', 'csv')
+    #   ips.each do |ip|
+    #     report.addFilter('device',addFilter('device',  
+    #   end
+    # end
+
+
+    def self.download(url, filename, nsc)
+      return nil if url.nil? or url.empty?
+      uri = URI.parse(url)
+      http = Net::HTTP.new(uri.host, uri.port)
+      http.use_ssl = true
+      http.verify_mode = OpenSSL::SSL::VERIFY_NONE # XXX: security issue
+      headers = {'Cookie' => "nexposeCCSessionID=#{nsc.session_id}"}
+      resp = http.get(uri.path, headers)
+
+      file = File.open(filename, "w")
+      file.write(resp.body)
+      file.close
+
+      filename
+    end
+
+    def self.generate(nsc, list, options={:template=>'', :filename=> '', :format=>"csv", :scan_to_include=>1})
+
+      options[:filename] = "export_#{Time.now.strftime("%Y%m%d%H%M%s")}.csv" if options[:filename].nil? or options[:filename].empty?
+      report = Nexpose::ReportConfig.new(nsc)
+      report.set_name(options[:filename])
+      report.set_template_id(options[:template])
+      report.set_format(options[:format])
+
+      list.each do |item|
+        site_config = Nexpose::SiteConfig.new
+        site_config.getSiteConfig(nsc, item[:site_id])
+        scan_history = nsc.site_scan_history(item[:site_id])
+        scan_history.sort! { |a,b| b[:start_time] <=> a[:start_time]}
+        scan_history.take(options[:scan_to_include]).each do |scan|
+          report.addFilter('scan', scan[:scan_id])
+        end
+      end
+
+      report.saveReport
+
+      url = nil
+      while not url
+        url = nsc.report_last(report.config_id)
+        select(nil, nil, nil, 10)
+      end
+
+      full_url="https://#{nsc.host}:#{nsc.port}#{url}"
+
+      {:url=>full_url, :filename=>options[:filename]}
+    end
+
+    def self.generate_from_a_template(template_name, nsc)
+      sites=nsc.site_listing
+      result = Nexty::Report.generate(nsc, sites, {:template=>template_name, :filename=>nil, :format=>'csv', :scan_to_include=>1})
+      result[:url]
+    end
+
+    def self.generate_from_a_list_of_sites(site_list=nil, nsc)
+      sites=Nexty::Sites.load_from_file(site_list)
+      s = []
+      sites.each do |site|
+        s << nsc.find_site_by_name(site) 
+      end
+      result = Nexty::Report.generate(nsc, s, {:template=>"template-per-vulnerability-meeting", :format=>'csv', :filename=>nil, :scan_to_include=>4})
+      Nexty::Report.download(result[:url], result[:filename], nsc)
+    end
+  end
+end

data/lib/nexty/site.rb

@@ -0,0 +1,56 @@
+module Nexty
+  class Sites
+    # Public: load site names from a text file returning it in an array
+    #
+    # file - the filename
+    #
+    # Example
+    #   Nexty::Sites.load_from_file('./important_sites.txt')
+    #   # => ['www', 'mail', 'dns']
+    #
+    #   Nexty::Sites.load_from_file('./doesnt_exists_file.foo')
+    #   # => []
+    #
+    # Returns an Array containing the site names or an empty Array if the file
+    # doesn't exist.
+    def self.load_from_file(file)
+      if !File.exists?(file)
+        return []
+      end
+
+      ret = [] 
+      File.open(file).each_line{ |s|
+        ret << s.chomp
+      }
+      
+      ret 
+
+    end
+  end
+end
+
+module Nexpose
+  module NexposeAPI
+    include XMLUtils
+
+    def find_site_by_name(name)
+      r = execute(make_xml('SiteListingRequest', {}))
+      res = {}
+
+			if (r.success)
+				r.res.elements.each("//SiteSummary") do |site|
+          if (site.attributes['name'] == name) 
+            res = {
+              :site_id => site.attributes['id'].to_i,
+              :name => site.attributes['name'].to_s,
+              :risk_factor => site.attributes['riskfactor'].to_f,
+              :risk_score => site.attributes['riskscore'].to_f,
+            }
+          end
+				end
+			end
+      res
+    end
+  end
+end
+

data/lib/nexty/version.rb

@@ -0,0 +1,3 @@
+module Nexty
+  VERSION = "0.20"
+end

data/lib/nexty.rb

@@ -0,0 +1,5 @@
+require 'nexty/version'
+require 'nexty/connector'
+require 'nexty/site'
+require 'nexty/report'
+require 'nexty/device'

data/nexty.gemspec

@@ -0,0 +1,18 @@
+# -*- encoding: utf-8 -*-
+require File.expand_path('../lib/nexty/version', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.authors       = ["Paolo Perego"]
+  gem.email         = ["thesp0nge@gmail.com"]
+  gem.description   = %q{A command line interface to your Nexpose VA tool}
+  gem.summary       = %q{A command line interface to your Nexpose VA tool}
+  gem.homepage      = ""
+
+  gem.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  gem.files         = `git ls-files`.split("\n")
+  gem.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.name          = "nexty"
+  gem.require_paths = ["lib"]
+  gem.version       = Nexty::VERSION
+
+end

data/spec/data/sites.txt

@@ -0,0 +1,5 @@
+a
+b
+c
+d
+e

data/spec/nexty_site_spec.rb

@@ -0,0 +1,15 @@
+require 'spec_helper'
+
+describe "Site loading from file " do
+  it "should return an empty array if the file doesn't exist" do
+    a = Nexty::Sites.load_from_file('./spec/data/sites_non_existant.txt')
+    a.should be_empty
+    a.should_not be_nil
+  end
+
+  it "should return an array with site names" do
+    a = Nexty::Sites.load_from_file('./spec/data/sites.txt')
+    a.should_not be_empty
+    a.should include 'a'
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1 @@
+require 'nexty'

metadata

@@ -0,0 +1,71 @@
+--- !ruby/object:Gem::Specification
+name: nexty
+version: !ruby/object:Gem::Version
+  version: '0.20'
+  prerelease: 
+platform: ruby
+authors:
+- Paolo Perego
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-10-04 00:00:00.000000000 Z
+dependencies: []
+description: A command line interface to your Nexpose VA tool
+email:
+- thesp0nge@gmail.com
+executables:
+- nexty
+extensions: []
+extra_rdoc_files: []
+files:
+- .gitignore
+- .rvmrc
+- Gemfile
+- LICENSE.txt
+- README.md
+- Rakefile
+- bin/nexty
+- conf/config.yaml.sample
+- lib/nexty.rb
+- lib/nexty/config.rb
+- lib/nexty/connector.rb
+- lib/nexty/device.rb
+- lib/nexty/report.rb
+- lib/nexty/site.rb
+- lib/nexty/version.rb
+- nexty.gemspec
+- spec/data/sites.txt
+- spec/nexty_site_spec.rb
+- spec/spec_helper.rb
+homepage: ''
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
+      - 0
+      hash: -671521822909928412
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.24
+signing_key: 
+specification_version: 3
+summary: A command line interface to your Nexpose VA tool
+test_files:
+- spec/data/sites.txt
+- spec/nexty_site_spec.rb
+- spec/spec_helper.rb