openvas-cli 0.1.0

data/lib/openvas-cli/oid_validator.rb

@@ -0,0 +1,10 @@
+require 'active_model'
+
+# Validates an OpenVAS OID
+# Used by: VasNVT
+class OIDValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    record.errors[attribute] << (options[:message] || "is not a valid UUID") unless
+      value =~ /\A[0-9\.]{1,80}\z/
+  end
+end

data/lib/openvas-cli/openvas-cli.rb

@@ -0,0 +1,273 @@
+require 'rubygems'
+require 'socket' 
+require 'timeout'
+require 'openssl'
+require 'base64'
+require 'nokogiri'
+require 'time'
+
+require 'vas_exceptions'
+
+
+# = OpenvasCli
+#
+# Provides connectivity to OpenVAS Management service.
+#
+# Author::    Reed Swenson (mailto:fleureed@gmail.com)
+# Copyright:: Copyright (c) 2010 eBankSystems, Inc.
+# License::   GPL v2.0
+class OpenvasCli
+  
+  # OpenVAS username.
+  # 
+  # Will be used for all requests.  
+  # 
+  # Defaults to: +admin+ 
+  def self.user
+    @@user ||= "admin"
+  end
+  
+  # See: user
+  def self.user=(val)
+    @@user = val
+  end
+  
+  # OpenVAS passowrd
+  #
+  # Defaults to: ""
+  def self.password
+    @@password ||= ""
+  end
+  
+  # See password
+  def self.password=(val)
+    @@password = val
+  end
+  
+  # Hostname or IP that hosts the OpenVAS Management service.
+  #
+  # Defaults to: +localhost+
+  def self.host
+    @@host ||= "localhost"
+  end
+
+  # See: host
+  def self.host=(val)
+    @@host = val
+  end
+
+  # Port on which the OpenVAS Management Service is listening.
+  #
+  # Defaults to: 9390  
+  def self.port
+    @@port ||= 9390
+  end
+
+  # See: port
+  def self.port=(val)
+    @@port = val
+  end
+
+  # Communications timeout in seconds.
+  #
+  # Defaults to: 5  
+  def self.time_out
+    @@time_out ||= 5
+  end
+
+  # See: time_out
+  def self.time_out=(val)
+    @@time_out = val
+  end
+
+  # Communications buffer size in bytes.
+  #
+  # Defaults to: 512  
+  def self.buffer_size
+    @@buffer_size ||= 512
+  end
+
+  # See: buffer_size
+  def self.buffer_size=(val)
+    @@buffer_size = val
+  end
+  
+  # By default, new will attempt to log into the OpenVAS management service.
+  # If this is set to +false+, the client will bypas the login when initialized.
+  # Before the client can send or receive any messages, login must be called.
+  #
+  # Defaults to: +true+
+  def self.auto_login
+    @@auto_login ||= true
+  end
+
+  # See: auto_login
+  def self.auto_login=(val)
+    @@auto_login = val
+  end
+  
+  # Log4r style Logger used by the client.
+  def self.logger
+    @@logger
+  end
+
+  # See: logger 
+  def self.logger=(val)
+    @@logger = val
+  end
+  
+  # Initializes the client, connectes to the OpenVas Managment service specified 
+  # by host & port, and unless auto_login is set to +false+, loggs in using 
+  # username and password.
+  def initialize()
+    connect
+    
+    if OpenvasCli.auto_login == true
+      login
+    end
+  end
+  
+  # Closes the active connection and sets it up for re-connection.
+  def close
+    @socket.close if @socket
+    @socket = nil
+  end
+  
+  # Logs into the OpenVAS Management service using the specified username and
+  # passoword.  By default, this method is called by new unless auto_login is 
+  # set to +false+.
+  def login
+    log_message("Logging in: :user => #{OpenvasCli.user}", :info)
+    areq = Nokogiri::XML::Builder.new { |xml|
+      xml.authenticate {
+        xml.credentials {
+          xml.username { xml.text(OpenvasCli.user) }
+          xml.password { xml.text(OpenvasCli.password) }
+        }
+      }
+    }
+    
+    send_receive(areq.doc)
+  end
+  
+  # Sends a message to the OpenVAS Management service and receives a response.
+  # If, for some reaon, the connection has been severed, it will re-establish 
+  # the connection and attempts to login again. 
+  # ---
+  # Parameters:
+  # [request] an Nokogiri::XML::Document or String to send to the management service.
+  # ---
+  # Returns:
+  # * A Nokogiri::XML::Document that contains the response from the management service.
+  # ---
+  # Exceptions:
+  # [VasExceptions::CommunicationException] When the transmission times out or encounters an unexpected end of file.
+  # [VasExceptions::CommandException] When the management service does not send back a 20* response status.
+  # ---
+  # Usage:
+  #     cli = OpenvasCli.new
+  #     req = Nokogiri::XML::Builder.new{ |xml|
+  #       xml.do_something
+  #     }
+  #     response = cli.send_receive(req.doc)
+  #     #parse the response and do something meaningful
+  def send_receive (request)
+    if request.kind_of? String
+      tosend = request
+    else
+      tosend = request.to_xml
+    end
+    
+    unless @socket && @socket.state !~ /closed/i
+      log_message("Socket closed, Reconnecting", :info)
+      connect
+      login
+    end
+    log_message("Sending: #{tosend}", :debug)
+
+    @socket.puts(tosend)
+
+    rbuf=''
+    size=0
+    begin  
+      begin
+      timeout(OpenvasCli.time_out) {
+          a = @socket.sysread(OpenvasCli.buffer_size)
+          size=a.length
+          rbuf << a
+      }
+      rescue Timeout::Error
+        size=0
+        msg = "Command Timed Out (#{$!})\nCommand: #{tosend}"
+        log.message msg, :error
+        raise VasExceptions::CommunicationException.new(msg)
+      rescue EOFError
+        msg = "EOFError(#{$!})\nReceived: #{rbuf}\nCommand: #{tosend}"
+        log_message msg, :error
+        raise VasExceptions::CommunicationException.new(msg)
+      end
+    end while size>=OpenvasCli.buffer_size
+    response= Nokogiri::XML(rbuf)
+    
+    log_message "RECEIVED: #{response.to_xml}", :debug
+    
+    unless extract_value_from("//@status", response) =~ /20\d/
+      msg = "Command Failed: #{extract_value_from("//@status_text", response)}\n" +
+            "Command: #{tosend}" 
+      log_message msg, :error
+      raise VasExceptions::CommandException.new(msg)
+    end
+    
+    response
+  end
+  
+private
+
+  def log_message(msg, level)
+    if OpenvasCli.logger
+      case level
+      when :debug
+        OpenvasCli.logger.debug msg
+      when :info
+        OpenvasCli.logger.info msg
+      when :warn
+        OpenvasCli.logger.warn msg
+      when :error
+        OpenvasCli.logger.error msg
+      when :fatal
+        OpenvasCli.logger.fatal msg
+      end
+    end
+  end
+
+  def extract_value_from(x_str, n)
+    ret = ""
+    if x_str =~ /@/
+      ret = n.at_xpath(x_str).value  if n.at_xpath(x_str)
+    else
+      tn =  n.at_xpath(x_str)
+      if tn
+        if tn.children.count > 0
+          tn.children.each { |tnc|
+            if tnc.text?
+              ret = tnc.text
+            end
+          }
+        else
+          ret = tn.text
+        end
+      end
+    end
+    
+    ret
+  end
+  
+  def connect
+    log_message("Connecting: :host => #{OpenvasCli.host}, :port => #{OpenvasCli.port}", :info)
+    plain_socket       = TCPSocket.open(OpenvasCli.host, OpenvasCli.port)
+    ssl_context        = OpenSSL::SSL::SSLContext.new
+    @socket            = OpenSSL::SSL::SSLSocket.new(plain_socket, ssl_context)
+    @socket.sync_close = true
+    @socket.connect
+  end
+end

data/lib/openvas-cli/uuid_validator.rb

@@ -0,0 +1,9 @@
+require 'active_model'
+
+# Validates a OpenVAS UUID
+class UUIDValidator < ActiveModel::EachValidator
+  def validate_each(record, attribute, value)
+    record.errors[attribute] << (options[:message] || "is not a valid UUID") unless
+      value =~ /\A[0-9abcdef\-]{1,40}\z/i
+  end
+end

data/lib/openvas-cli/vas_base.rb

@@ -0,0 +1,40 @@
+require 'active_model'
+Dir["#{File.dirname(__FILE__)}/*_validator.rb"].each {|f| require f}
+
+# Provides a base from which to build objects that utilize the OpenvasCli object.
+# Includes support for ActiveModel validations and a helper method (extract_value_from)
+# to assist in OpenVAS object implementations.
+class VasBase
+  include ActiveModel::Validations
+  
+  # OpenvasCli object to be used for communications.  Initializes a new instance
+  # if one does not already exist.
+  def self.client
+    @@client ||= OpenvasCli.new
+  end
+  
+  # Helper method to extract a value from a Nokogiri::XML::Node object.  If the
+  # xpath provided contains an @, then the method assumes that the value resides
+  # in an attribute, otherwise it pulls the text of the last +text+ node.
+  def self.extract_value_from(x_str, n)
+    ret = ""
+    if x_str =~ /@/
+      ret = n.at_xpath(x_str).value  if n.at_xpath(x_str)
+    else
+      tn =  n.at_xpath(x_str)
+      if tn
+        if tn.children.count > 0
+          tn.children.each { |tnc|
+            if tnc.text?
+              ret = tnc.text
+            end
+          }
+        else
+          ret = tn.text
+        end
+      end
+    end
+    
+    ret
+  end
+end

data/lib/openvas-cli/vas_exceptions.rb

@@ -0,0 +1,8 @@
+# Continer for all cusom exceptions used in openvas-cli.
+module VasExceptions
+  # Thrown when the OpenVAS management service rejects a command for some reason.
+  class CommandException < StandardError; end
+  # Thrown when some sort of communications error (like a timeout or unexpected
+  # end-of-file) is encountered.
+  class CommunicationException < StandardError; end
+end

data/lib/openvas-cli/vas_nvt.rb

@@ -0,0 +1,70 @@
+require 'vas_base'
+
+# Describes a NSIS/OpenVAS scan rule.
+#--
+# TODO: Filter by other useful fields
+# TODO: Find external links for more information
+# TODO: Redcloth and Autolink description
+# TODO: Implement sorting options[:sort_by]
+#++
+class VasNVT < VasBase
+  # Unique identifier for rule. 
+  attr_accessor :oid
+  # Human readable name of the rule.
+  attr_accessor :name
+  
+  attr_accessor :category
+  attr_accessor :copyright
+  attr_accessor :description
+  attr_accessor :summary 
+  attr_accessor :family
+  attr_accessor :version
+  attr_accessor :cvss_base
+  attr_accessor :risk_factor
+  attr_accessor :cve_id
+  attr_accessor :bugtraq_id
+  attr_accessor :xrefs
+  attr_accessor :tags
+  attr_accessor :preferences
+                
+  validates :oid, :presence => true, :OID => true
+  
+  # Pulls VasNVT rules that match the provided options.
+  #
+  # === Options:
+  # [:nvt_oid => [VasNVT.oid]] will pull only the NVT rule that matches the given OID
+  # [:family => [VasFamily.name]] will pull all NVT rules for the specified family
+  def self.get_all(options = {})
+    params = {:details => '1'}
+    params[:nvt_oid] = options[:oid] if options[:oid]
+    params[:family]  = options[:family] if options[:family]
+  
+    req = Nokogiri::XML::Builder.new { |xml|
+      xml.get_nvts(params)
+    }
+    
+    rules = client.send_receive(req.doc)
+    
+    ret = []
+    rules.xpath("//nvt").each { |nvt|
+      rule             = VasNVT.new
+      rule.oid         = extract_value_from("@oid", nvt)
+      rule.name        = extract_value_from("name", nvt)
+      rule.category    = extract_value_from("category", nvt)
+      rule.copyright   = extract_value_from("copyright", nvt)
+      rule.description = extract_value_from("description", nvt).strip
+      rule.summary     = extract_value_from("summary", nvt)
+      rule.family      = extract_value_from("family", nvt)
+      rule.version     = extract_value_from("version", nvt)
+      rule.cvss_base   = extract_value_from("cvss_base", nvt)
+      rule.risk_factor = extract_value_from("risk_factor", nvt)
+      rule.cve_id      = extract_value_from("cve_id", nvt)
+      rule.bugtraq_id  = extract_value_from("bugtraq_id", nvt)
+      rule.xrefs       = extract_value_from("xrefs", nvt).split(/, ?/)
+      rule.tags        = extract_value_from("tags", nvt).split(/, ?/)
+      ret << rule
+    }
+    
+    ret
+  end  
+end

data/lib/openvas-cli/vas_nvt_family.rb

@@ -0,0 +1,37 @@
+require 'vas_base'
+
+# Category for NVT rules
+class VasNVTFamily < VasBase
+  # Category Name
+  attr_accessor :name
+  # Number of rules in the family
+  attr_accessor :nvt_count
+  
+  validates :name, :presence => true, :length => {:minimum => 1}
+  
+  # Pulls all NVT Families defined on the server.
+  #
+  # === Options:
+  # None.
+  #--
+  # TODO: Implement options[:sort_by]
+  #++
+  def self.get_all(options = {})
+  
+    req = Nokogiri::XML::Builder.new { |xml|
+      xml.get_nvt_families
+    }
+    
+    fams = client.send_receive(req.doc)
+    
+    ret = []
+    fams.xpath('//family').each { |f|
+      family           = VasNVTFamily.new
+      family.name      = extract_value_from('name', f)
+      family.nvt_count = extract_value_from('max_nvt_count', f).to_i
+      ret << family
+    }
+    
+    ret
+  end
+end