ruby-ncrack 0.1.0

data/lib/ncrack/xml.rb

@@ -0,0 +1,234 @@
+require 'ncrack/xml/service'
+
+require 'nokogiri'
+
+module Ncrack
+  #
+  # Represents an ncrack XML file or XML data.
+  #
+  # ## Examples
+  #
+  #     require 'ncrack/xml'
+  #     
+  #     Ncrack::XML.open('ncrack.xml') do |xml|
+  #       xml.each_service do |service|
+  #         puts "#{service.address} #{service.port.number}/#{service.port.name}:"
+  #     
+  #         service.each_credentials.each do |credentials|
+  #           puts "  #{credentials}"
+  #         end
+  #       end
+  #     end
+  #
+  class XML
+
+    # The parsed XML document.
+    #
+    # @return [Nokogiri::XML::Node]
+    #
+    # @api private
+    attr_reader :doc
+
+    # The path to the XML file.
+    #
+    # @return [String, nil]
+    attr_reader :path
+
+    #
+    # Creates a new XML object.
+    #
+    # @param [Nokogiri::XML] doc
+    #   The parsed XML document.
+    #
+    # @param [String, nil] path
+    #   The path to the XML file.
+    #
+    # @yield [xml]
+    #   If a block is given, it will be passed the newly created XML
+    #   parser.
+    #
+    # @yieldparam [XML] xml
+    #   The newly created XML parser.
+    #
+    # @api private
+    #
+    def initialize(doc, path: nil)
+      @doc  = doc
+      @path = File.expand_path(path) if path
+
+      yield self if block_given?
+    end
+
+    #
+    # Parses the given XML String.
+    #
+    # @param [String] xml
+    #   The XML String.
+    #
+    # @yield [xml]
+    #   If a block is given, it will be passed the newly created XML
+    #   parser.
+    #
+    # @yieldparam [XML] xml
+    #   The newly created XML parser.
+    #
+    # @return [XML]
+    #   The parsed XML.
+    #
+    # @api public
+    #
+    def self.parse(xml,&block)
+      new(Nokogiri::XML(xml),&block)
+    end
+
+    #
+    # Opens an parses an XML file.
+    #
+    # @param [String] path
+    #   The path to the XML file.
+    #
+    # @yield [xml]
+    #   If a block is given, it will be passed the newly created XML
+    #   parser.
+    #
+    # @yieldparam [XML] xml
+    #   The newly created XML parser.
+    #
+    # @return [XML]
+    #   The parsed XML.
+    #
+    # @api public
+    #
+    def self.open(path,&block)
+      path = File.expand_path(path)
+
+      new(Nokogiri::XML(File.open(path)), path: path, &block)
+    end
+
+    #
+    # The scanner that produced the XML (aka `ncrack`).
+    #
+    # @return [String]
+    #   The value of the `scanner` attribute.
+    #
+    def scanner
+      @scanner ||= @doc.root['scanner']
+    end
+
+    #
+    # Additional command-line arguments passed to `ncrack`.
+    #
+    # @return [String]
+    #   The value of the `args` attribute.
+    #
+    def args
+      @args ||= @doc.root['args']
+    end
+
+    #
+    # The start time.
+    #
+    # @return [Time]
+    #   The parsed value of the `start` attribute.
+    #
+    def start
+      @start ||= Time.at(@doc.root['start'].to_i)
+    end
+
+    #
+    # The version of `ncrack`.
+    #
+    # @return [String]
+    #   The value of the `version` attribute.
+    #
+    def version
+      @version ||= @doc.root['version']
+    end
+
+    #
+    # The version of the `ncrack` XML schema.
+    #
+    # @return [String]
+    #   The value of the `xmloutputversion` attribute.
+    #
+    def xml_output_version
+      @xml_output_version ||= @doc.root['xmloutputversion']
+    end
+
+    #
+    # The verbosity level.
+    #
+    # @return [Integer]
+    #   The parsed value of the `level` attribute of the  `verbose` child
+    #   element.
+    #
+    def verbose
+      @verbose ||= @doc.at_xpath('/ncrackrun/verbose')['level'].to_i
+    end
+
+    #
+    # The debugging level.
+    #
+    # @return [Integer]
+    #   The parsed value of the `level` attribute of the `debugging` child
+    #   element.
+    #
+    def debugging
+      @debugging ||= @doc.at_xpath('/ncrackrun/debugging')['level'].to_i
+    end
+
+    #
+    # Enumerates over every service.
+    #
+    # @yield [service]
+    #   If a block is given, it will be passed every service object.
+    #
+    # @yieldparam [Service] service
+    #   A service object.
+    #
+    # @return [Enumerator]
+    #   If no block is given, an Enumerator object will be returned.
+    #
+    def each_service
+      return enum_for(__method__) unless block_given?
+
+      @doc.root.xpath('/ncrackrun/service').each do |node|
+        yield Service.new(node)
+      end
+    end
+
+    #
+    # All service object.
+    #
+    # @return [Array<Service>]
+    #
+    def services
+      each_service.to_a
+    end
+
+    #
+    # The first service object.
+    #
+    # @return [Service, nik]
+    #
+    def service
+      each_service.first
+    end
+
+    #
+    # Converts the XML to a String.
+    #
+    # @return [String]
+    #   The path to the XML if {#path} is set, or the XML if the XML was parsed
+    #   from a String.
+    #
+    def to_s
+      if @path
+        @path
+      else
+        @doc.to_s
+      end
+    end
+
+  end
+end

data/lib/ncrack.rb

@@ -0,0 +1,2 @@
+require 'ncrack/command'
+require 'ncrack/version'

data/ruby-ncrack.gemspec

@@ -0,0 +1,58 @@
+require 'yaml'
+
+Gem::Specification.new do |gem|
+  gemspec = YAML.load_file('gemspec.yml')
+
+  gem.name    = gemspec.fetch('name')
+  gem.version = gemspec.fetch('version') do
+                  lib_dir = File.join(File.dirname(__FILE__),'lib')
+                  $LOAD_PATH << lib_dir unless $LOAD_PATH.include?(lib_dir)
+
+                  require File.join('ncrack','version')
+                  Ncrack::VERSION
+                end
+
+  gem.summary     = gemspec['summary']
+  gem.description = gemspec['description']
+  gem.licenses    = Array(gemspec['license'])
+  gem.authors     = Array(gemspec['authors'])
+  gem.email       = gemspec['email']
+  gem.homepage    = gemspec['homepage']
+  gem.metadata    = gemspec['metadata'] if gemspec['metadata']
+
+  glob = lambda { |patterns| gem.files & Dir[*patterns] }
+
+  gem.files = if gemspec['files'] then glob[gemspec['files']]
+              else                     `git ls-files`.split($/)
+              end
+
+  gem.executables = gemspec.fetch('executables') do
+    glob['bin/*'].map { |path| File.basename(path) }
+  end
+
+  gem.extensions       = glob[gemspec['extensions'] || 'ext/**/extconf.rb']
+  gem.extra_rdoc_files = glob[gemspec['extra_doc_files'] || '*.{txt,md}']
+
+  gem.require_paths = Array(gemspec.fetch('require_paths') {
+    %w[ext lib].select { |dir| File.directory?(dir) }
+  })
+
+  gem.requirements              = gemspec['requirements']
+  gem.required_ruby_version     = gemspec['required_ruby_version']
+  gem.required_rubygems_version = gemspec['required_rubygems_version']
+  gem.post_install_message      = gemspec['post_install_message']
+
+  split = lambda { |string| string.split(/,\s*/) }
+
+  if gemspec['dependencies']
+    gemspec['dependencies'].each do |name,versions|
+      gem.add_dependency(name,split[versions])
+    end
+  end
+
+  if gemspec['development_dependencies']
+    gemspec['development_dependencies'].each do |name,versions|
+      gem.add_development_dependency(name,split[versions])
+    end
+  end
+end

data/spec/fixtures/ncrack.xml

@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE ncrackrun>
+<!-- Ncrack 0.7 scan initiated Mon Nov 29 10:27:35 2021 as: ncrack -v -m HTTP -&#45;user alice,eve,bob,root,admin -&#45;pass foo,bar,test,password,swordfish,god,hunter -g path=/protected_content -oX ncrack.xml http://localhost:4567 -->
+<ncrackrun scanner="ncrack" args="ncrack -v -m HTTP -&#45;user alice,eve,bob,root,admin -&#45;pass foo,bar,test,password,swordfish,god,hunter -g path=/protected_content -oX ncrack.xml http://localhost:4567" start="1638210455" startstr="Mon Nov 29 10:27:35 2021" version="0.7" xmloutputversion="1.00">
+<verbose level="1"/>
+<debugging level="0"/>
+<service starttime="1638210455" endtime="1638210455">
+<address addr="127.0.0.1" addrtype="ipv4"/>
+<port protocol="tcp" portid="4567" name="http"></port>
+<credentials username="admin" password="swordfish"></credentials>
+<credentials username="bob" password="hunter"></credentials>
+</service>
+</ncrackrun>

data/spec/ncrack_spec.rb

@@ -0,0 +1,8 @@
+require 'spec_helper'
+require 'ncrack'
+
+describe Ncrack do
+  it "should have a VERSION constant" do
+    expect(subject.const_get('VERSION')).to_not be_empty
+  end
+end

data/spec/spec_helper.rb

@@ -0,0 +1,6 @@
+require 'rspec'
+require 'simplecov'
+SimpleCov.start
+
+require 'ncrack/version'
+include Ncrack

data/spec/xml/address_spec.rb

@@ -0,0 +1,73 @@
+require 'spec_helper'
+require 'ncrack/xml/address'
+require 'nokogiri'
+
+describe Ncrack::XML::Address do
+  let(:fixtures_dir) { File.expand_path(File.join(__dir__,'..','fixtures')) }
+  let(:path) { File.join(fixtures_dir,'ncrack.xml') }
+  let(:xml)  { File.read(path) }
+  let(:doc)  { Nokogiri::XML(File.open(path)) }
+  let(:node) { doc.at_xpath('/ncrackrun/service/address') }
+
+  subject { described_class.new(node) }
+
+  describe "#addr" do
+    subject { super().addr }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the 'addr' attribute" do
+      expect(subject).to eq(node['addr'])
+    end
+  end
+
+  describe "#type" do
+    it "must return the 'addrtype' attribute as a Symbol" do
+      expect(subject.type).to eq(node['addrtype'].to_sym)
+    end
+  end
+
+  describe "#ipv4?" do
+    context "when #type returns :ipv4" do
+      before { allow(subject).to receive(:type).and_return(:ipv4) }
+
+      it "must return true" do
+        expect(subject.ipv4?).to be(true)
+      end
+    end
+
+    context "when #type does not return :ipv4" do
+      before { allow(subject).to receive(:type).and_return(:ipv6) }
+
+      it "must return false" do
+        expect(subject.ipv4?).to be(false)
+      end
+    end
+  end
+
+  describe "#ipv6?" do
+    context "when #type returns :ipv6" do
+      before { allow(subject).to receive(:type).and_return(:ipv6) }
+
+      it "must return true" do
+        expect(subject.ipv6?).to be(true)
+      end
+    end
+
+    context "when #type does not return :ipv6" do
+      before { allow(subject).to receive(:type).and_return(:ipv4) }
+
+      it "must return false" do
+        expect(subject.ipv6?).to be(false)
+      end
+    end
+  end
+
+  describe "#to_s" do
+    it "must return #addr" do
+      expect(subject.to_s).to eq(subject.addr)
+    end
+  end
+end

data/spec/xml/credentials_spec.rb

@@ -0,0 +1,49 @@
+require 'spec_helper'
+require 'ncrack/xml/credentials'
+require 'nokogiri'
+
+describe Ncrack::XML::Credentials do
+  let(:fixtures_dir) { File.expand_path(File.join(__dir__,'..','fixtures')) }
+  let(:path) { File.join(fixtures_dir,'ncrack.xml') }
+  let(:xml)  { File.read(path) }
+  let(:doc)  { Nokogiri::XML(File.open(path)) }
+  let(:node) { doc.at_xpath('/ncrackrun/service/credentials') }
+
+  subject { described_class.new(node) }
+
+  describe "#username" do
+    subject { super().username }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the 'username' attribute" do
+      expect(subject).to eq(node['username'])
+    end
+  end
+
+  describe "#password" do
+    subject { super().password }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the 'password' attribute" do
+      expect(subject).to eq(node['password'])
+    end
+  end
+
+  describe "#to_s" do
+    it "must return the 'username:password'" do
+      expect(subject.to_s).to eq("#{subject.username}:#{subject.password}")
+    end
+  end
+
+  describe "#to_a" do
+    it "must return [username, password] tuple" do
+      expect(subject.to_a).to eq([subject.username, subject.password])
+    end
+  end
+end

data/spec/xml/port_spec.rb

@@ -0,0 +1,57 @@
+require 'spec_helper'
+require 'ncrack/xml/port'
+require 'nokogiri'
+
+describe Ncrack::XML::Port do
+  let(:fixtures_dir) { File.expand_path(File.join(__dir__,'..','fixtures')) }
+  let(:path) { File.join(fixtures_dir,'ncrack.xml') }
+  let(:xml)  { File.read(path) }
+  let(:doc)  { Nokogiri::XML(File.open(path)) }
+  let(:node) { doc.at_xpath('/ncrackrun/service/port') }
+
+  subject { described_class.new(node) }
+
+  describe "#protocol" do
+    subject { super().protocol }
+
+    it "must return the 'protocol' attribute as a Symbol" do
+      expect(subject).to eq(node['protocol'].to_sym)
+    end
+  end
+
+  describe "#number" do
+    subject { super().number }
+
+    it "must return the 'portid' attribute as an Integer" do
+      expect(subject).to eq(node['portid'].to_i)
+    end
+
+    it "must be > 0" do
+      expect(subject).to be > 0
+    end
+  end
+
+  describe "#name" do
+    subject { super().name }
+
+    it "must return a String" do
+      expect(subject).to be_kind_of(String)
+    end
+
+    it "must return the 'name' attribute" do
+      expect(subject).to eq(node['name'])
+    end
+  end
+
+  describe "#to_i" do
+    it "must return #number" do
+      expect(subject.to_i).to eq(subject.number)
+    end
+  end
+
+  describe "#to_s" do
+    it "must return the #name" do
+      expect(subject.to_s).to eq(subject.name)
+    end
+  end
+end

data/spec/xml/service_spec.rb

@@ -0,0 +1,86 @@
+require 'spec_helper'
+require 'ncrack/xml/service'
+require 'nokogiri'
+
+describe Ncrack::XML::Service do
+  let(:fixtures_dir) { File.expand_path(File.join(__dir__,'..','fixtures')) }
+  let(:path) { File.join(fixtures_dir,'ncrack.xml') }
+  let(:xml)  { File.read(path) }
+  let(:doc)  { Nokogiri::XML(File.open(path)) }
+  let(:node) { doc.at_xpath('/ncrackrun/service') }
+
+  subject { described_class.new(node) }
+
+  describe "#start_time" do
+    subject { super().start_time }
+
+    it "must return the 'starttime' attribute as a Time object" do
+      expect(subject).to eq(Time.at(node['starttime'].to_i))
+    end
+  end
+
+  describe "#end_time" do
+    subject { super().end_time }
+
+    it "must return the 'endtime' attribute as a Time object" do
+      expect(subject).to eq(Time.at(node['endtime'].to_i))
+    end
+  end
+
+  describe "#address" do
+    subject { super().address }
+
+    it "must return an Ncrack::XML::Address object" do
+      expect(subject).to be_kind_of(Ncrack::XML::Address)
+    end
+  end
+
+  describe "#port" do
+    subject { super().port }
+
+    it "must return an Ncrack::XML::Port object" do
+      expect(subject).to be_kind_of(Ncrack::XML::Port)
+    end
+  end
+
+  let(:credentials_count) { node.xpath('credentials').count }
+
+  describe "#each_credentials" do
+    context "when given a block" do
+      it "must yield each Nikto::XML::Credentials object" do
+        expect { |b|
+          subject.each_credentials(&b)
+        }.to yield_successive_args(*Array.new(credentials_count,Ncrack::XML::Credentials))
+      end
+    end
+
+    context "when no block is given" do
+      subject { super().each_credentials.to_a }
+
+      it "must return an Enumerator of Ncrack::XML::Credentials objects" do
+        expect(subject.length).to be(credentials_count)
+        expect(subject).to all(be_kind_of(Ncrack::XML::Credentials))
+      end
+    end
+  end
+
+  describe "#credentials" do
+    subject { super().credentials }
+
+    it "must return an Array of #{described_class}::Service" do
+      expect(subject).to be_kind_of(Array)
+      expect(subject.length).to be(credentials_count)
+      expect(subject).to all(be_kind_of(Ncrack::XML::Credentials))
+    end
+  end
+
+  describe "#credential" do
+    let(:first_credentials) { subject.credentials.first }
+    let(:credential)        { subject.credential }
+
+    it "must return the first #credentials" do
+      expect(credential.username).to eq(first_credentials.username)
+      expect(credential.password).to eq(first_credentials.password)
+    end
+  end
+end