ruby-ncrack 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 5d557db457c900d9035f4910a4a2cdbd99082839407ae849f8322ed2d0fcdca5
+  data.tar.gz: 9ddfdf7cb39a40693f1bb4a3ceb6b49ca34b7a07eec9f8991ac539e2e2670c33
+SHA512:
+  metadata.gz: 5d6e4b947e387c129d9acfc3cfc0aff17a243364adc554b4714b95a9e26e4a660a2663a8258a25879994729ae0aab3b381ae38944b5c477e57480acfa93474e1
+  data.tar.gz: 42c1d50c38ab660d6d6b5eb46994f824337571759f22abbbb51e9323720815746dd63590b4b6bf482338f3297a75f645cc96309eb2ffb83b3181abba8d92dfd5

data/.document

@@ -0,0 +1,3 @@
+- 
+ChangeLog.*
+LICENSE.txt

data/.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+tab_width = 8
+trim_trailing_whitespace = true
+
+[{Gemfile,Rakefile,*.rb,*.gemspec,*.yml}]
+indent_style = space
+indent_size = 2

data/.github/workflows/ruby.yml

@@ -0,0 +1,31 @@
+name: CI
+
+on: [ push, pull_request ]
+
+jobs:
+  tests:
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+          - 2.6
+          - 2.7
+          - 3.0
+          - jruby
+          - truffleruby
+    name: Ruby ${{ matrix.ruby }}
+    steps:
+      - uses: actions/checkout@v2
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+      - name: Install libxml2-dev and libxslt1-dev
+        run: |
+          sudo apt update -y && \
+          sudo apt install -y --no-install-recommends --no-install-suggests libxml2-dev libxslt1-dev
+      - name: Install dependencies
+        run: bundle install --jobs 4 --retry 3
+      - name: Run tests
+        run: bundle exec rake test

data/.gitignore

@@ -0,0 +1,9 @@
+/Gemfile.lock
+/doc
+/pkg
+.DS_Store
+.yardoc
+*.db
+*.log
+*.swp
+*~

data/.rspec

@@ -0,0 +1 @@
+--colour --format documentation

data/.yardopts

@@ -0,0 +1 @@
+--markup markdown --title "ruby-ncrack Documentation" --protected

data/ChangeLog.md

@@ -0,0 +1,10 @@
+### 0.1.0 / 2021-11-30
+
+* Initial release:
+  * Added {Ncrack::Command}.
+  * Added {Ncrack::XML}.
+  * Added {Ncrack::XML::Service}.
+  * Added {Ncrack::XML::Address}.
+  * Added {Ncrack::XML::Port}.
+  * Added {Ncrack::XML::Credentials}.
+

data/Gemfile

@@ -0,0 +1,16 @@
+source 'https://rubygems.org'
+
+gemspec
+
+# gem 'command_mapper', '~> 0.1.1', github: 'postmodern/command_mapper.rb'
+
+group :development do
+  gem 'rake'
+  gem 'rubygems-tasks', '~> 0.2'
+  gem 'rspec',          '~> 3.0'
+  gem 'simplecov',      '~> 0.7'
+
+  gem 'kramdown'
+  gem 'yard',           '~> 0.9'
+  gem 'yard-spellcheck', require: false
+end

data/LICENSE.txt

@@ -0,0 +1,20 @@
+Copyright (c) 2011-2021 Hal Brodigan
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.md

@@ -0,0 +1,84 @@
+# ruby-ncrack
+
+[![CI](https://github.com/postmodern/ruby-ncrack/actions/workflows/ruby.yml/badge.svg)](https://github.com/postmodern/ruby-ncrack/actions/workflows/ruby.yml)
+[![Gem Version](https://badge.fury.io/rb/ruby-ncrack.svg)](https://badge.fury.io/rb/ruby-ncrack)
+
+* [Source](http://github.com/postmodern/ruby-ncrack)
+* [Issues](http://github.com/postmodern/ruby-ncrack/issues)
+* [Documentation](http://rubydoc.info/gems/ruby-ncrack/frames)
+
+## Description
+
+A Ruby interface to [ncrack], Network authentication cracking tool.
+
+## Features
+
+* Provides a [Ruby interface][Ncrack::Command] for running the `ncrack` utility.
+* Provides a [parser][Ncrack::XML] for enumerating Ncrack XML output files.
+
+[Ncrack::Command]: https://rubydoc.info/gems/ruby-ncrack/Ncrack/Command
+[Ncrack::XML]: https://rubydoc.info/gems/ruby-ncrack/Ncrack/XML
+
+## Examples
+
+Running `ncrack` from Ruby:
+
+```ruby
+require 'ncrack/command'
+
+Ncrack::Command.run(targets: %w[10.0.0.130:21 192.168.1.2:22], output_xml: 'ncrack.xml')
+```
+
+Parsing `ncrack` XML files:
+
+```ruby
+require 'ncrack/xml'
+
+Ncrack::XML.open('ncrack.xml') do |xml|
+  xml.each_service do |service|
+    puts "#{service.address} #{service.port.number}/#{service.port.name}:"
+
+    service.each_credentials.each do |credentials|
+      puts "  #{credentials}"
+    end
+  end
+end
+```
+
+```
+127.0.0.1 4567/http:
+  admin:swordfish
+  bob:hunter
+```
+
+## Requirements
+
+* [ncrack] >= 0.7
+* [command_mapper](http://github.com/postmodern/command_mapper.rb#readme) ~> 0.1
+* [nokogiri](https://github.com/sparklemotion/nokogiri#readme) ~> 1.0
+
+## Install
+
+```shell
+$ gem install ruby-ncrack
+```
+
+### gemspec
+
+```ruby
+gemspec.add_dependency 'ruby-ncrack', '~> 0.1'
+```
+
+### Gemfile
+
+```ruby
+gem 'ruby-ncrack', '~> 0.1'
+```
+
+## Copyright
+
+Copyright (c) 2011-2021 Hal Brodigan
+
+See {file:LICENSE.txt} for details.
+
+[ncrack]: https://nmap.org/ncrack/

data/Rakefile

@@ -0,0 +1,12 @@
+require 'rake'
+require 'rubygems/tasks'
+Gem::Tasks.new
+
+require 'rspec/core/rake_task'
+RSpec::Core::RakeTask.new
+task :test    => :spec
+task :default => :spec
+
+require 'yard'
+YARD::Rake::YardocTask.new
+task :doc => :yard

data/gemspec.yml

@@ -0,0 +1,26 @@
+name: ruby-ncrack
+summary: A Ruby interface to Ncrack.
+description:
+  A Ruby interface to Ncrack, Network authentication cracking tool.
+
+license: MIT
+authors: Postmodern
+email: postmodern.mod3@gmail.com
+homepage: http://github.com/postmodern/ruby-ncrack#readme
+has_yard: true
+
+metadata:
+  documentation_uri: https://rubydoc.info/gems/ruby-ncrack
+  source_code_uri:   https://github.com/postmodern/ruby-ncrack
+  bug_tracker_uri:   https://github.com/postmodern/ruby-ncrack/issues
+  changelog_uri:     https://github.com/postmodern/ruby-ncrack/blob/master/ChangeLog.md
+  rubygems_mfa_required: 'true'
+
+requirements: "ncrack >= 0.7"
+
+dependencies:
+  command_mapper: ~> 0.1
+  nokogiri: ~> 1.0
+
+development_dependencies:
+  bundler: ~> 2.0

data/lib/ncrack/command.rb

@@ -0,0 +1,108 @@
+require 'command_mapper/command'
+
+module Ncrack
+  #
+  # Provides an interface for invoking the `ncrack` utility.
+  #
+  # ## Example
+  #
+  #     require 'ncrack'
+  #     
+  #     Ncrack::Command.run(targets: %w[10.0.0.130:21 192.168.1.2:22], output_xml: 'ncrack.xml')
+  #
+  # ## `ncrack` options:
+  #
+  # * `-iX` - `ncrack.input_xml`
+  # * `-iN` - `ncrack.input_normal`
+  # * `-iL` - `ncrack.input_list`
+  # * `--exclude` - `ncrack.exclude`
+  # * `--excludefile` - `ncrack.exclude_file`
+  # * `-p` - `ncrack.ports`
+  # * `-m` - `ncrack.service_options`
+  # * `-g` - `ncrack.global_options`
+  # * `-T` - `ncrack.timing`
+  # * `--connection-limit` - `ncrack.connection_limit`
+  # * `--stealth-linear` - `ncrack.stealth_linear`
+  # * `-U` - `ncrack.username_file`
+  # * `-P` - `ncrack.password_file`
+  # * `--user` - `ncrack.user`
+  # * `--pass` - `ncrack.pass`
+  # * `--passwords-first` - `ncrack.passwords_first`
+  # * `--pairwise` - `ncrack.pairwise`
+  # * `-oN` - `ncrack.output_normal`
+  # * `-oX` - `ncrack.output_xml`
+  # * `-oA` - `ncrack.output_all`
+  # * `-v` - `ncrack.verbose`
+  # * `-d` - `ncrack.debug`
+  # * `--nsock-trace` - `ncrack.nsock_trace`
+  # * `--log-errors` - `ncrack.log_errors`
+  # * `--append-output` - `ncrack.append_output`
+  # * `--resume` - `ncrack.resume`
+  # * `--save` - `ncrack.save`
+  # * `-f` - `ncrack.first`
+  # * `-6` - `ncrack.ipv4`
+  # * `-sL` - `ncrack.list`
+  # * `--datadir` - `ncrack.datadir`
+  # * `-V` - `ncrack.version`
+  # * `-h` - `ncrack.help`
+  #
+  class Command < CommandMapper::Command
+
+    command 'ncrack' do
+      # Target Specification
+      option '-iX', name: :input_xml, value: {type: InputFile.new}
+      option '-iN', name: :input_normal, value: {type: InputFile.new}
+      option '-iL', name: :input_list, value: {type: InputFile.new}
+      option '--exclude', value: {type: List.new}
+      option '--excludefile', name: :exclude_file, value: {type: InputFile.new}
+
+      # Service Specification
+      option '-p', name: :ports, value: {type: List.new}
+      option '-m', name: :service_options, value: {type: List.new}
+      option '-g', name: :global_options, value: {type: List.new}
+
+      # Timing and Performance 
+      option '-T', name: :timing, value: {type: Num.new}
+      option '--connection-limit', value: {type: Num.new}
+      option '--stealth-linear'
+
+      # Authentication
+      option '-U', name: :username_file, value: {type: InputFile.new}
+      option '-P', name: :password_file, value: {type: InputFile.new}
+      option '--user', value: {type: List.new}
+      option '--pass', value: {type: List.new}
+      option '--passwords-first'
+      option '--pairwise'
+
+      # Output
+      option '-oN', name: :output_normal, value: true
+      option '-oX', name: :output_xml, value: true
+      option '-oA', name: :output_all, value: true
+      option '-v', name: :verbose
+      option '-d', name: :debug
+      option '--nsock-trace', value: {type: Num.new}
+      option '--log-errors'
+      option '--append-output'
+
+      # Misc
+      option '--resume', value: {type: InputFile.new}
+      option '--save', value: true
+      option '-f', name: :first
+      option '-6', name: :ipv4
+      option '-sL', name: :list
+      option '--datadir', value: {type: InputDir.new}
+      option '-V', name: :version
+      option '-h', name: :help
+
+      argument :targets, repeats: true
+
+    end
+
+    alias usernames user
+    alias usernames= user=
+
+    alias passwords pass
+    alias passwords= pass=
+
+  end
+end

data/lib/ncrack/version.rb

@@ -0,0 +1,4 @@
+module Ncrack
+  # ruby-ncrack version
+  VERSION = "0.1.0"
+end

data/lib/ncrack/xml/address.rb

@@ -0,0 +1,79 @@
+module Ncrack
+  class XML
+    #
+    # Represents a `address` XML element.
+    #
+    class Address
+
+      #
+      # Initializes the address object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `address` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # The IP of the address.
+      #
+      # @return [String]
+      #   The value of the `addr` attribute.
+      #
+      def addr
+        @addr ||= @node['addr']
+      end
+
+      # Mapping of `addrtype` values to Symbols.
+      TYPES = {
+        'ipv4' => :ipv4,
+        'ipv6' => :ipv6
+      }
+
+      #
+      # The IP address type.
+      #
+      # @return [:ipv4, :ipv6, String]
+      #   The value of the `addrtype` attribute.
+      #
+      def type
+        @type ||= (
+          addrtype = @node['addrtype']
+          TYPES.fetch(addrtype,addrtype)
+        )
+      end
+
+      #
+      # Determines whether the address is IPv4 or IPv6.
+      #
+      # @return [Boolean]
+      #
+      def ipv4?
+        type == :ipv4
+      end
+
+      #
+      # Determines whether the address is IPv6 or IPv4.
+      #
+      # @return [Boolean]
+      #
+      def ipv6?
+        type == :ipv6
+      end
+
+      #
+      # Converts the address to a String.
+      #
+      # @return [String]
+      #   The IP of the address.
+      #
+      def to_s
+        addr.to_s
+      end
+
+    end
+  end
+end

data/lib/ncrack/xml/credentials.rb

@@ -0,0 +1,64 @@
+module Ncrack
+  class XML
+    #
+    # Represents a `credentials` XML element.
+    #
+    class Credentials
+
+      #
+      # Initializes the credentials object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `credentials` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # The successfully bruteforced username.
+      #
+      # @return [String]
+      #   The value of the `username` attribute.
+      #
+      def username
+        @username ||= @node['username']
+      end
+
+      alias user_name username
+
+      #
+      # The successfully bruteforced password.
+      #
+      # @return [String]
+      #   The value of the `password` attribute.
+      #
+      def password
+        @password ||= @node['password']
+      end
+
+      #
+      # Converts the credentials to a String.
+      #
+      # @return [String]
+      #   Returns a `"username:password"` String.
+      #
+      def to_s
+        "#{username}:#{password}"
+      end
+
+      #
+      # Converts the credentials to a String.
+      #
+      # @return [(String, String)]
+      #   Returns a tuple of the {#username} and {#password}.
+      #
+      def to_a
+        [username, password]
+      end
+
+    end
+  end
+end

data/lib/ncrack/xml/port.rb

@@ -0,0 +1,82 @@
+module Ncrack
+  class XML
+    #
+    # Represents a `port` XML element.
+    #
+    class Port
+
+      #
+      # Initializes the port object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `port` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      # Mapping of the `protocol` attribute values to Symbols.
+      PROTOCOLS = {
+        'tcp' => :tcp,
+        'udp' => :udp
+      }
+
+      #
+      # The protocol of the port.
+      #
+      # @return [:tcp, :udp, String]
+      #   The value of the `protocol` attribute.
+      #
+      def protocol
+        @protocl ||= (
+          protocol = @node['protocol']
+
+          PROTOCOLS.fetch(protocol,protocol)
+        )
+      end
+
+      #
+      # The port number.
+      #
+      # @return [Integer]
+      #   The parsed value of the `portid` attribute.
+      #
+      def number
+        @number ||= @node['portid'].to_i
+      end
+
+      #
+      # The name associated with the port.
+      #
+      # @return [String]
+      #   The value of the `name` attribute.
+      #
+      def name
+        @name ||= @node['name']
+      end
+
+      #
+      # Converts the port to an Integer.
+      #
+      # @return [Integer]
+      #   Returns the {#number}.
+      #
+      def to_i
+        number.to_i
+      end
+
+      #
+      # Converts the port to a String.
+      #
+      # @return [String]
+      #   Returns the {#name}.
+      #
+      def to_s
+        name.to_s
+      end
+
+    end
+  end
+end

data/lib/ncrack/xml/service.rb

@@ -0,0 +1,104 @@
+require 'ncrack/xml/address'
+require 'ncrack/xml/port'
+require 'ncrack/xml/credentials'
+
+module Ncrack
+  class XML
+    #
+    # Represents a `service` XML element.
+    #
+    class Service
+
+      #
+      # Initializes the service object.
+      #
+      # @param [Nokogiri::XML::Node] node
+      #   The XML node for the `service` XML element.
+      #
+      # @api private
+      #
+      def initialize(node)
+        @node = node
+      end
+
+      #
+      # When bruteforcing of the service begin.
+      #
+      # @return [Time]
+      #   The parsed value of the `starttime` attribute.
+      #
+      def start_time
+        @start_time ||= Time.at(@node['starttime'].to_i)
+      end
+
+      #
+      # When bruteforcing of the service stopped.
+      #
+      # @return [Time]
+      #   The parsed value of the `endtime` attribute.
+      #
+      def end_time
+        @end_time ||= Time.at(@node['endtime'].to_i)
+      end
+
+      #
+      # The address information of the service.
+      #
+      # @return [Address]
+      #   The `address` XML child element.
+      #
+      def address
+        @address ||= Address.new(@node.at_xpath('address'))
+      end
+
+      #
+      # The port information of the service.
+      #
+      # @return [Port]
+      #   The `port` XML child element.
+      #
+      def port
+        @port ||= Port.new(@node.at_xpath('port'))
+      end
+
+      #
+      # Enumerates over every bruteforced credential.
+      #
+      # @yield [credential]
+      #   If a block is given it will be passed each bruteforced credential.
+      #
+      # @yieldparam [Credential] credential
+      #   A bruteforced credential.
+      #
+      # @return [Enumerator]
+      #   If no block is given, an Enumerator will be returned.
+      #
+      def each_credentials
+        return enum_for(__method__) unless block_given?
+
+        @node.xpath('credentials').each do |node|
+          yield Credentials.new(node)
+        end
+      end
+
+      #
+      # The bruteforced credentials.
+      #
+      # @return [Array<Credential>]
+      #
+      def credentials
+        each_credentials.to_a
+      end
+
+      #
+      # The first bruteforced credential.
+      #
+      # @return [Credential, nil]
+      #
+      def credential
+        each_credentials.first
+      end
+
+    end
+  end
+end