RubyGems - ruby-nessus2 - Versions diffs - 2.0 - Mend

ruby-nessus2 2.0

Files changed (50) hide show

checksums.yaml +7 -0
data/.drone.yml +51 -0
data/.gitignore +5 -0
data/.rspec +1 -0
data/.rubocop.yml +4 -0
data/.rubocop_todo.yml +124 -0
data/.travis.yml +13 -0
data/.yardopts +1 -0
data/Gemfile +6 -0
data/Gemfile.lock +75 -0
data/LICENSE.txt +20 -0
data/README.md +181 -0
data/Rakefile +21 -0
data/bin/recess +10 -0
data/examples/example.rb +46 -0
data/examples/example_bid.rb +28 -0
data/examples/example_cpe.rb +28 -0
data/examples/example_cve.rb +36 -0
data/examples/example_v1.nessus +1 -0
data/examples/example_v2.nessus +2076 -0
data/examples/example_v3.nessus +7449 -0
data/lib/ruby-nessus.rb +5 -0
data/lib/ruby-nessus/cli.rb +126 -0
data/lib/ruby-nessus/log.rb +84 -0
data/lib/ruby-nessus/parse.rb +46 -0
data/lib/ruby-nessus/ruby-nessus.rb +6 -0
data/lib/ruby-nessus/version.rb +5 -0
data/lib/ruby-nessus/version1/event.rb +85 -0
data/lib/ruby-nessus/version1/host.rb +267 -0
data/lib/ruby-nessus/version1/port.rb +84 -0
data/lib/ruby-nessus/version1/scan.rb +404 -0
data/lib/ruby-nessus/version2/event.rb +410 -0
data/lib/ruby-nessus/version2/host.rb +522 -0
data/lib/ruby-nessus/version2/port.rb +75 -0
data/lib/ruby-nessus/version2/scan.rb +393 -0
data/ruby-nessus.gemspec +28 -0
data/spec/ruby-nessus/parse_spec.rb +40 -0
data/spec/ruby-nessus/version1/event_spec.rb +69 -0
data/spec/ruby-nessus/version1/host_spec.rb +75 -0
data/spec/ruby-nessus/version1/scan_spec.rb +97 -0
data/spec/ruby-nessus/version2/event_spec.rb +225 -0
data/spec/ruby-nessus/version2/host_spec.rb +148 -0
data/spec/ruby-nessus/version2/scan_spec.rb +96 -0
data/spec/ruby-nessus/version_spec.rb +11 -0
data/spec/spec_fixtures/example_v1.nessus +1 -0
data/spec/spec_fixtures/example_v2.nessus +2080 -0
data/spec/spec_fixtures/example_v_wrong.nessus +3 -0
data/spec/spec_fixtures/xml.rb +15 -0
data/spec/spec_helper.rb +7 -0
metadata +190 -0

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+# Ruby-Nessus Files
+require 'ruby-nessus/ruby-nessus'
+require 'ruby-nessus/version'

data/lib/ruby-nessus/cli.rb ADDED

@@ -0,0 +1,126 @@
+# frozen_string_literal: true
+require 'rubygems'
+require 'ruby-nessus/ruby-nessus'
+require 'ruby-nessus/log'
+require 'optparse'
+require 'pp'
+module RubyNessus
+  class CLI
+    def initialize
+      @file = nil
+      @nessus_version = nil
+      @args = []
+    end
+    def self.run
+      new.run(*ARGV)
+    end
+    def run(*args)
+      optparse(*args)
+      Log.it 'Recess - Ruby-Nessus CLI'
+      Log.it "Version: #{RubyNessus::VERSION}"
+      Log.it
+      RubyNessus::Parse.new(@file.to_s) do |scan|
+        Log.h1 'SCAN Metadata'
+        Log.it
+        Log.h2 'Scan Title', scan.title
+        Log.h2 'Policy Title', scan.policy_title
+        Log.it
+        Log.h1 'SCAN Statistics'
+        Log.it
+        Log.h2 'Host Count', scan.host_count
+        Log.h2 'Open Port Count', scan.open_ports_count
+        unless scan.version == 1
+          Log.h2 'TCP Count', scan.tcp_count
+          Log.h2 'UDP Count', scan.udp_count
+          Log.h2 'ICMP Count', scan.icmp_count
+        end
+        Log.it
+        Log.h1 'EVENT Statistics'
+        Log.it
+        Log.informational 'Informational Severity Count', scan.informational_severity_count unless scan.version == 1
+        Log.low 'Low Severity Count', scan.low_severity_count
+        Log.medium 'Medium Severity Count', scan.medium_severity_count
+        Log.high 'High Severity Count', scan.high_severity_count
+        Log.h3 'Total Event Count', scan.total_event_count
+        Log.break
+        Log.it! "Low Event Percentage: #{scan.event_percentage_for('low', true)}"
+        Log.it! "Medium Event Percentage: #{scan.event_percentage_for('medium', true)}"
+        Log.it! "High Event Percentage: #{scan.event_percentage_for('high', true)}"
+        Log.it
+        Log.h1 'HOSTS'
+        Log.it
+        scan.each_host do |host|
+          Log.h2 'Hostname', host.hostname
+          Log.h5 'IP Address:', host.ip
+          unless scan.version == 1
+            Log.h5 'Informational Count', host.informational_severity_count
+            Log.h5 'Low Count', host.low_severity_count
+            Log.h5 'Medium Count', host.medium_severity_count
+            Log.h5 'High Count', host.high_severity_count
+          end
+          Log.it
+        end
+        Log.end
+      end
+    end
+    protected
+    def optparse(*args)
+      opts = OptionParser.new
+      opts.program_name = 'recess'
+      opts.banner = "Recess #{RubyNessus::VERSION}"
+      opts.separator 'usage: recess FILE [OPTIONS]'
+      opts.on('-f', '--file FILE', 'The .nessus file to parse.') do |file|
+        @file = file
+      end
+      opts.on('-f', '--file FILE', 'The .nessus file to parse.') do |file|
+        @file = file
+      end
+      opts.on('-h', '--help', 'This help summary page.') do |_help|
+        Log.it opts
+        Log.it
+        exit(-1)
+      end
+      opts.on('-v', '--version', 'Recess Version.') do |_version|
+        Log.it RubyNessus::VERSION
+        Log.it
+        exit(-1)
+      end
+      begin
+        @args = opts.parse!(args)
+        @file ||= @args[0]
+        if @file.nil?
+          Log.it opts
+          Log.it
+          exit(-1)
+        end
+      rescue => e
+        Log.error e.message
+        Log.it opts
+        Log.it
+        exit(-1)
+      end
+    end
+  end
+end

data/lib/ruby-nessus/log.rb ADDED

@@ -0,0 +1,84 @@
+# frozen_string_literal: true
+require 'rainbow'
+module RubyNessus
+  class Log
+    #
+    # Formatting
+    #
+    def self.it(msg = nil)
+      STDERR.puts msg.to_s
+    end
+    def self.it!(msg = nil)
+      STDERR.puts "\t#{msg}"
+    end
+    def self.break
+      STDERR.puts "\t"
+      STDERR.puts ''
+    end
+    def self.end
+      STDERR.puts "\n\n"
+    end
+    #
+    # Headers
+    #
+    def self.h1(title, msg = nil)
+      STDERR.puts Rainbow("-> #{title}: ").foreground(:green).bright + msg.to_s
+    end
+    def self.h2(title, msg = nil)
+      STDERR.puts Rainbow("\t#{title}: ").foreground(:blue).bright + msg.to_s
+    end
+    def self.h3(title, msg = nil)
+      STDERR.puts "\t#{title}: " + Rainbow(msg.to_s).foreground(:blue).underline
+    end
+    def self.h4(msg = nil)
+      STDERR.puts "\t\t- #{msg}"
+    end
+    def self.h5(title, msg = nil)
+      STDERR.puts "\t\t- #{title}: #{msg}"
+    end
+    #
+    # Errors
+    #
+    def self.error(msg = nil)
+      STDERR.puts Rainbow('ERROR: ').foreground(:red).bright + msg.to_s
+    end
+    def self.warn(msg = nil)
+      STDERR.puts Rainbow('WARNING: ').foreground(:yellow).bright + msg.to_s
+    end
+    def self.info(msg = nil)
+      STDERR.puts Rainbow('INFO: ').foreground(:green).bright + msg.to_s
+    end
+    #
+    # Event Severities
+    #
+    def self.informational(title, msg = nil)
+      STDERR.puts Rainbow("\t#{title}: ").foreground(:magenta).bright + msg.to_s
+    end
+    def self.low(title, msg = nil)
+      STDERR.puts Rainbow("\t#{title}: ").foreground(:green) + msg.to_s
+    end
+    def self.medium(title, msg = nil)
+      STDERR.puts Rainbow("\t#{title}: ").foreground(:yellow).bright + msg.to_s
+    end
+    def self.high(title, msg = nil)
+      STDERR.puts Rainbow("\t#{title}: ").foreground(:red).bright + msg.to_s
+    end
+  end
+end

data/lib/ruby-nessus/parse.rb ADDED

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+require 'ruby-nessus/log'
+require 'ruby-nessus/version1/scan'
+require 'ruby-nessus/version2/scan'
+require 'nokogiri'
+require 'date'
+require 'time'
+module RubyNessus
+  class Parse
+    def initialize(file = nil, options = {}, &block)
+      doc = file ? File.read(file) : options[:xml]
+      @xml = Nokogiri::XML.parse(doc)
+      @version = options[:version] || detect_version
+      @xml_parser = case @version
+                    when 1
+                      Version1::XML.new(@xml)
+                    when 2
+                      Version2::XML.new(@xml)
+                    else
+                      raise 'Error: Supported .Nessus Version are 1 and 2.'
+                    end
+      yield(@xml_parser) if block
+    end
+    # Retrive scan from file
+    def scan
+      @xml_parser
+    end
+    # Try to detection version with the XML given
+    def detect_version
+      if @xml.at('NessusClientData')
+        1
+      elsif @xml.at('NessusClientData_v2')
+        2
+      else
+        raise 'Error: Supported .Nessus Version are 1 and 2.'
+      end
+    end
+  end
+end

data/lib/ruby-nessus/ruby-nessus.rb ADDED

@@ -0,0 +1,6 @@
+# frozen_string_literal: true
+require 'ruby-nessus/parse'
+module RubyNessus
+end

data/lib/ruby-nessus/version.rb ADDED

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+module RubyNessus
+  VERSION = '2.0.0'
+end

data/lib/ruby-nessus/version1/event.rb ADDED

@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+require 'ruby-nessus/version1/port'
+module RubyNessus
+  module Version1
+    class Event
+      # Return the total event count for a given host.
+      # @return [Integer]
+      #   Return the total event count for a given host.
+      # @example
+      #   host.event_count #=> 3456
+      def initialize(event)
+        @event = event
+      end
+      # Return the event port.
+      # @return [Object]
+      #    Return the event port object or port string.
+      # @example
+      #   event.port            #=> "https (443/tcp)"
+      #   event.port.number     #=> 443
+      #   event.port.service    #=> "https"
+      #   event.port.protocol   #=> "tcp"
+      def port
+        @port ||= Port.parse(@event.at('port').inner_text)
+      end
+      # Return the event severity.
+      # @return [String]
+      #    Return the event severity.
+      # @example
+      #   event.severity          #=> 3
+      def severity
+        @severity ||= @event.at('severity').inner_text.to_i
+      end
+      # Return the event object nessus plugin id
+      # @return [String]
+      #    Return the event object nessus plugin id
+      # @example
+      #   event.plugin_id #=> 3245
+      def plugin_id
+        @plugin_id ||= @event.at('pluginID').inner_text.to_i
+      end
+      # Return the event name (plugin_name)
+      # @return [String]
+      #    Return the event name (plugin_name)
+      # @example
+      #   event.plugin_name   #=> "PHP < 5.2.4 Multiple Vulnerabilities"
+      #   event.name          #=> "PHP < 5.2.4 Multiple Vulnerabilities"
+      def plugin_name
+        s = @event.at('pluginName').inner_text
+        @plugin_name ||= if s.empty?
+                           false
+                         else
+                           @event.at('pluginName').inner_text || 'N/A'
+                         end
+        @plugin_name
+      end
+      alias name plugin_name
+      # Return the event plugin output data
+      # @return [String]
+      #    Return the event plugin output data
+      # @example
+      #   event.output        #=> "..."
+      #   event.data          #=> "..."
+      def data
+        d = @event.at('data').to_s || ''
+        @data ||= if d.empty?
+                    false
+                  else
+                    @event.at('data').inner_text || 'N/A'
+                  end
+        @data
+      end
+      alias output data
+    end
+  end
+end

data/lib/ruby-nessus/version1/host.rb ADDED

@@ -0,0 +1,267 @@
+# frozen_string_literal: true
+module RubyNessus
+  module Version1
+    class Host
+      include Enumerable
+      # Creates A New Host Object
+      # @param [Object] Host Object
+      # @example
+      # Host.new(object)
+      def initialize(host)
+        @host = host
+      end
+      def to_s
+        ip.to_s
+      end
+      # Return the Host Object hostname.
+      # @return [String]
+      #   The Host Object Hostname
+      # @example
+      #   host.hostname #=> "127.0.0.1"
+      def hostname
+        @hostname ||= @host.at('HostName').inner_text
+      end
+      alias ip hostname
+      # Return the host scan start time.
+      # @return [DateTime]
+      #   The Host Scan Start Time
+      # @example
+      #   scan.scan_start_time #=> 'Fri Nov 11 23:36:54 1985'
+      def scan_start_time
+        if @host.at('startTime').inner_text.empty?
+          false
+        else
+          @host_scan_time = DateTime.strptime(@host.at('startTime').inner_text, '%a %b %d %H:%M:%S %Y')
+        end
+      end
+      # Return the host scan stop time.
+      # @return [DateTime]
+      #   The Host Scan Stop Time
+      # @example
+      #   scan.scan_start_time #=> 'Fri Nov 11 23:36:54 1985'
+      def scan_stop_time
+        if @host.at('stopTime').inner_text.empty?
+          false
+        else
+          @host_scan_time = DateTime.strptime(@host.at('stopTime').inner_text, '%a %b %d %H:%M:%S %Y')
+        end
+      end
+      # Return the host run time.
+      # @return [String]
+      #   The Host Scan Run Time
+      # @example
+      #   scan.scan_run_time #=> '2 hours 5 minutes and 16 seconds'
+      def scan_runtime
+        get_runtime
+      end
+      alias runtime scan_runtime
+      # Return the Host Netbios Name.
+      # @return [String]
+      #   The Host Netbios Name
+      # @example
+      #   host.netbios_name #=> "SOMENAME4243"
+      def netbios_name
+        @netbios_name ||= @host.at('netbios_name').inner_text
+      end
+      # Return the Host Mac Address.
+      # @return [String]
+      #   Return the Host Mac Address
+      # @example
+      #   host.mac_addr #=> "00:11:22:33:44:55"
+      def mac_addr
+        @mac_addr ||= @host.at('mac_addr').inner_text
+      end
+      alias mac_address mac_addr
+      # Return the Host DNS Name.
+      # @return [String]
+      #   Return the Host DNS Name
+      # @example
+      #   host.dns_name #=> "snorby.org"
+      def dns_name
+        @dns_name ||= @host.at('dns_name').inner_text
+      end
+      # Return the Host OS Name.
+      # @return [String]
+      #   Return the Host OS Name
+      # @example
+      #   host.dns_name #=> "Microsoft Windows 2000, Microsoft Windows Server 2003"
+      def os_name
+        @os_name ||= @host.at('os_name').inner_text
+      end
+      alias operating_system os_name
+      # Return the open ports for a given host object.
+      # @return [Integer]
+      #   Return the open ports for a given host object.
+      # @example
+      #   host.open_ports #=> 213
+      def open_ports
+        @scanned_ports ||= @host.at('num_ports').inner_text.to_i
+      end
+      # Returns All Informational Event Objects For A Given Host.
+      # @yield [prog] If a block is given, it will be passed the newly
+      #               created Event object.
+      # @yieldparam [EVENT] prog The newly created Event object.
+      # @return [Integer]
+      #   Return The Informational Event Count For A Given Host.
+      # @example
+      #   host.informational_events do |info|
+      #     puts info.port
+      #     puts info.data if info.data
+      #   end
+      def informational_events(&block)
+        unless @informational_events
+          @informational_events = []
+          @informational_event_count = 0
+          @host.xpath('ReportItem').each do |event|
+            next if event.at('severity').inner_text.to_i != 0
+            @informational_events << Event.new(event)
+            @informational_event_count += 1
+          end
+        end
+        @informational_events.each(&block)
+        @informational_event_count
+      end
+      # Returns All Low Event Objects For A Given Host.
+      # @yield [prog] If a block is given, it will be passed the newly
+      #               created Event object.
+      # @yieldparam [EVENT] prog The newly created Event object.
+      # @return [Integer]
+      #   Return The Low Event Count For A Given Host.
+      # @example
+      #   host.low_severity_events do |low|
+      #     puts low.name if low.name
+      #   end
+      def low_severity_events(&block)
+        @low_severity_count = @host.at('num_lo').inner_text.to_i
+        unless @low_severity_events
+          @low_severity_events = []
+          @host.xpath('ReportItem').each do |event|
+            next if event.at('severity').inner_text.to_i != 1
+            @low_severity_events << Event.new(event)
+          end
+        end
+        @low_severity_events.each(&block)
+        @low_severity_count
+      end
+      # Returns All Medium Event Objects For A Given Host.
+      # @yield [prog] If a block is given, it will be passed the newly
+      #               created Event object.
+      # @yieldparam [EVENT] prog The newly created Event object.
+      # @return [Integer]
+      #   Return The Medium Event Count For A Given Host.
+      # @example
+      #   host.medium_severity_events do |medium|
+      #     puts medium.name if medium.name
+      #   end
+      def medium_severity_events(&block)
+        @high_severity_count = @host.at('num_med').inner_text.to_i
+        unless @medium_severity_events
+          @medium_severity_events = []
+          @host.xpath('ReportItem').each do |event|
+            next if event.at('severity').inner_text.to_i != 2
+            @medium_severity_events << Event.new(event)
+          end
+        end
+        @medium_severity_events.each(&block)
+        @high_severity_count
+      end
+      # Returns All High Event Objects For A Given Host.
+      # @yield [prog] If a block is given, it will be passed the newly
+      #               created Event object.
+      # @yieldparam [EVENT] prog The newly created Event object.
+      # @return [Integer]
+      #   Return The High Event Count For A Given Host.
+      # @example
+      #   host.high_severity_events do |high|
+      #     puts high.name if high.name
+      #   end
+      def high_severity_events(&block)
+        @high_severity_count = @host.at('num_hi').inner_text.to_i
+        unless @high_severity_events
+          @high_severity_events = []
+          @host.xpath('ReportItem').each do |event|
+            next if event.at('severity').inner_text.to_i != 3
+            @high_severity_events << Event.new(event)
+          end
+        end
+        @high_severity_events.each(&block)
+        @high_severity_count
+      end
+      # Return the total event count for a given host.
+      # @return [Integer]
+      #   Return the total event count for a given host.
+      # @example
+      #   host.event_count #=> 3456
+      def event_count
+        (low_severity_events.to_i + medium_severity_events.to_i + high_severity_events.to_i).to_i
+      end
+      # Creates a new Event object to be parser
+      # @yield [prog] If a block is given, it will be passed the newly
+      #               created Event object.
+      # @yieldparam [EVENT] prog The newly created Event object.
+      # @example
+      #   host.events do |event|
+      #     puts event.name if event.name
+      #     puts event.port
+      #   end
+      def each_event(&block)
+        @host.xpath('ReportItem').each do |event|
+          yield(Event.new(event)) if block
+        end
+      end
+      # Parses the events of the host.
+      # @return [Array<String>]
+      #   The events of the host.
+      def events
+        to_enum(:each_event).to_a
+      end
+      private
+      def get_runtime
+        if scan_start_time && scan_stop_time
+          h = (Time.parse(scan_stop_time.to_s).strftime('%H').to_i - Time.parse(scan_start_time.to_s).strftime('%H').to_i).to_s.delete('-')
+          m = (Time.parse(scan_stop_time.to_s).strftime('%M').to_i - Time.parse(scan_start_time.to_s).strftime('%M').to_i).to_s.delete('-')
+          s = (Time.parse(scan_stop_time.to_s).strftime('%S').to_i - Time.parse(scan_start_time.to_s).strftime('%S').to_i).to_s.delete('-')
+          "#{h} hours #{m} minutes and #{s} seconds"
+        else
+          false
+        end
+      end
+    end
+  end
+end