ruby-nessus2 2.0

data/ruby-nessus.gemspec

@@ -0,0 +1,28 @@
+# frozen_string_literal: true
+
+$LOAD_PATH.push File.expand_path('../lib', __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.name        = 'ruby-nessus2'
+  gem.version     = '2.0'
+  gem.summary     = 'Ruby-Nessus is a ruby interface for the popular Nessus vulnerability scanner.'
+  gem.description = 'Based on ruby-nessus. For internal testing only. Do not use this gem in production.'
+  gem.licenses    = ['MIT']
+  gem.authors     = ['Tamas']
+  gem.email       = 'tamas@dxw.com'
+  gem.homepage    = 'https://github.com/dxwcyber/ruby-nessus'
+
+  gem.files            = `git ls-files`.split("\n")
+  gem.executables      = `git ls-files -- bin/*`.split("\n").map { |f| File.basename(f) }
+  gem.test_files       = `git ls-files -- {test,spec,features}/*`.split("\n")
+  gem.require_paths = ['lib']
+  gem.required_ruby_version = '>= 2.3'
+
+  gem.add_dependency 'nokogiri', '~> 1.4'
+  gem.add_dependency 'rainbow', '>= 2.0'
+
+  gem.add_development_dependency 'rspec', '~> 3.7'
+  gem.add_development_dependency 'rubocop', '~> 0.51'
+  gem.add_development_dependency 'rubygems-tasks', '~> 0.1'
+  gem.add_development_dependency 'yard', '~> 0.9.11'
+end

data/spec/ruby-nessus/parse_spec.rb

@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require_relative '../spec_helper'
+require_relative '../spec_fixtures/xml'
+
+describe 'RubyNessus::Parse' do
+  it 'should parse a valid v1 .nessus file' do
+    expect { RubyNessus::Parse.new(Helpers::DOT_NESSUS_V1_PATH) }.not_to raise_error
+  end
+
+  it 'should parse a valid v2 .nessus file' do
+    expect { RubyNessus::Parse.new(Helpers::DOT_NESSUS_V2_PATH) }.not_to raise_error
+  end
+
+  it 'should parse a valid v1 .nessus string' do
+    options = { xml: Helpers::DOT_NESSUS_V1_DOC }
+    expect { RubyNessus::Parse.new(nil, options) }.not_to raise_error
+  end
+
+  it 'should parse a valid v2 .nessus string' do
+    options = { xml: Helpers::DOT_NESSUS_V2_DOC }
+    expect { RubyNessus::Parse.new(nil, options) }.not_to raise_error
+  end
+
+  it 'should not parse other versions .nessus string' do
+    options = { xml: Helpers::DOT_NESSUS_V2_DOC, version: 3 }
+    expect { RubyNessus::Parse.new(nil, options) }.to raise_error('Error: Supported .Nessus Version are 1 and 2.')
+  end
+
+  it 'should not parse other versions .nessus string' do
+    options = { xml: Helpers::DOT_NESSUS_VWRONG_DOC }
+    expect { RubyNessus::Parse.new(nil, options).detect_version }.to raise_error('Error: Supported .Nessus Version are 1 and 2.')
+  end
+
+  it 'should return the scan' do
+    options = { xml: Helpers::DOT_NESSUS_V2_DOC }
+    my_nessus = RubyNessus::Parse.new(nil, options)
+    expect(my_nessus.scan).to be_kind_of(RubyNessus::Version2::XML)
+  end
+end

data/spec/ruby-nessus/version1/event_spec.rb

@@ -0,0 +1,69 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'spec_fixtures/xml'
+
+describe 'Nessus Version 1: Event' do
+  before(:all) do
+    @xml = RubyNessus::Version1::XML.new(Helpers::DOT_NESSUS_V1)
+    @host = @xml.hosts.first
+    @bad_event = @host.events.first
+    @good_event = @host.events.last
+    @bad_port_event = @host.events[25]
+  end
+
+  it 'should parse the event name' do
+    expect(@good_event.name).to eq 'Backported Security Patch Detection (WWW)'
+  end
+
+  it 'should parse the event port' do
+    expect(@good_event.port.to_s).to eq 'http (80/tcp)'
+  end
+
+  it 'should parse the event port number' do
+    expect(@good_event.port.number).to eq '80'
+  end
+
+  it 'should parse the event port service' do
+    expect(@good_event.port.service).to eq 'http'
+  end
+
+  it 'should parse the event port protocol' do
+    expect(@good_event.port.protocol).to eq 'tcp'
+  end
+
+  it 'should return true if the event port protocol is tcp' do
+    expect(@good_event.port.tcp?).to eq true
+  end
+
+  it 'should return false if the event port protocol is not udp' do
+    expect(@good_event.port.udp?).to eq false
+  end
+
+  it 'should parse the event severity' do
+    expect(@good_event.severity).to eq 1
+  end
+
+  it 'should return the event plugin output' do
+    expect(@good_event.data).not_to be nil
+  end
+
+  it 'should return falsey if not data' do
+    expect(@bad_event.data).to be_falsey
+  end
+
+  it 'should have a plugin_id' do
+    expect(@good_event.plugin_id).to eq 39_521
+  end
+
+  # Bad Event
+
+  it 'should return false if the event name is nil' do
+    expect(@bad_event.name).to eq false
+  end
+
+  it 'should use raw_string' do
+    expect(@bad_port_event.port.service).to be_falsey
+    expect(@bad_port_event.port.to_s).to eq 'general/tcp'
+  end
+end

data/spec/ruby-nessus/version1/host_spec.rb

@@ -0,0 +1,75 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'spec_fixtures/xml'
+
+describe 'Nessus Version 1: Host' do
+  before(:all) do
+    @xml = RubyNessus::Version1::XML.new(Helpers::DOT_NESSUS_V1)
+    @host = @xml.hosts.first
+  end
+
+  it 'should parse the host hostname' do
+    expect(@host.hostname).to eq 'scanme.insecure.org'
+  end
+
+  it 'should parse the host start time' do
+    expect(@host.scan_start_time.to_s).to eq '2009-11-08T02:21:24+00:00'
+  end
+
+  it 'should parse the host stop time' do
+    expect(@host.scan_stop_time.to_s).to eq '2009-11-08T02:31:28+00:00'
+  end
+
+  it 'should parse the host runtime' do
+    expect(@host.scan_runtime).to eq '0 hours 10 minutes and 4 seconds'
+  end
+
+  it 'should parse the hosts open ports' do
+    expect(@host.open_ports).to eq 6
+  end
+
+  it 'should calculate the hosts informational event count' do
+    expect(@host.informational_events).to eq 5
+  end
+
+  it 'should calculate the hosts low severity event count' do
+    expect(@host.low_severity_events).to eq 19
+  end
+
+  it 'should calculate the hosts medium severity event count' do
+    expect(@host.medium_severity_events).to eq 3
+  end
+
+  it 'should calculate the hosts high severity event count' do
+    expect(@host.high_severity_events).to eq 0
+  end
+
+  it 'should calculate the hosts total event count' do
+    expect(@host.event_count).to eq 22
+  end
+
+  it 'should to_s return the ip' do
+    expect(@host.to_s).to eq @host.ip
+  end
+
+  it 'should ip return the hostname' do
+    expect(@host.ip).to eq 'scanme.insecure.org'
+  end
+
+  it 'should mac_addr return the mac address or unknown' do
+    expect(@host.mac_addr).to eq '(unknown)'
+  end
+
+  it 'should return the netbios_name' do
+    expect(@host.netbios_name).to eq '(unknown)'
+  end
+
+  it 'should return the dns_name' do
+    expect(@host.dns_name).to eq 'scanme.insecure.org.\\n'
+  end
+
+  it 'should return the os_name ' do
+    expect(@host.os_name).to eq 'Linux Kernel 2.6 on Red Hat Enterprise Linux 5'
+  end
+end

data/spec/ruby-nessus/version1/scan_spec.rb

@@ -0,0 +1,97 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'spec_fixtures/xml'
+
+describe 'Nessus Version 1: Scan' do
+  include Helpers
+
+  before(:all) do
+    @xml = RubyNessus::Version1::XML.new(Helpers::DOT_NESSUS_V1)
+  end
+
+  it 'should parse the scan title' do
+    expect(@xml.title).to eq 'Ruby-Nessus Example Policy'
+  end
+
+  it 'should parse the scan time' do
+    expect(@xml.time.to_s).to eq '2009-11-08T02:21:22+00:00'
+  end
+
+  it 'should parse the scan policy title' do
+    expect(@xml.policy_title).to eq 'Ruby-Nessus Example Policy'
+  end
+
+  it 'should parse the scan policy notes' do
+    expect(@xml.policy_notes).to eq 'This is an example .nessus file for testing the Ruby-Nessus gem.'
+  end
+
+  it 'should parse the scan start time' do
+    expect(@xml.start_time.to_s).to eq '2009-11-08T02:21:23+00:00'
+  end
+
+  it 'should parse the scan stop time' do
+    expect(@xml.stop_time.to_s).to eq '2009-11-08T02:31:29+00:00'
+  end
+
+  it 'should parse the scan runtime' do
+    expect(@xml.runtime).to eq '0 hours 10 minutes and 6 seconds'
+  end
+
+  it 'should parse the scan total host count' do
+    expect(@xml.host_count).to eq 1
+  end
+
+  it 'should calculate the percentage of low severity events' do
+    expect(@xml.event_percentage_for('low', true)).to eq '86'
+  end
+
+  it 'should calculate the low severity event total' do
+    expect(@xml.low_severity_count).to eq 19
+  end
+
+  it 'should calculate the percentage of medium severity events' do
+    expect(@xml.event_percentage_for('medium', true)).to eq '14'
+  end
+
+  it 'should calculate the medium severity event total' do
+    expect(@xml.medium_severity_count).to eq 3
+  end
+
+  it 'should calculate the percentage of high severity events' do
+    expect(@xml.event_percentage_for('high', true)).to eq '0'
+  end
+
+  it 'should calculate the high severity event total' do
+    expect(@xml.high_severity_count).to eq 0
+  end
+
+  it 'should calculate the total for all severity events' do
+    expect(@xml.total_event_count).to eq 22
+  end
+
+  it 'should target_hosts list the target' do
+    expect(@xml.target_hosts).to eq ['scanme.insecure.org']
+  end
+
+  it 'should be version 1' do
+    expect(@xml.version).to eq 1
+  end
+
+  it 'should return the plugin ids' do
+    expect(@xml.plugin_ids.length).to eq 31_507
+  end
+
+  it 'should return the plugins' do
+    expect(@xml.plugins).to be_kind_of(Array)
+    expect(@xml.plugins).not_to be_blank
+  end
+
+  it 'should parse the unique ports' do
+    expect(@xml.unique_ports).to eq ['arcp (7070/tcp)', 'domain (53/tcp)', 'domain (53/udp)', 'ftp (21/tcp)', 'general/tcp', 'general/udp', 'http (80/tcp)', 'rtsp (554/tcp)']
+  end
+
+  it 'should find_by_hotsname' do
+    @xml.find_by_hostname('scanme.insecure.org') { |host| expect(host.hostname).to eq 'scanme.insecure.org' }
+  end
+end

data/spec/ruby-nessus/version2/event_spec.rb

@@ -0,0 +1,225 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+require 'spec_fixtures/xml'
+
+describe 'Nessus Version 2: Event port' do
+  before(:all) do
+    @xml = RubyNessus::Version2::XML.new(Helpers::DOT_NESSUS_V2)
+    @host = @xml.hosts.first
+    @good_event = @host.events.last
+  end
+  it 'should parse the event name' do
+    expect(@good_event.name).to eq 'ICMP Timestamp Request Remote Date Disclosure'
+  end
+
+  it 'should parse the event port' do
+    expect(@good_event.port.to_s).to eq 'unknown (0/icmp)'
+  end
+
+  it 'should parse the event port number' do
+    expect(@good_event.port.number.to_s).to eq '0'
+  end
+
+  it 'should parse the event port service' do
+    expect(@good_event.port.service.to_s).to eq 'unknown'
+  end
+
+  it 'should parse the event port protocol' do
+    expect(@good_event.port.protocol.to_s).to eq 'icmp'
+  end
+
+  it 'should return true if the event port protocol is icmp' do
+    expect(@good_event.port.icmp?).to eq true
+  end
+
+  it 'should return false if the event port protocol is not udp' do
+    expect(@good_event.port.udp?).to eq false
+  end
+
+  it 'should return false if the event port protocol is not tcp' do
+    expect(@good_event.port.tcp?).to be_falsey
+  end
+end
+
+describe 'Nessus Version 2: Event' do
+  before(:all) do
+    @xml = RubyNessus::Version2::XML.new(Helpers::DOT_NESSUS_V2)
+    @host = @xml.hosts.first
+    @good_event = @host.events.last
+    @bad_event = @host.events.first
+    @medium_event = @host.medium_severity_events.first
+    @rich_event = @host.events[22]
+  end
+
+  it 'should return the event plugin output' do
+    expect(@good_event.data).not_to be_nil
+  end
+
+  it 'should return the event plugin type' do
+    expect(@good_event.plugin_type).to be_kind_of(String)
+  end
+
+  it 'should return the event synopsis' do
+    expect(@medium_event.synopsis).to eq 'The remote web server encrypts traffic using an obsolete protocol.'
+  end
+
+  it 'should return the event description' do
+    expect(@medium_event.description).to start_with 'The remote web server accepts connections encrypted using Secure'
+  end
+
+  it 'should return the event solution' do
+    expect(@medium_event.solution).to eq "Rare or obsolete code is often poorly tested. Thus, it would be\nsafer to disable support for S-HTTP and use HTTPS instead."
+  end
+
+  it 'should return the event risk' do
+    expect(@medium_event.risk).to eq 'Medium'
+  end
+
+  it 'should return the event output' do
+    expect(@good_event.output).to eq "The difference between the local and remote clocks is 1 second.\n"
+  end
+
+  it 'should return false for the event output' do
+    expect(@medium_event.output).to be_falsey
+  end
+
+  it 'should return false for the event plugin version' do
+    expect(@medium_event.version).to eq '$Revision: 1.9 $'
+  end
+
+  it 'should return the see_also information for the event' do
+    expect(@medium_event.see_also).to eq ['http://tools.ietf.org/html/rfc2660', 'http://cpe.mitre.org/']
+  end
+
+  it 'should return the vulnerability publication date' do
+    expect(@rich_event.vuln_publication_date).to eq Time.parse('2009-11-04')
+  end
+
+  it 'should return the patch publication date' do
+    expect(@rich_event.patch_publication_date).to eq Time.parse('2009-11-05')
+  end
+
+  it 'should return false if there is no patch publication date' do
+    expect(@medium_event.patch_publication_date).to be_falsey
+  end
+
+  it 'should return the cvss base score' do
+    expect(@medium_event.cvss_base_score).to eq 5.0
+  end
+
+  it 'should return the cvss temporal score' do
+    expect(@medium_event.cvss_temporal_score).to eq 5.0
+  end
+
+  it 'should return the cve score' do
+    expect(@rich_event.cve.first).to be_kind_of(String)
+    expect(@rich_event.cve.first).not_to be_blank
+  end
+
+  it 'should return falsey if no cve' do
+    expect(@medium_event.cve).to be_falsey
+  end
+
+  it 'should not return bid if its not here' do
+    expect(@medium_event.bid).to be_falsey
+  end
+
+  it 'should return the bid' do
+    expect(@rich_event.bid.first).to eq '36935'
+  end
+
+  it 'should retun an empty tab if there is not other ref' do
+    expect(@medium_event.xref).to be_empty
+  end
+
+  it 'should return other related references' do
+    expect(@rich_event.xref.first).to eq 'OSVDB:59968'
+  end
+
+  it 'should return cvss_vector' do
+    expect(@medium_event.cvss_vector).to eq 'CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N'
+  end
+
+  it 'should have a plugin_id' do
+    expect(@good_event.plugin_id).to be_kind_of(Integer)
+  end
+
+  it 'should have a plugin_id' do
+    expect(@good_event.plugin_family).to be_kind_of(String)
+    expect(@good_event.plugin_family).not_to be_blank
+  end
+
+  it 'should have a cpe Array (empty if no cpe)' do
+    expect(@good_event.cpe).to be_kind_of(Array)
+  end
+
+  it 'should have a exploitability_ease' do
+    expect(@good_event.exploitability_ease).to be_kind_of(String)
+  end
+
+  it 'should have a exploit_available' do
+    expect(@good_event.exploit_available).to be_falsey
+  end
+
+  it 'should have a exploit_framework_canvas' do
+    expect(@good_event.exploit_framework_canvas).to be_blank
+  end
+
+  it 'should have a canvas_package' do
+    expect(@good_event.canvas_package).to be_blank
+  end
+
+  it 'should have a exploit_framework_metasploit' do
+    expect(@good_event.exploit_framework_metasploit).to be_blank
+  end
+
+  it 'should have a metasploit_name' do
+    expect(@good_event.metasploit_name).to be_blank
+  end
+
+  it 'should have a exploit_framework_core' do
+    expect(@good_event.exploit_framework_core).to be_blank
+  end
+
+  # Bad Event
+
+  it 'should return false if the event name is nil' do
+    expect(@bad_event.name).to be_falsey
+  end
+end
+describe 'Nessus Version 2: Event severity' do
+  before(:all) do
+    @xml = RubyNessus::Version2::XML.new(Helpers::DOT_NESSUS_V2)
+    @host = @xml.hosts.first
+    @medium_event = @host.medium_severity_events.first
+  end
+
+  it 'should not have a informational severity' do
+    expect(@medium_event.informational?).to be false
+  end
+
+  it 'should not have a low severity' do
+    expect(@medium_event.low?).to be false
+  end
+
+  it 'should have a medium severity' do
+    expect(@medium_event.medium?).to be true
+  end
+
+  it 'should have not have a high severity' do
+    expect(@medium_event.high?).to be false
+  end
+
+  it 'should have not have a high severity' do
+    expect(@medium_event.critical?).to be false
+  end
+
+  it 'should have not have a high severity' do
+    expect(@medium_event.critical?).to be false
+  end
+
+  it 'should parse the event severity' do
+    expect(@medium_event.severity).to eq 2
+  end
+end