Class: NessusXMLRPC::NessusXMLRPCrexml
- Inherits:
-
Object
- Object
- NessusXMLRPC::NessusXMLRPCrexml
- Defined in:
- lib/nessus-xmlrpc.rb
Overview
Class which uses standard REXML to parse nessus XML RPC replies. It is adviseable to use NessusXMLRPC class, not this class directly. As NessusXMLRPC class will use nokogiri or rexml, depending on availability.
Direct Known Subclasses
Instance Method Summary collapse
-
#initialize(url, user, password) ⇒ NessusXMLRPCrexml
constructor
n=NessusXMLRPC::NessusXMLRPC.new(‘localhost:8834’,‘user’,‘pass’);.
-
#logged_in ⇒ Object
checks if we’re logged in correctly.
-
#login(user, password) ⇒ Object
login with user & password and sets object-wide @token, @name and @admin.
-
#nessus_http_request(uri, post_data) ⇒ Object
send standard Nessus HTTP request and check.
-
#nessus_request(uri, post_data) ⇒ Object
send standard Nessus XML request and check.
-
#plugins_list ⇒ Object
– ToDo items.
-
#policy_get_first ⇒ Object
get first policy from server and returns: policyID, policyName.
-
#policy_get_id(textname) ⇒ Object
get policy by textname and return policyID.
-
#policy_list_names ⇒ Object
get list of names of policies.
-
#policy_list_uids ⇒ Object
get list of policy IDs.
-
#report_delete(id) ⇒ Object
delete report by report ID.
-
#report_file1_download(report) ⇒ Object
get report by reportID and return XML file (version 1).
-
#report_file_download(report) ⇒ Object
get report by reportID and return XML file.
-
#report_get_host(report_id, host) ⇒ Object
get host details for particular host identified by report id.
-
#report_hosts(report_id) ⇒ Object
get hosts for particular report.
-
#scan_finished(uuid) ⇒ Object
check if scan is finished (completed to be exact) identified by uuid.
-
#scan_list_hash ⇒ Object
get hash of active scan data.
-
#scan_list_uids ⇒ Object
get uids of scans.
-
#scan_new(policy_id, scan_name, target) ⇒ Object
initiate new scan with policy id, descriptive name and list of targets.
-
#scan_pause(uuid) ⇒ Object
pause scan identified by scan_uuid.
-
#scan_pause_all ⇒ Object
end.
-
#scan_resume(uuid) ⇒ Object
remove scan identified by uuid.
-
#scan_resume_all ⇒ Object
end.
-
#scan_status(uuid) ⇒ Object
check status of scan identified by uuid.
-
#scan_stop(uuid) ⇒ Object
stop scan identified by scan_uuid.
-
#scan_stop_all ⇒ Object
end.
- #users_list ⇒ Object
Constructor Details
#initialize(url, user, password) ⇒ NessusXMLRPCrexml
n=NessusXMLRPC::NessusXMLRPC.new(‘localhost:8834’,‘user’,‘pass’);
68 69 70 71 72 73 74 75 76 77 78 79 80 |
# File 'lib/nessus-xmlrpc.rb', line 68 def initialize(url,user,password) if url == '' @nurl="https://localhost:8834/" else if url =~ /\/$/ @nurl=url else @nurl=url + "/" end end @token='' login(user,password) end |
Instance Method Details
#logged_in ⇒ Object
checks if we’re logged in correctly
returns: true if logged in, false if not
Usage:
n=NessusXMLRPC::NessusXMLRPC.new('https://localhost:8834','user','pass');
if n.logged_in
puts “Logged in”
else
puts “Error”
end
94 95 96 97 98 99 100 |
# File 'lib/nessus-xmlrpc.rb', line 94 def logged_in if @token == '' return false else return true end end |
#login(user, password) ⇒ Object
login with user & password and sets object-wide @token, @name and @admin
146 147 148 149 150 151 152 153 154 155 156 157 158 |
# File 'lib/nessus-xmlrpc.rb', line 146 def login(user, password) post = { "login" => user, "password" => password } docxml=nessus_request('login', post) if docxml == '' @token='' else @token = docxml.root.elements['contents'].elements['token'].text @name = docxml.root.elements['contents'].elements['user'].elements['name'].text @admin = docxml.root.elements['contents'].elements['user'].elements['admin'].text # puts "Got token:" + @token end end |
#nessus_http_request(uri, post_data) ⇒ Object
send standard Nessus HTTP request and check
returns: body of response
124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/nessus-xmlrpc.rb', line 124 def nessus_http_request(uri, post_data) url = URI.parse(@nurl + uri) request = Net::HTTP::Post.new( url.path ) request.set_form_data( post_data ) if not defined? @https @https = Net::HTTP.new( url.host, url.port ) @https.use_ssl = true @https.verify_mode = OpenSSL::SSL::VERIFY_NONE end # puts request begin response = @https.request( request ) rescue puts "[e] error connecting to server: "+ @nurl + " with URI: " + uri exit end # puts response.body return response.body end |
#nessus_request(uri, post_data) ⇒ Object
send standard Nessus XML request and check
returns: rexml/document root
105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 |
# File 'lib/nessus-xmlrpc.rb', line 105 def nessus_request(uri, post_data) body=nessus_http_request(uri, post_data) # puts response.body docxml = REXML::Document.new(body) begin status = docxml.root.elements['status'].text rescue puts "[e] error in XML parsing" end if status == "OK" return docxml else return '' end end |
#plugins_list ⇒ Object
– ToDo items
403 404 405 406 407 |
# File 'lib/nessus-xmlrpc.rb', line 403 def plugins_list post= { "token" => @token } docxml=nessus_request('plugins/list', post) return docxml end |
#policy_get_first ⇒ Object
get first policy from server and returns: policyID, policyName
returns: policyID, policyName
229 230 231 232 233 234 235 |
# File 'lib/nessus-xmlrpc.rb', line 229 def policy_get_first post= { "token" => @token } docxml=nessus_request('policy/list', post) docxml.root.elements['contents'].elements['policies'].each_element('//policy') {|policy| return policy.elements['policyID'].text, policy.elements['policyName'].text } end |
#policy_get_id(textname) ⇒ Object
get policy by textname and return policyID
returns: policyID
215 216 217 218 219 220 221 222 223 224 |
# File 'lib/nessus-xmlrpc.rb', line 215 def policy_get_id(textname) post= { "token" => @token } docxml=nessus_request('policy/list', post) docxml.root.elements['contents'].elements['policies'].each_element('//policy') {|policy| if policy.elements['policyName'].text == textname return policy.elements['policyID'].text end } return '' end |
#policy_list_names ⇒ Object
get list of names of policies
returns: array of names
363 364 365 366 367 368 369 370 371 |
# File 'lib/nessus-xmlrpc.rb', line 363 def policy_list_names post= { "token" => @token } docxml=nessus_request('policy/list', post) list = Array.new docxml.root.elements['contents'].elements['policies'].each_element('//policy') {|policy| list.push policy.elements['policyName'].text } return list end |
#policy_list_uids ⇒ Object
get list of policy IDs
returns: array of all policy uids
240 241 242 243 244 245 246 247 |
# File 'lib/nessus-xmlrpc.rb', line 240 def policy_list_uids post= { "token" => @token } docxml=nessus_request('policy/list', post) pids=Array.new docxml.root.elements['contents'].elements['policies'].each_element('//policy') { |policy| pids.push(policy.elements['policyID'].text) } return pids end |
#report_delete(id) ⇒ Object
delete report by report ID
354 355 356 357 358 |
# File 'lib/nessus-xmlrpc.rb', line 354 def report_delete(id) post= { "token" => @token, "report" => id } docxml=nessus_request('report/delete', post) return docxml end |
#report_file1_download(report) ⇒ Object
get report by reportID and return XML file (version 1)
returns: XML file of report (nessus v1 format)
347 348 349 350 351 |
# File 'lib/nessus-xmlrpc.rb', line 347 def report_file1_download(report) post= { "token" => @token, "report" => report, "v1" => "true" } file=nessus_http_request('file/report/download', post) return file end |
#report_file_download(report) ⇒ Object
get report by reportID and return XML file
returns: XML file of report (nessus v2 format)
338 339 340 341 342 |
# File 'lib/nessus-xmlrpc.rb', line 338 def report_file_download(report) post= { "token" => @token, "report" => report } file=nessus_http_request('file/report/download', post) return file end |
#report_get_host(report_id, host) ⇒ Object
get host details for particular host identified by report id
returns: severity, current, total
389 390 391 392 393 394 395 396 397 398 399 400 401 |
# File 'lib/nessus-xmlrpc.rb', line 389 def report_get_host(report_id,host) post= { "token" => @token, "report" => report_id } docxml=nessus_request('report/hosts', post) docxml.root.elements['contents'].elements['hostList'].each_element('//host') { |host| if host.elements['hostname'].text == host retval={} retval["severity"] = host.elements['severity'].text retval["current"] = host.elements['scanProgressCurrent'].text retval["total"] = host.elements['scanProgressTotal'].text return retval end } end |
#report_hosts(report_id) ⇒ Object
get hosts for particular report
returns: array of hosts
376 377 378 379 380 381 382 383 384 |
# File 'lib/nessus-xmlrpc.rb', line 376 def report_hosts(report_id) post= { "token" => @token, "report" => report_id } docxml=nessus_request('report/hosts', post) list = Array.new docxml.root.elements['contents'].elements['hostList'].each_element('//host') { |host| list.push host.elements['hostname'].text } return list end |
#scan_finished(uuid) ⇒ Object
check if scan is finished (completed to be exact) identified by uuid
326 327 328 329 330 331 332 333 |
# File 'lib/nessus-xmlrpc.rb', line 326 def scan_finished(uuid) status=scan_status(uuid) if status == "completed" return true else return false end end |
#scan_list_hash ⇒ Object
get hash of active scan data
returns: array of hash of active scans
197 198 199 200 201 202 203 204 205 206 207 208 209 210 |
# File 'lib/nessus-xmlrpc.rb', line 197 def scan_list_hash post= { "token" => @token } docxml=nessus_request('scan/list', post) scans=Array.new docxml.root.elements['contents'].elements['scans'].elements['scanList'].each_element('//scan') {|scan| entry=Hash.new entry['id']=scan.elements['uuid'].text entry['name']=scan.elements['readableName'].text entry['current']=scan.elements['completion_current'].text; entry['total']=scan.elements['completion_total'].text; scans.push(entry) } return scans end |
#scan_list_uids ⇒ Object
get uids of scans
returns: array of uids of active scans
186 187 188 189 190 191 192 |
# File 'lib/nessus-xmlrpc.rb', line 186 def scan_list_uids post= { "token" => @token } docxml=nessus_request('scan/list', post) uuids=Array.new docxml.root.elements['contents'].elements['scans'].elements['scanList'].each_element('//scan') {|scan| uuids.push(scan.elements['uuid'].text) } return uuids end |
#scan_new(policy_id, scan_name, target) ⇒ Object
initiate new scan with policy id, descriptive name and list of targets
returns: uuid of scan
Usage:
n=NessusXMLRPC::NessusXMLRPC.new('https://localhost:8834','user','pass');
if n.logged_in
id,name = n.policy_get_first puts “using policy ID: ” + id + “ with name: ” + name uid=n.scan_new(id,“textxmlrpc”,“127.0.0.1”)
end
172 173 174 175 176 177 178 179 180 181 |
# File 'lib/nessus-xmlrpc.rb', line 172 def scan_new(policy_id,scan_name,target) post= { "token" => @token, "policy_id" => policy_id, "scan_name" => scan_name, "target" => target } docxml=nessus_request('scan/new', post) if docxml == '' return '' else uuid=docxml.root.elements['contents'].elements['scan'].elements['uuid'].text return uuid end end |
#scan_pause(uuid) ⇒ Object
pause scan identified by scan_uuid
271 272 273 274 275 |
# File 'lib/nessus-xmlrpc.rb', line 271 def scan_pause(uuid) post= { "token" => @token, "scan_uuid" => uuid } docxml=nessus_request('scan/pause', post) return docxml end |
#scan_pause_all ⇒ Object
end
284 285 286 287 288 289 290 |
# File 'lib/nessus-xmlrpc.rb', line 284 def scan_pause_all b=scan_list_uids b.each {|uuid| scan_pause(uuid) } return b end |
#scan_resume(uuid) ⇒ Object
remove scan identified by uuid
292 293 294 295 296 |
# File 'lib/nessus-xmlrpc.rb', line 292 def scan_resume(uuid) post= { "token" => @token, "scan_uuid" => uuid } docxml=nessus_request('scan/resume', post) return docxml end |
#scan_resume_all ⇒ Object
end
305 306 307 308 309 310 311 |
# File 'lib/nessus-xmlrpc.rb', line 305 def scan_resume_all b=scan_list_uids b.each {|uuid| scan_resume(uuid) } return b end |
#scan_status(uuid) ⇒ Object
check status of scan identified by uuid
314 315 316 317 318 319 320 321 322 323 |
# File 'lib/nessus-xmlrpc.rb', line 314 def scan_status(uuid) post= { "token" => @token, "report" => uuid } docxml=nessus_request('report/list', post) docxml.root.elements['contents'].elements['reports'].each_element('//report') { |report| if report.elements['name'].text == uuid return (report.elements['status'].text) end } return '' end |
#scan_stop(uuid) ⇒ Object
stop scan identified by scan_uuid
250 251 252 253 254 |
# File 'lib/nessus-xmlrpc.rb', line 250 def scan_stop(uuid) post= { "token" => @token, "scan_uuid" => uuid } docxml=nessus_request('scan/stop', post) return docxml end |
#scan_stop_all ⇒ Object
end
263 264 265 266 267 268 269 |
# File 'lib/nessus-xmlrpc.rb', line 263 def scan_stop_all b=scan_list_uids b.each {|uuid| scan_stop(uuid) } return b end |
#users_list ⇒ Object
408 409 410 411 412 |
# File 'lib/nessus-xmlrpc.rb', line 408 def users_list post= { "token" => @token } docxml=nessus_request('users/list', post) return docxml end |