Class: Nexpose::ScanTemplate

Inherits:
Object
  • Object
show all
Includes:
Sanitize
Defined in:
lib/nexpose/scan_template.rb

Overview

Configuration object for a scan template.

The constructor is designed to take a valid XML representation of a scan template. If you wish to create a new scan template from scratch, use the #load method without a template ID. If you wish to copy and modify an existing template, use the #copy method.

This class is only a partial representation of some of the features available for configuration.

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Methods included from Sanitize

#replace_entities

Constructor Details

#initialize(xml) ⇒ ScanTemplate

Returns a new instance of ScanTemplate.

Parameters:

  • xml (String)

    XML representation of a scan template.



55
56
57
 
# File 'lib/nexpose/scan_template.rb', line 55

def initialize(xml)
  @xml = REXML::Document.new(xml)
end

Instance Attribute Details

#xmlObject (readonly)

Parsed XML of a scan template.



52
53
54
 
# File 'lib/nexpose/scan_template.rb', line 52

def xml
  @xml
end

Class Method Details

.copy(nsc, id) ⇒ ScanTemplate

Copy an existing scan template, changing the id and title.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.

  • id (String)

    Unique identifier of an existing scan template.

Returns:

  • (ScanTemplate)

    A copy of the requested scan template configuration.



399
400
401
402
403
404
 
# File 'lib/nexpose/scan_template.rb', line 399

def self.copy(nsc, id)
  dupe = load(nsc, id)
  dupe.id = '#NewScanTemplate#'
  dupe.name = "#{dupe.name} Copy"
  dupe
end

.load(nsc, id = nil) ⇒ ScanTemplate

Load a scan template.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.

  • id (String) (defaults to: nil)

    Unique identifier of an existing scan template. If no ID is provided, a blank, base template will be returned.

Returns:

  • (ScanTemplate)

    The requested scan template configuration.



383
384
385
386
387
388
389
390
391
 
# File 'lib/nexpose/scan_template.rb', line 383

def self.load(nsc, id = nil)
  if id
    response = JSON.parse(AJAX.get(nsc, "/data/scan/templates/#{URI.encode(id)}"))
    xml = response['value']
  else
    xml = AJAX.get(nsc, '/ajax/scantemplate_config.txml')
  end
  new(xml)
end

Instance Method Details

#_disable_check(check, elem) ⇒ Object 



309
310
311
312
313
 
# File 'lib/nexpose/scan_template.rb', line 309

def _disable_check(check, elem)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Enabled/#{elem}[@name='#{check}']")
  checks.elements['Disabled'].add_element(elem, { 'name' => check })
end

#_enable_check(check, elem) ⇒ Object 



303
304
305
306
307
 
# File 'lib/nexpose/scan_template.rb', line 303

def _enable_check(check, elem)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/#{elem}[@name='#{check}']")
  checks.elements['Enabled'].add_element(elem, { 'name' => check })
end

#_remove_check(check, elem) ⇒ Object 



315
316
317
318
319
 
# File 'lib/nexpose/scan_template.rb', line 315

def _remove_check(check, elem)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/#{elem}[@name='#{check}']")
  checks.elements.delete("Enabled/#{elem}[@name='#{check}']")
end

#checks_by_categoryArray[String]

Get a list of the check categories enabled for this scan template.

Returns:

  • (Array[String])

    List of enabled categories.



239
240
241
242
 
# File 'lib/nexpose/scan_template.rb', line 239

def checks_by_category
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
  checks.elements.to_a('VulnCategory').map { |c| c.attributes['name'] }
end

#checks_by_typeArray[String]

Get a list of the check types enabled for this scan template.

Returns:

  • (Array[String])

    List of enabled check types.



273
274
275
276
 
# File 'lib/nexpose/scan_template.rb', line 273

def checks_by_type
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
  checks.elements.to_a('CheckType').map { |c| c.attributes['name'] }
end

#correlate=(enable) ⇒ Object

Adjust whether to correlate reliable checks with regular checks.

Parameters:

  • enable (Boolean)

    Whether to turn on vulnerability correlation.



202
203
204
205
 
# File 'lib/nexpose/scan_template.rb', line 202

def correlate=(enable)
  vuln_checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  vuln_checks.attributes['correlate'] = enable ? '1' : '0'
end

#correlate?Boolean

Returns Whether to correlate reliable checks with regular checks.

Returns:

  • (Boolean)

    Whether to correlate reliable checks with regular checks.



195
196
197
198
 
# File 'lib/nexpose/scan_template.rb', line 195

def correlate?
  vuln_checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  vuln_checks.attributes['correlate'] == '1'
end

#delete(nsc) ⇒ Object

Delete this scan template from the console. Cannot be used to delete a built-in template.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.



411
412
413
 
# File 'lib/nexpose/scan_template.rb', line 411

def delete(nsc)
  nsc.delete_scan_template(@id)
end

#descriptionString

Returns Description of this scan template.

Returns:

  • (String)

    Description of this scan template.



91
92
93
94
 
# File 'lib/nexpose/scan_template.rb', line 91

def description
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  desc.nil? ? nil : desc.text.to_s
end

#description=(description) ⇒ Object

Assign a description to this scan template. Require attribute.

Parameters:

  • description (String)

    Description of the scan template.



98
99
100
101
102
103
104
105
106
107
108
 
# File 'lib/nexpose/scan_template.rb', line 98

def description=(description)
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  if desc
    desc.text = replace_entities(description)
  else
    root = REXML::XPath.first(xml, 'ScanTemplate')
    desc = REXML::Element.new('templateDescription')
    desc.add_text(description)
    root.add_element(desc)
  end
end

#disable_checks_by_category(category) ⇒ Object

Disable checks by category for this template.

Parameters:

  • category (String)

    Category to disable. @see #list_vuln_categories



256
257
258
 
# File 'lib/nexpose/scan_template.rb', line 256

def disable_checks_by_category(category)
  _disable_check(category, 'VulnCategory')
end

#disable_checks_by_type(type) ⇒ Object

Disable checks by type for this template.

Parameters:

  • type (String)

    Type to disable. @see #list_vuln_types



290
291
292
 
# File 'lib/nexpose/scan_template.rb', line 290

def disable_checks_by_type(type)
  _disable_check(type, 'CheckType')
end

#disable_vuln_check(check_id) ⇒ Object

Disable individual check for this template.

Parameters:

  • check_id (String)

    Unique identifier of vuln check.



344
345
346
347
348
 
# File 'lib/nexpose/scan_template.rb', line 344

def disable_vuln_check(check_id)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Enabled/Check[@id='#{check_id}']")
  checks.elements['Disabled'].add_element('Check', { 'id' => check_id })
end

#enable_checks_by_category(category) ⇒ Object

Enable checks by category for this template.

Parameters:

  • category (String)

    Category to enable. @see #list_vuln_categories



248
249
250
 
# File 'lib/nexpose/scan_template.rb', line 248

def enable_checks_by_category(category)
  _enable_check(category, 'VulnCategory')
end

#enable_checks_by_type(type) ⇒ Object

Enable checks by type for this template.

Parameters:

  • type (String)

    Type to enable. @see #list_vuln_types



282
283
284
 
# File 'lib/nexpose/scan_template.rb', line 282

def enable_checks_by_type(type)
  _enable_check(type, 'CheckType')
end

#enable_tcp_ports=(enable) ⇒ Object

Disable TCP port scanning.

Parameters:

  • enable (Boolean)

    or disable TCP ports



167
168
169
170
 
# File 'lib/nexpose/scan_template.rb', line 167

def enable_tcp_ports=(enable)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/TCPPortScan')
  service_ports.attributes['mode'] = 'none' unless enable
end

#enable_udp_ports=(enable) ⇒ Object

Disable UDP port scanning.

Parameters:

  • enable (Boolean)

    or disable UDP ports



189
190
191
192
 
# File 'lib/nexpose/scan_template.rb', line 189

def enable_udp_ports=(enable)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/UDPPortScan')
  service_ports.attributes['mode'] = 'none' unless enable
end

#enable_vuln_check(check_id) ⇒ Object

Enable individual check for this template.

Parameters:

  • check_id (String)

    Unique identifier of vuln check.



334
335
336
337
338
 
# File 'lib/nexpose/scan_template.rb', line 334

def enable_vuln_check(check_id)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/Check[@id='#{check_id}']")
  checks.elements['Enabled'].add_element('Check', { 'id' => check_id })
end

#exclude_tcp_service_ports=(ports) ⇒ Object

Exclude TCP ports when scanning for services

Parameters:

  • ports (Array)

    to exclude from scan



160
161
162
163
 
# File 'lib/nexpose/scan_template.rb', line 160

def exclude_tcp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/ExcludedTCPPortScan')
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#exclude_udp_service_ports=(ports) ⇒ Object

Exclude UDP ports when scanning for services

Parameters:

  • ports (Array)

    to exclude from scan



182
183
184
185
 
# File 'lib/nexpose/scan_template.rb', line 182

def exclude_udp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/ExcludedUDPPortScan')
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#idString

Returns Unique identifier of the scan template.

Returns:

  • (String)

    Unique identifier of the scan template.



60
61
62
63
 
# File 'lib/nexpose/scan_template.rb', line 60

def id
  root = REXML::XPath.first(@xml, 'ScanTemplate')
  root.attributes['id']
end

#id=(value) ⇒ Object 



65
66
67
68
 
# File 'lib/nexpose/scan_template.rb', line 65

def id=(value)
  root = REXML::XPath.first(@xml, 'ScanTemplate')
  root.attributes['id'] = value
end

#nameString

Returns Name or title of this scan template.

Returns:

  • (String)

    Name or title of this scan template.



71
72
73
74
 
# File 'lib/nexpose/scan_template.rb', line 71

def name
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  desc.nil? ? nil : desc.attributes['title']
end

#name=(name) ⇒ Object

Assign name to this scan template. Required attribute.

Parameters:

  • name (String)

    Title to assign.



78
79
80
81
82
83
84
85
86
87
88
 
# File 'lib/nexpose/scan_template.rb', line 78

def name=(name)
  desc = REXML::XPath.first(@xml, 'ScanTemplate/templateDescription')
  if desc
    desc.attributes['title'] = replace_entities(name)
  else
    root = REXML::XPath.first(xml, 'ScanTemplate')
    desc = REXML::Element.new('templateDescription')
    desc.add_attribute('title', name)
    root.add_element(desc)
  end
end

#policy_scanning=(enable) ⇒ Object

Adjust whether to perform policy scanning with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on policy scanning.



131
132
133
134
 
# File 'lib/nexpose/scan_template.rb', line 131

def policy_scanning=(enable)
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disablePolicyScan'] = enable ? '0' : '1'
end

#policy_scanning?Boolean

Returns Whether policy scanning in enabled.

Returns:

  • (Boolean)

    Whether policy scanning in enabled.



124
125
126
127
 
# File 'lib/nexpose/scan_template.rb', line 124

def policy_scanning?
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disablePolicyScan'] == '0'
end

#potential_checks=(enable) ⇒ Object

Adjust whether to perform potential vulnerability checks with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on potential checks.



230
231
232
233
 
# File 'lib/nexpose/scan_template.rb', line 230

def potential_checks=(enable)
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['potential'] = enable ? '1' : '0'
end

#potential_checks?Boolean

Returns Whether potential vulnerability checks are performed with this template.

Returns:

  • (Boolean)

    Whether potential vulnerability checks are performed with this template.



223
224
225
226
 
# File 'lib/nexpose/scan_template.rb', line 223

def potential_checks?
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['potential'] == '1'
end

#remove_checks_by_category(category) ⇒ Object

Remove checks by category for this template. Removes both enabled and disabled checks.

Parameters:

  • category (String)

    Category to remove. @see #list_vuln_categories



265
266
267
 
# File 'lib/nexpose/scan_template.rb', line 265

def remove_checks_by_category(category)
  _remove_check(category, 'VulnCategory')
end

#remove_checks_by_type(type) ⇒ Object

Remove checks by type for this template. Removes both enabled and disabled checks.

Parameters:

  • type (String)

    Type to remove. @see #list_vuln_types



299
300
301
 
# File 'lib/nexpose/scan_template.rb', line 299

def remove_checks_by_type(type)
  _remove_check(type, 'CheckType')
end

#remove_vuln_check(check_id) ⇒ Object

Remove individual check for this template. Removes both enabled and disabled checks.

Parameters:

  • check_id (String)

    Unique identifier of vuln check.



355
356
357
358
359
 
# File 'lib/nexpose/scan_template.rb', line 355

def remove_vuln_check(check_id)
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks')
  checks.elements.delete("Disabled/Check[@id='#{check_id}']")
  checks.elements.delete("Enabled/Check[@id='#{check_id}']")
end

#save(nsc) ⇒ Object

Save this scan template configuration to a Nexpose console.

Parameters:

  • nsc (Connection)

    API connection to a Nexpose console.



365
366
367
368
369
370
371
372
373
374
 
# File 'lib/nexpose/scan_template.rb', line 365

def save(nsc)
  root = REXML::XPath.first(@xml, 'ScanTemplate')
  if root.attributes['id'] == '#NewScanTemplate#'
    response = JSON.parse(AJAX.post(nsc, '/data/scan/templates', xml))
    root.attributes['id'] = response['value']
  else
    response = JSON.parse(AJAX.put(nsc, "/data/scan/templates/#{URI.encode(id)}", xml))
  end
  response['value']
end

#tcp_service_ports=(ports) ⇒ Object

Add custom TCP ports to scan for services

Parameters:

  • ports (Array)

    to scan



151
152
153
154
155
156
 
# File 'lib/nexpose/scan_template.rb', line 151

def tcp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/TCPPortScan')
  service_ports.attributes['mode'] = "custom"
  service_ports.attributes['method'] = "syn"
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#udp_service_ports=(ports) ⇒ Object

Add custom UDP ports to scan for services

Parameters:

  • posts (Array)

    to scan



174
175
176
177
178
 
# File 'lib/nexpose/scan_template.rb', line 174

def udp_service_ports=(ports)
  service_ports = REXML::XPath.first(@xml, 'ScanTemplate/ServiceDiscovery/UDPPortScan')
  service_ports.attributes['mode'] = "custom"
  REXML::XPath.first(service_ports, './portList').text = ports.join(",")
end

#unsafe_checks=(enable) ⇒ Object

Adjust whether to perform unsafe vulnerability checks with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on unsafe checks.



216
217
218
219
 
# File 'lib/nexpose/scan_template.rb', line 216

def unsafe_checks=(enable)
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['unsafe'] = enable ? '1' : '0'
end

#unsafe_checks?Boolean

Returns Whether unsafe vulnerability checks are performed by this template.

Returns:

  • (Boolean)

    Whether unsafe vulnerability checks are performed by this template.



209
210
211
212
 
# File 'lib/nexpose/scan_template.rb', line 209

def unsafe_checks?
  checks = REXML::XPath.first(@xml, 'ScanTemplate/VulnerabilityChecks')
  checks.attributes['unsafe'] == '1'
end

#vuln_checksArray[String]

Get a list of the individual vuln checks enabled for this scan template.

Returns:

  • (Array[String])

    List of enabled vulnerability checks.



325
326
327
328
 
# File 'lib/nexpose/scan_template.rb', line 325

def vuln_checks
  checks = REXML::XPath.first(@xml, '//VulnerabilityChecks/Enabled')
  checks.elements.to_a('Check').map { |c| c.attributes['id'] }
end

#vuln_scanning=(enable) ⇒ Object

Adjust whether to perform vuln scanning with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on vuln scanning.



118
119
120
121
 
# File 'lib/nexpose/scan_template.rb', line 118

def vuln_scanning=(enable)
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableVulnScan'] = enable ? '0' : '1'
end

#vuln_scanning?Boolean

Returns Whether vuln scanning in enabled.

Returns:

  • (Boolean)

    Whether vuln scanning in enabled.



111
112
113
114
 
# File 'lib/nexpose/scan_template.rb', line 111

def vuln_scanning?
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableVulnScan'] == '0'
end

#web_spidering=(enable) ⇒ Object

Adjust whether to perform web spidering with this template.

Parameters:

  • enable (Boolean)

    Whether to turn on web spider scanning.



144
145
146
147
 
# File 'lib/nexpose/scan_template.rb', line 144

def web_spidering=(enable)
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableWebSpider'] = enable ? '0' : '1'
end

#web_spidering?Boolean

Returns Whether web spidering in enabled.

Returns:

  • (Boolean)

    Whether web spidering in enabled.



137
138
139
140
 
# File 'lib/nexpose/scan_template.rb', line 137

def web_spidering?
  gen = REXML::XPath.first(@xml, 'ScanTemplate/General')
  gen.attributes['disableWebSpider'] == '0'
end