Class: NessusREST::Client
- Inherits:
-
Object
- Object
- NessusREST::Client
- Defined in:
- lib/nessus_rest.rb
Overview
Client class implementation of Nessus (6+) JSON REST protocol. Class which uses standard JSON lib to parse nessus JSON REST replies.
Typical Usage:
require 'nessus_rest'
n=NessusREST::Client.new ({:url=>'https://localhost:8834', :username=>'user', :password=> 'password'})
qs=n.scan_quick_template('basic','name-of-scan','localhost')
scanid=qs['scan']['id']
n.scan_wait4finish(scanid)
n.report_download_file(scanid,'csv','myscanreport.csv')
Instance Attribute Summary collapse
-
#autologin ⇒ Object
Returns the value of attribute autologin.
-
#defsleep ⇒ Object
Returns the value of attribute defsleep.
-
#httpretry ⇒ Object
Returns the value of attribute httpretry.
-
#httpsleep ⇒ Object
Returns the value of attribute httpsleep.
-
#quick_defaults ⇒ Object
Returns the value of attribute quick_defaults.
-
#ssl_use ⇒ Object
Returns the value of attribute ssl_use.
-
#ssl_verify ⇒ Object
Returns the value of attribute ssl_verify.
-
#x_cookie ⇒ Object
readonly
Returns the value of attribute x_cookie.
Instance Method Summary collapse
-
#authdefault ⇒ Object
Tries to authenticate to the Nessus REST JSON interface.
-
#authenticate(username, password) ⇒ Object
(also: #login)
Tries to authenticate to the Nessus REST JSON interface.
-
#authenticated ⇒ Object
checks if we’re logged in correctly.
-
#editor_templates(type, uuid) ⇒ Object
Get template by type and uuid.
-
#get_server_properties ⇒ Object
(also: #server_properties)
try to get server properties.
-
#host_detail(scan_id, host_id) ⇒ Object
Get host details from the scan.
-
#http_delete(opts = {}) ⇒ Object
Perform HTTP delete method with uri, data and fields.
- #http_delete_low(opts = {}) ⇒ Object
-
#http_get(opts = {}) ⇒ Object
Perform HTTP get method with uri and fields.
- #http_get_low(opts = {}) ⇒ Object
-
#http_post(opts = {}) ⇒ Object
Perform HTTP post method with uri, data, body and fields.
- #http_post_low(opts = {}) ⇒ Object
-
#http_put(opts = {}) ⇒ Object
Perform HTTP put method with uri, data and fields.
- #http_put_low(opts = {}) ⇒ Object
-
#init_quick_defaults ⇒ Object
initialize quick scan defaults: these will be used when not specifying defaults.
-
#initialize(params = {}) {|@connection| ... } ⇒ Client
constructor
initialize object: try to connect to Nessus Scanner using URL, user and password (or any other defaults).
-
#is_admin ⇒ Object
check if logged in user is administrator.
-
#list_families ⇒ Object
Get List of Families.
-
#list_folders ⇒ Object
Get List of Folders.
-
#list_plugins(family_id) ⇒ Object
Get List of Plugins.
-
#list_policies ⇒ Object
Get List of Policies.
-
#list_scanners ⇒ Object
Get List of Scanners.
-
#list_templates(type) ⇒ Object
Get List of Templates.
-
#list_users ⇒ Object
Get List of Users.
-
#parse_json(body) ⇒ Object
Perform JSON parsing of body.
- #plugin_details(plugin_id) ⇒ Object
- #policy_delete(policy_id) ⇒ Object
- #report_download(scan_id, file_id) ⇒ Object
- #report_download_file(scan_id, format, outputfn) ⇒ Object
- #report_download_quick(scan_id, format) ⇒ Object
- #scan_create(uuid, settings) ⇒ Object
-
#scan_delete(scan_id) ⇒ Object
delete scan with scan_id.
- #scan_details(scan_id) ⇒ Object
- #scan_export(scan_id, format) ⇒ Object
- #scan_export_status(scan_id, file_id) ⇒ Object
- #scan_finished?(scan_id) ⇒ Boolean
- #scan_launch(scan_id) ⇒ Object
-
#scan_list ⇒ Object
(also: #list_scans)
Get List of Scans.
- #scan_pause(scan_id) ⇒ Object
-
#scan_quick_policy(policyname, name, targets) ⇒ Object
Performs scan with scan policy provided (uuid of policy or policy name).
-
#scan_quick_template(templatename, name, targets) ⇒ Object
Performs scan with templatename provided (name, title or uuid of scan).
- #scan_resume(scan_id) ⇒ Object
- #scan_status(scan_id) ⇒ Object
- #scan_stop(scan_id) ⇒ Object
- #scan_wait4finish(scan_id) ⇒ Object
-
#server_status ⇒ Object
Get server status.
-
#user_add(username, password, permissions, type) ⇒ Object
Add user to server.
-
#user_chpasswd(user_id, password) ⇒ Object
change password for user_id.
-
#user_delete(user_id) ⇒ Object
delete user with user_id.
-
#user_logout ⇒ Object
(also: #logout)
logout from the server.
Constructor Details
#initialize(params = {}) {|@connection| ... } ⇒ Client
initialize object: try to connect to Nessus Scanner using URL, user and password (or any other defaults)
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 |
# File 'lib/nessus_rest.rb', line 82 def initialize(params={}) # defaults @nessusurl = params.fetch(:url,'https://127.0.0.1:8834/') @username = params.fetch(:username,'nessus') @password = params.fetch(:password,'nessus') @ssl_verify = params.fetch(:ssl_verify,false) @ssl_use = params.fetch(:ssl_use,true) @autologin = params.fetch(:autologin, true) @defsleep = params.fetch(:defsleep, 1) @httpretry = params.fetch(:httpretry, 3) @httpsleep = params.fetch(:httpsleep, 1) init_quick_defaults() uri = URI.parse(@nessusurl) @connection = Net::HTTP.new(uri.host, uri.port) @connection.use_ssl = @ssl_use if @ssl_verify @connection.verify_mode = OpenSSL::SSL::VERIFY_PEER else @connection.verify_mode = OpenSSL::SSL::VERIFY_NONE end yield @connection if block_given? authenticate(@username, @password) if @autologin end |
Instance Attribute Details
#autologin ⇒ Object
Returns the value of attribute autologin.
55 56 57 |
# File 'lib/nessus_rest.rb', line 55 def autologin @autologin end |
#defsleep ⇒ Object
Returns the value of attribute defsleep.
55 56 57 |
# File 'lib/nessus_rest.rb', line 55 def defsleep @defsleep end |
#httpretry ⇒ Object
Returns the value of attribute httpretry.
55 56 57 |
# File 'lib/nessus_rest.rb', line 55 def httpretry @httpretry end |
#httpsleep ⇒ Object
Returns the value of attribute httpsleep.
55 56 57 |
# File 'lib/nessus_rest.rb', line 55 def httpsleep @httpsleep end |
#quick_defaults ⇒ Object
Returns the value of attribute quick_defaults.
54 55 56 |
# File 'lib/nessus_rest.rb', line 54 def quick_defaults @quick_defaults end |
#ssl_use ⇒ Object
Returns the value of attribute ssl_use.
55 56 57 |
# File 'lib/nessus_rest.rb', line 55 def ssl_use @ssl_use end |
#ssl_verify ⇒ Object
Returns the value of attribute ssl_verify.
55 56 57 |
# File 'lib/nessus_rest.rb', line 55 def ssl_verify @ssl_verify end |
#x_cookie ⇒ Object (readonly)
Returns the value of attribute x_cookie.
56 57 58 |
# File 'lib/nessus_rest.rb', line 56 def @x_cookie end |
Instance Method Details
#authdefault ⇒ Object
Tries to authenticate to the Nessus REST JSON interface
returns: true if logged in, false if not
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :autologin=>false,
:username=>'nessususer', :password=>'nessuspassword')
if n.authdefault
puts “Logged in”
else
puts “Error”
end
142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/nessus_rest.rb', line 142 def authdefault payload = { :username => @username, :password => @password, :json => 1, :authenticationmethod => true } res = http_post(:uri=>"/session", :data=>payload) if res['token'] @token = "token=#{res['token']}" @x_cookie = {'X-Cookie'=>@token} return true else false end end |
#authenticate(username, password) ⇒ Object Also known as: login
Tries to authenticate to the Nessus REST JSON interface
returns: true if logged in, false if not
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :autologin=>false)
if n.authenticate('user','pass')
puts “Logged in”
else
puts “Error”
end
122 123 124 125 126 |
# File 'lib/nessus_rest.rb', line 122 def authenticate(username, password) @username = username @password = password authdefault end |
#authenticated ⇒ Object
checks if we’re logged in correctly
returns: true if logged in, false if not
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
if n.authenticated
puts “Logged in”
else
puts “Error”
end
171 172 173 174 175 176 177 |
# File 'lib/nessus_rest.rb', line 171 def authenticated if (@token && @token.include?('token=')) return true else return false end end |
#editor_templates(type, uuid) ⇒ Object
Get template by type and uuid. Type can be ‘policy’ or ‘scan’
returns: JSON parsed object with template
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.editor_templates('scan',uuid)
465 466 467 |
# File 'lib/nessus_rest.rb', line 465 def editor_templates (type, uuid) res = http_get(:uri=>"/editor/#{type}/templates/#{uuid}", :fields=>) end |
#get_server_properties ⇒ Object Also known as: server_properties
try to get server properties
returns: JSON parsed object with server properties
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.get_server_properties
187 188 189 |
# File 'lib/nessus_rest.rb', line 187 def get_server_properties http_get(:uri=>"/server/properties", :fields=>) end |
#host_detail(scan_id, host_id) ⇒ Object
Get host details from the scan
returns: JSON parsed object with host details
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.host_detail(123, 1234)
560 561 562 |
# File 'lib/nessus_rest.rb', line 560 def host_detail(scan_id, host_id) res = http_get(:uri=>"/scans/#{scan_id}/hosts/#{host_id}", :fields=>) end |
#http_delete(opts = {}) ⇒ Object
Perform HTTP delete method with uri, data and fields
returns: HTTP result object
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
res = n.http_delete(:uri=>"/session", :fields=>n.x_cookie)
puts res.code
656 657 658 659 660 661 662 663 664 665 |
# File 'lib/nessus_rest.rb', line 656 def http_delete(opts={}) ret=http_delete_low(opts) if ret.is_a?(Hash) and ret.has_key?('error') and ret['error']=='Invalid Credentials' then authdefault ret=http_delete_low(opts) return ret else return ret end end |
#http_delete_low(opts = {}) ⇒ Object
667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 |
# File 'lib/nessus_rest.rb', line 667 def http_delete_low(opts={}) uri = opts[:uri] fields = opts[:fields] || {} res = nil tries = @httpretry req = Net::HTTP::Delete.new(uri) fields.each_pair do |name, value| req.add_field(name, value) end begin tries -= 1 res = @connection.request(req) rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e if tries>0 sleep @httpsleep retry else return res end rescue URI::InvalidURIError return res end res end |
#http_get(opts = {}) ⇒ Object
Perform HTTP get method with uri and fields
returns: JSON parsed object (if JSON parseable)
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.http_get(:uri=>"/users", :fields=>n.x_cookie)
704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 |
# File 'lib/nessus_rest.rb', line 704 def http_get(opts={}) raw_content = opts[:raw_content] || false ret=http_get_low(opts) if !raw_content then if ret.is_a?(Hash) and ret.has_key?('error') and ret['error']=='Invalid Credentials' then authdefault ret=http_get_low(opts) return ret else return ret end else return ret end end |
#http_get_low(opts = {}) ⇒ Object
720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 |
# File 'lib/nessus_rest.rb', line 720 def http_get_low(opts={}) uri = opts[:uri] fields = opts[:fields] || {} raw_content = opts[:raw_content] || false json = {} tries = @httpretry req = Net::HTTP::Get.new(uri) fields.each_pair do |name, value| req.add_field(name, value) end begin tries -= 1 res = @connection.request(req) rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e if tries>0 sleep @httpsleep retry else return json end rescue URI::InvalidURIError return json end if !raw_content parse_json(res.body) else res.body end end |
#http_post(opts = {}) ⇒ Object
Perform HTTP post method with uri, data, body and fields
returns: JSON parsed object (if JSON parseable)
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.http_post(:uri=>"/scans/#{scan_id}/launch", :fields=>n.x_cookie)
760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 |
# File 'lib/nessus_rest.rb', line 760 def http_post(opts={}) if opts.has_key?(:authenticationmethod) then # i know authzmethod = opts.delete(:authorizationmethod) is short, but not readable authzmethod = opts[:authenticationmethod] opts.delete(:authenticationmethod) end ret=http_post_low(opts) if ret.is_a?(Hash) and ret.has_key?('error') and ret['error']=='Invalid Credentials' then if not authzmethod authdefault ret=http_post_low(opts) return ret end else return ret end end |
#http_post_low(opts = {}) ⇒ Object
778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 |
# File 'lib/nessus_rest.rb', line 778 def http_post_low(opts={}) uri = opts[:uri] data = opts[:data] fields = opts[:fields] || {} body = opts[:body] ctype = opts[:ctype] json = {} tries = @httpretry req = Net::HTTP::Post.new(uri) req.set_form_data(data) unless (data.nil? || data.empty?) req.body = body unless (body.nil? || body.empty?) req['Content-Type'] = ctype unless (ctype.nil? || ctype.empty?) fields.each_pair do |name, value| req.add_field(name, value) end begin tries -= 1 res = @connection.request(req) rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e if tries>0 sleep @httpsleep retry else return json end rescue URI::InvalidURIError return json end parse_json(res.body) end |
#http_put(opts = {}) ⇒ Object
Perform HTTP put method with uri, data and fields
returns: HTTP result object
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
payload = {
:password => password,
:json => 1
}
res = n.http_put(:uri=>"/users/#{user_id}/chpasswd", :data=>payload, :fields=>n.x_cookie)
puts res.code
606 607 608 609 610 611 612 613 614 615 |
# File 'lib/nessus_rest.rb', line 606 def http_put(opts={}) ret=http_put_low(opts) if ret.is_a?(Hash) and ret.has_key?('error') and ret['error']=='Invalid Credentials' then authdefault ret=http_put_low(opts) return ret else return ret end end |
#http_put_low(opts = {}) ⇒ Object
617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 |
# File 'lib/nessus_rest.rb', line 617 def http_put_low(opts={}) uri = opts[:uri] data = opts[:data] fields = opts[:fields] || {} res = nil tries = @httpretry req = Net::HTTP::Put.new(uri) req.set_form_data(data) unless (data.nil? || data.empty?) fields.each_pair do |name, value| req.add_field(name, value) end begin tries -= 1 res = @connection.request(req) rescue Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError => e if tries>0 sleep @httpsleep retry else return res end rescue URI::InvalidURIError return res end res end |
#init_quick_defaults ⇒ Object
initialize quick scan defaults: these will be used when not specifying defaults
Usage:
n.init_quick_defaults()
68 69 70 71 72 73 74 |
# File 'lib/nessus_rest.rb', line 68 def init_quick_defaults @quick_defaults=Hash.new @quick_defaults['enabled']=false @quick_defaults['launch']='ONETIME' @quick_defaults['launch_now']=true @quick_defaults['description']='Created with nessus_rest' end |
#is_admin ⇒ Object
check if logged in user is administrator
returns: boolean value depending if user is administrator or not
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
if n.is_admin
puts “Administrator”
else
puts “NOT administrator”
end
358 359 360 361 362 363 364 365 |
# File 'lib/nessus_rest.rb', line 358 def is_admin res = http_get(:uri=>"/session", :fields=>) if res['permissions'] == 128 return true else return false end end |
#list_families ⇒ Object
Get List of Families
returns: JSON parsed object with list of families
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_families
314 315 316 |
# File 'lib/nessus_rest.rb', line 314 def list_families http_get(:uri=>"/plugins/families", :fields=>) end |
#list_folders ⇒ Object
Get List of Folders
returns: JSON parsed object with list of folders
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_folders
290 291 292 |
# File 'lib/nessus_rest.rb', line 290 def list_folders http_get(:uri=>"/folders", :fields=>) end |
#list_plugins(family_id) ⇒ Object
Get List of Plugins
returns: JSON parsed object with list of plugins
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_plugins
326 327 328 |
# File 'lib/nessus_rest.rb', line 326 def list_plugins(family_id) http_get(:uri=>"/plugins/families/#{family_id}", :fields=>) end |
#list_policies ⇒ Object
Get List of Policies
returns: JSON parsed object with list of policies
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_policies
266 267 268 |
# File 'lib/nessus_rest.rb', line 266 def list_policies http_get(:uri=>"/policies", :fields=>) end |
#list_scanners ⇒ Object
Get List of Scanners
returns: JSON parsed object with list of scanners
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_scanners
302 303 304 |
# File 'lib/nessus_rest.rb', line 302 def list_scanners http_get(:uri=>"/scanners", :fields=>) end |
#list_templates(type) ⇒ Object
Get List of Templates
returns: JSON parsed object with list of templates
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_templates
338 339 340 |
# File 'lib/nessus_rest.rb', line 338 def list_templates(type) res = http_get(:uri=>"/editor/#{type}/templates", :fields=>) end |
#list_users ⇒ Object
Get List of Users
returns: JSON parsed object with list of users
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.list_users
278 279 280 |
# File 'lib/nessus_rest.rb', line 278 def list_users http_get(:uri=>"/users", :fields=>) end |
#parse_json(body) ⇒ Object
Perform JSON parsing of body
returns: JSON parsed object (if JSON parseable)
816 817 818 819 820 821 822 823 824 825 |
# File 'lib/nessus_rest.rb', line 816 def parse_json(body) buf = {} begin buf = JSON.parse(body) rescue JSON::ParserError end buf end |
#plugin_details(plugin_id) ⇒ Object
342 343 344 |
# File 'lib/nessus_rest.rb', line 342 def plugin_details(plugin_id) http_get(:uri=>"/plugins/plugin/#{plugin_id}", :fields=>) end |
#policy_delete(policy_id) ⇒ Object
452 453 454 455 |
# File 'lib/nessus_rest.rb', line 452 def policy_delete(policy_id) res = http_delete(:uri=>"/policies/#{policy_id}", :fields=>) return res.code end |
#report_download(scan_id, file_id) ⇒ Object
564 565 566 |
# File 'lib/nessus_rest.rb', line 564 def report_download(scan_id, file_id) res = http_get(:uri=>"/scans/#{scan_id}/export/#{file_id}/download", :raw_content=> true, :fields=>) end |
#report_download_file(scan_id, format, outputfn) ⇒ Object
582 583 584 585 586 587 |
# File 'lib/nessus_rest.rb', line 582 def report_download_file(scan_id, format, outputfn) report_content=report_download_quick(scan_id, format) File.open(outputfn, 'w') do |f| f.write(report_content) end end |
#report_download_quick(scan_id, format) ⇒ Object
568 569 570 571 572 573 574 575 576 577 578 579 580 |
# File 'lib/nessus_rest.rb', line 568 def report_download_quick(scan_id, format) se=scan_export(scan_id,format) # ready, loading while (status = scan_export_status(scan_id,se['file'])['status']) != "ready" do # puts status if status.nil? or status == '' then return nil end sleep @defsleep end rf=report_download(scan_id,se['file']) return rf end |
#scan_create(uuid, settings) ⇒ Object
379 380 381 382 383 384 385 386 |
# File 'lib/nessus_rest.rb', line 379 def scan_create(uuid, settings) payload = { :uuid => uuid, :settings => settings, :json => 1 }.to_json http_post(:uri=>"/scans", :body=>payload, :fields=>, :ctype=>'application/json') end |
#scan_delete(scan_id) ⇒ Object
delete scan with scan_id
returns: boolean (true if deleted)
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
puts n.scan_delete(1)
444 445 446 447 448 449 450 |
# File 'lib/nessus_rest.rb', line 444 def scan_delete(scan_id) res = http_delete(:uri=>"/scans/#{scan_id}", :fields=>) if res.code == 200 then return true end return false end |
#scan_details(scan_id) ⇒ Object
405 406 407 |
# File 'lib/nessus_rest.rb', line 405 def scan_details(scan_id) http_get(:uri=>"/scans/#{scan_id}", :fields=>) end |
#scan_export(scan_id, format) ⇒ Object
421 422 423 424 425 426 |
# File 'lib/nessus_rest.rb', line 421 def scan_export(scan_id, format) payload = { :format => format }.to_json http_post(:uri=>"/scans/#{scan_id}/export", :body=>payload, :ctype=>'application/json', :fields=>) end |
#scan_export_status(scan_id, file_id) ⇒ Object
428 429 430 431 432 433 434 |
# File 'lib/nessus_rest.rb', line 428 def scan_export_status(scan_id, file_id) request = Net::HTTP::Get.new("/scans/#{scan_id}/export/#{file_id}/status") request.add_field("X-Cookie", @token) res = @connection.request(request) res = JSON.parse(res.body) return res end |
#scan_finished?(scan_id) ⇒ Boolean
537 538 539 540 541 542 543 |
# File 'lib/nessus_rest.rb', line 537 def scan_finished?(scan_id) ss=scan_status(scan_id) if ss == 'completed' or ss == 'canceled' or ss == 'imported' then return true end return false end |
#scan_launch(scan_id) ⇒ Object
388 389 390 |
# File 'lib/nessus_rest.rb', line 388 def scan_launch(scan_id) http_post(:uri=>"/scans/#{scan_id}/launch", :fields=>) end |
#scan_list ⇒ Object Also known as: list_scans
Get List of Scans
returns: JSON parsed object with list of scans
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.scan_list
400 401 402 |
# File 'lib/nessus_rest.rb', line 400 def scan_list http_get(:uri=>"/scans", :fields=>) end |
#scan_pause(scan_id) ⇒ Object
409 410 411 |
# File 'lib/nessus_rest.rb', line 409 def scan_pause(scan_id) http_post(:uri=>"/scans/#{scan_id}/pause", :fields=>) end |
#scan_quick_policy(policyname, name, targets) ⇒ Object
Performs scan with scan policy provided (uuid of policy or policy name). Name is your scan name and targets are targets for scan
returns: JSON parsed object with scan info
Usage:
require 'nessus_rest'
n=NessusREST::Client.new ({:url=>'https://localhost:8834', :username=>'user', :password=> 'password'})
qs=n.scan_quick_policy('myscanpolicy','name-of-scan','localhost')
scanid=qs['scan']['id']
n.scan_wait4finish(scanid)
n.report_download_file(scanid,'nessus','myscanreport.nessus')
514 515 516 517 518 519 520 521 522 523 524 525 526 527 |
# File 'lib/nessus_rest.rb', line 514 def scan_quick_policy (policyname, name, targets) templates=list_policies['policies'].select do |pol| pol['template_uuid'] == policyname or pol['name'] == policyname end if templates.nil? then return nil end tuuid=templates.first['template_uuid'] et=Hash.new et.merge!(@quick_defaults) et['name']=name et['text_targets']=targets sc=scan_create(tuuid,et) end |
#scan_quick_template(templatename, name, targets) ⇒ Object
Performs scan with templatename provided (name, title or uuid of scan). Name is your scan name and targets are targets for scan
returns: JSON parsed object with scan info
Usage:
require 'nessus_rest'
n=NessusREST::Client.new ({:url=>'https://localhost:8834', :username=>'user', :password=> 'password'})
qs=n.scan_quick_template('basic','name-of-scan','localhost')
scanid=qs['scan']['id']
n.scan_wait4finish(scanid)
n.report_download_file(scanid,'csv','myscanreport.csv')
484 485 486 487 488 489 490 491 492 493 494 495 496 497 |
# File 'lib/nessus_rest.rb', line 484 def scan_quick_template (templatename, name, targets) templates=list_templates('scan')['templates'].select do |temp| temp['uuid'] == templatename or temp['name'] == templatename or temp['title'] == templatename end if templates.nil? then return nil end tuuid=templates.first['uuid'] et=editor_templates('scan',tuuid) et.merge!(@quick_defaults) et['name']=name et['text_targets']=targets sc=scan_create(tuuid,et) end |
#scan_resume(scan_id) ⇒ Object
413 414 415 |
# File 'lib/nessus_rest.rb', line 413 def scan_resume(scan_id) http_post(:uri=>"/scans/#{scan_id}/resume", :fields=>) end |
#scan_status(scan_id) ⇒ Object
529 530 531 532 533 534 535 |
# File 'lib/nessus_rest.rb', line 529 def scan_status(scan_id) sd=scan_details(scan_id) if not sd['error'].nil? return 'error' end return sd['info']['status'] end |
#scan_stop(scan_id) ⇒ Object
417 418 419 |
# File 'lib/nessus_rest.rb', line 417 def scan_stop(scan_id) http_post(:uri=>"/scans/#{scan_id}/stop", :fields=>) end |
#scan_wait4finish(scan_id) ⇒ Object
545 546 547 548 549 550 |
# File 'lib/nessus_rest.rb', line 545 def scan_wait4finish(scan_id) while not scan_finished?(scan_id) do # puts scan_status(scan_id) sleep @defsleep end end |
#server_status ⇒ Object
Get server status
returns: JSON parsed object with server status
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.server_status
375 376 377 |
# File 'lib/nessus_rest.rb', line 375 def server_status http_get(:uri=>"/server/status", :fields=>) end |
#user_add(username, password, permissions, type) ⇒ Object
Add user to server
returns: JSON parsed object
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
pp n.user_add('user','password','16','local')
Reference: localhost:8834/api#/resources/users/create
203 204 205 206 207 208 209 210 211 212 |
# File 'lib/nessus_rest.rb', line 203 def user_add(username, password, , type) payload = { :username => username, :password => password, :permissions => , :type => type, :json => 1 } http_post(:uri=>"/users", :fields=>, :data=>payload) end |
#user_chpasswd(user_id, password) ⇒ Object
change password for user_id
returns: result code
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
puts n.user_chpasswd(1,'newPassword')
235 236 237 238 239 240 241 242 |
# File 'lib/nessus_rest.rb', line 235 def user_chpasswd(user_id, password) payload = { :password => password, :json => 1 } res = http_put(:uri=>"/users/#{user_id}/chpasswd", :data=>payload, :fields=>) return res.code end |
#user_delete(user_id) ⇒ Object
delete user with user_id
returns: result code
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
puts n.user_delete(1)
222 223 224 225 |
# File 'lib/nessus_rest.rb', line 222 def user_delete(user_id) res = http_delete(:uri=>"/users/#{user_id}", :fields=>) return res.code end |
#user_logout ⇒ Object Also known as: logout
logout from the server
returns: result code
Usage:
n=NessusREST::Client.new (:url=>'https://localhost:8834', :username=>'user', :password=> 'password')
puts n.user_logout
252 253 254 255 |
# File 'lib/nessus_rest.rb', line 252 def user_logout res = http_delete(:uri=>"/session", :fields=>) return res.code end |