2015-02-01 08:54:35 +00:00
|
|
|
require 'net/http'
|
|
|
|
|
|
|
|
|
|
module Nessus
|
|
|
|
|
class Client
|
|
|
|
|
class << self
|
|
|
|
|
@connection
|
|
|
|
|
@token
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def initialize(host, username = nil, password = nil, ssl_option = nil)
|
|
|
|
|
uri = URI.parse(host)
|
|
|
|
|
@connection = Net::HTTP.new(uri.host, uri.port)
|
|
|
|
|
@connection.use_ssl = true
|
|
|
|
|
if ssl_option == "ssl_verify"
|
2015-02-07 06:09:02 +00:00
|
|
|
@connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
|
2013-08-30 21:28:33 +00:00
|
|
|
else
|
2015-02-01 08:54:35 +00:00
|
|
|
@connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
yield @connection if block_given?
|
|
|
|
|
authenticate(username, password) if username && password
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def authenticate(username, password)
|
|
|
|
|
payload = {
|
|
|
|
|
:username => username,
|
|
|
|
|
:password => password,
|
2015-02-10 07:40:20 +00:00
|
|
|
:json => 1
|
2015-02-01 08:54:35 +00:00
|
|
|
}
|
2015-02-10 07:40:20 +00:00
|
|
|
res = http_post(:uri=>"/session", :data=>payload)
|
2015-02-13 17:48:10 +00:00
|
|
|
if res['token']
|
|
|
|
|
@token = "token=#{res['token']}"
|
|
|
|
|
return true
|
|
|
|
|
else
|
|
|
|
|
false
|
|
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
end
|
2015-02-07 06:09:02 +00:00
|
|
|
|
|
|
|
|
def x_cookie
|
|
|
|
|
{'X-Cookie'=>@token}
|
|
|
|
|
end
|
|
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
alias_method :login, :authenticate
|
|
|
|
|
|
|
|
|
|
def authenticated
|
|
|
|
|
if (@token && @token.include?('token='))
|
2013-08-30 21:28:33 +00:00
|
|
|
return true
|
|
|
|
|
else
|
2015-02-01 08:54:35 +00:00
|
|
|
return false
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
|
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def get_server_properties
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/server/properties", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
|
|
|
|
|
2015-02-05 17:18:22 +00:00
|
|
|
def user_add(username, password, permissions, type)
|
2015-02-01 08:54:35 +00:00
|
|
|
payload = {
|
|
|
|
|
:username => username,
|
|
|
|
|
:password => password,
|
|
|
|
|
:permissions => permissions,
|
|
|
|
|
:type => type,
|
2015-02-10 07:40:20 +00:00
|
|
|
:json => 1
|
2013-08-30 21:28:33 +00:00
|
|
|
}
|
2015-02-10 07:40:20 +00:00
|
|
|
http_post(:uri=>"/users", :fields=>x_cookie, :data=>payload)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def user_delete(user_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
res = http_delete(:uri=>"/users/#{user_id}", :fields=>x_cookie)
|
|
|
|
|
return res.code
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def user_chpasswd(user_id, password)
|
|
|
|
|
payload = {
|
|
|
|
|
:password => password,
|
2015-02-10 07:40:20 +00:00
|
|
|
:json => 1
|
2013-08-30 21:28:33 +00:00
|
|
|
}
|
2015-02-07 06:09:02 +00:00
|
|
|
res = http_put(:uri=>"/users/#{user_id}/chpasswd", :data=>payload, :fields=>x_cookie)
|
|
|
|
|
return res.code
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def user_logout
|
2015-02-10 07:40:20 +00:00
|
|
|
res = http_delete(:uri=>"/session", :fields=>x_cookie)
|
2015-02-07 06:09:02 +00:00
|
|
|
return res.code
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def list_policies
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/policies", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def list_users
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/users", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def list_folders
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/folders", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def list_scanners
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/scanners", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def list_families
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/plugins/families", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def list_plugins(family_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
http_get(:uri=>"/plugins/families/#{family_id}", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-10 07:40:20 +00:00
|
|
|
def list_template(type)
|
|
|
|
|
res = http_get(:uri=>"/editor/#{type}/templates", :fields=>x_cookie)
|
|
|
|
|
end
|
|
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def plugin_details(plugin_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
http_get(:uri=>"/plugins/plugin/#{plugin_id}", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def is_admin
|
2015-02-10 07:40:20 +00:00
|
|
|
res = http_get(:uri=>"/session", :fields=>x_cookie)
|
2015-02-07 06:09:02 +00:00
|
|
|
if res['permissions'] == 128
|
2013-08-30 21:28:33 +00:00
|
|
|
return true
|
|
|
|
|
else
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def server_properties
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/server/properties", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def scan_create(uuid, name, description, targets)
|
|
|
|
|
payload = {
|
|
|
|
|
:uuid => uuid,
|
|
|
|
|
:settings => {
|
|
|
|
|
:name => name,
|
|
|
|
|
:description => description,
|
|
|
|
|
:text_targets => targets
|
|
|
|
|
},
|
|
|
|
|
:json => 1
|
2015-02-07 06:09:02 +00:00
|
|
|
}.to_json
|
2015-02-10 07:40:20 +00:00
|
|
|
http_post(:uri=>"/scans", :body=>payload, :fields=>x_cookie, :ctype=>'application/json')
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def scan_launch(scan_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
http_post(:uri=>"/scans/#{scan_id}/launch", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def server_status
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/server/status", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def scan_list
|
2015-02-10 07:40:20 +00:00
|
|
|
http_get(:uri=>"/scans", :fields=>x_cookie)
|
2015-02-05 17:18:22 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def scan_details(scan_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
http_get(:uri=>"/scans/#{scan_id}", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def scan_pause(scan_id)
|
2015-02-10 07:40:20 +00:00
|
|
|
http_post(:uri=>"/scans/#{scan_id}/pause", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2015-02-01 08:54:35 +00:00
|
|
|
|
|
|
|
|
def scan_resume(scan_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
http_post(:uri=>"/scans/#{scan_id}/resume", :fields=>x_cookie)
|
2013-08-30 21:28:33 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def scan_stop(scan_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
http_post(:uri=>"/scans/#{scan_id}/stop", :fields=>x_cookie)
|
2015-02-01 08:54:35 +00:00
|
|
|
end
|
2010-09-20 02:18:25 +00:00
|
|
|
|
2015-02-05 17:18:22 +00:00
|
|
|
def scan_export(scan_id, format)
|
|
|
|
|
payload = {
|
|
|
|
|
:format => format
|
2015-02-07 06:09:02 +00:00
|
|
|
}.to_json
|
|
|
|
|
http_post(:uri=>"/scans/#{scan_id}/export", :body=>payload, :ctype=>'application/json', :fields=>x_cookie)
|
2015-02-05 17:18:22 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def scan_export_status(scan_id, file_id)
|
|
|
|
|
request = Net::HTTP::Get.new("/scans/#{scan_id}/export/#{file_id}/status")
|
|
|
|
|
request.add_field("X-Cookie", @token)
|
2015-02-10 07:40:20 +00:00
|
|
|
res = @connection.request(request)
|
2015-04-23 07:04:02 +00:00
|
|
|
return res.code, JSON.parse(res.body)
|
2015-02-05 17:18:22 +00:00
|
|
|
end
|
|
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
def policy_delete(policy_id)
|
2015-02-07 06:09:02 +00:00
|
|
|
res = http_delete(:uri=>"/policies/#{policy_id}", :fields=>x_cookie)
|
|
|
|
|
return res.code
|
2015-02-01 08:54:35 +00:00
|
|
|
end
|
2015-02-07 01:07:43 +00:00
|
|
|
|
2015-02-10 07:40:20 +00:00
|
|
|
def host_detail(scan_id, host_id)
|
|
|
|
|
res = http_get(:uri=>"/scans/#{scan_id}/hosts/#{host_id}", :fields=>x_cookie)
|
2015-02-07 01:07:43 +00:00
|
|
|
end
|
|
|
|
|
|
2015-02-11 09:11:10 +00:00
|
|
|
def report_download(scan_id, file_id)
|
|
|
|
|
res = http_get(:uri=>"/scans/#{scan_id}/export/#{file_id}/download", :raw_content=> true, :fields=>x_cookie)
|
2015-02-07 01:07:43 +00:00
|
|
|
end
|
|
|
|
|
|
2015-02-07 06:09:02 +00:00
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def http_put(opts={})
|
|
|
|
|
uri = opts[:uri]
|
|
|
|
|
data = opts[:data]
|
|
|
|
|
fields = opts[:fields] || {}
|
|
|
|
|
res = nil
|
|
|
|
|
|
|
|
|
|
req = Net::HTTP::Put.new(uri)
|
|
|
|
|
req.set_form_data(data) unless data.blank?
|
|
|
|
|
fields.each_pair do |name, value|
|
|
|
|
|
req.add_field(name, value)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
res = @connection.request(req)
|
|
|
|
|
rescue URI::InvalidURIError
|
|
|
|
|
return res
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
res
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def http_delete(opts={})
|
|
|
|
|
uri = opts[:uri]
|
|
|
|
|
fields = opts[:fields] || {}
|
|
|
|
|
res = nil
|
|
|
|
|
|
|
|
|
|
req = Net::HTTP::Delete.new(uri)
|
|
|
|
|
|
|
|
|
|
fields.each_pair do |name, value|
|
|
|
|
|
req.add_field(name, value)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
res = @connection.request(req)
|
|
|
|
|
rescue URI::InvalidURIError
|
|
|
|
|
return res
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
res
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def http_get(opts={})
|
|
|
|
|
uri = opts[:uri]
|
|
|
|
|
fields = opts[:fields] || {}
|
2015-02-11 09:11:10 +00:00
|
|
|
raw_content = opts[:raw_content] || false
|
2015-02-07 06:09:02 +00:00
|
|
|
json = {}
|
|
|
|
|
|
|
|
|
|
req = Net::HTTP::Get.new(uri)
|
|
|
|
|
fields.each_pair do |name, value|
|
|
|
|
|
req.add_field(name, value)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
res = @connection.request(req)
|
|
|
|
|
rescue URI::InvalidURIError
|
|
|
|
|
return json
|
|
|
|
|
end
|
2015-02-11 09:11:10 +00:00
|
|
|
if !raw_content
|
|
|
|
|
parse_json(res.body)
|
|
|
|
|
else
|
|
|
|
|
res.body
|
|
|
|
|
end
|
2015-02-07 06:09:02 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def http_post(opts={})
|
|
|
|
|
uri = opts[:uri]
|
|
|
|
|
data = opts[:data]
|
|
|
|
|
fields = opts[:fields] || {}
|
|
|
|
|
body = opts[:body]
|
|
|
|
|
ctype = opts[:ctype]
|
|
|
|
|
json = {}
|
|
|
|
|
|
|
|
|
|
req = Net::HTTP::Post.new(uri)
|
|
|
|
|
req.set_form_data(data) unless data.blank?
|
|
|
|
|
req.body = body unless body.blank?
|
|
|
|
|
req['Content-Type'] = ctype unless ctype.blank?
|
|
|
|
|
fields.each_pair do |name, value|
|
|
|
|
|
req.add_field(name, value)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
res = @connection.request(req)
|
|
|
|
|
rescue URI::InvalidURIError
|
|
|
|
|
return json
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
parse_json(res.body)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def parse_json(body)
|
|
|
|
|
buf = {}
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
buf = JSON.parse(body)
|
|
|
|
|
rescue JSON::ParserError
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
buf
|
|
|
|
|
end
|
|
|
|
|
|
2015-02-01 08:54:35 +00:00
|
|
|
end
|
|
|
|
|
end
|
