metasploit-framework/lib/nessus/nessus-xmlrpc.rb

313 lines
7.0 KiB
Ruby
Raw Normal View History

2015-02-01 08:54:35 +00:00
require 'net/http'
module Nessus
class Client
class << self
@connection
@token
end
def initialize(host, username = nil, password = nil, ssl_option = nil)
uri = URI.parse(host)
@connection = Net::HTTP.new(uri.host, uri.port)
@connection.use_ssl = true
if ssl_option == "ssl_verify"
2015-02-07 06:09:02 +00:00
@connection.verify_mode = OpenSSL::SSL::VERIFY_PEER
2013-08-30 21:28:33 +00:00
else
2015-02-01 08:54:35 +00:00
@connection.verify_mode = OpenSSL::SSL::VERIFY_NONE
end
yield @connection if block_given?
authenticate(username, password) if username && password
end
def authenticate(username, password)
payload = {
:username => username,
:password => password,
:json => 1
2015-02-01 08:54:35 +00:00
}
res = http_post(:uri=>"/session", :data=>payload)
@token = "token=#{res['token']}"
2015-02-01 08:54:35 +00:00
true
end
2015-02-07 06:09:02 +00:00
def x_cookie
{'X-Cookie'=>@token}
end
2015-02-01 08:54:35 +00:00
alias_method :login, :authenticate
def authenticated
if (@token && @token.include?('token='))
2013-08-30 21:28:33 +00:00
return true
else
2015-02-01 08:54:35 +00:00
return false
2013-08-30 21:28:33 +00:00
end
end
2015-02-01 08:54:35 +00:00
def get_server_properties
http_get(:uri=>"/server/properties", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
def user_add(username, password, permissions, type)
2015-02-01 08:54:35 +00:00
payload = {
:username => username,
:password => password,
:permissions => permissions,
:type => type,
:json => 1
2013-08-30 21:28:33 +00:00
}
http_post(:uri=>"/users", :fields=>x_cookie, :data=>payload)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def user_delete(user_id)
2015-02-07 06:09:02 +00:00
res = http_delete(:uri=>"/users/#{user_id}", :fields=>x_cookie)
return res.code
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def user_chpasswd(user_id, password)
payload = {
:password => password,
:json => 1
2013-08-30 21:28:33 +00:00
}
2015-02-07 06:09:02 +00:00
res = http_put(:uri=>"/users/#{user_id}/chpasswd", :data=>payload, :fields=>x_cookie)
return res.code
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def user_logout
res = http_delete(:uri=>"/session", :fields=>x_cookie)
2015-02-07 06:09:02 +00:00
return res.code
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def list_policies
http_get(:uri=>"/policies", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def list_users
http_get(:uri=>"/users", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def list_folders
http_get(:uri=>"/folders", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def list_scanners
http_get(:uri=>"/scanners", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def list_families
http_get(:uri=>"/plugins/families", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def list_plugins(family_id)
2015-02-07 06:09:02 +00:00
http_get(:uri=>"/plugins/families/#{family_id}", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
def list_template(type)
res = http_get(:uri=>"/editor/#{type}/templates", :fields=>x_cookie)
end
2015-02-01 08:54:35 +00:00
def plugin_details(plugin_id)
2015-02-07 06:09:02 +00:00
http_get(:uri=>"/plugins/plugin/#{plugin_id}", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def is_admin
res = http_get(:uri=>"/session", :fields=>x_cookie)
2015-02-07 06:09:02 +00:00
if res['permissions'] == 128
2013-08-30 21:28:33 +00:00
return true
else
return false
end
end
2015-02-01 08:54:35 +00:00
def server_properties
http_get(:uri=>"/server/properties", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def scan_create(uuid, name, description, targets)
payload = {
:uuid => uuid,
:settings => {
:name => name,
:description => description,
:text_targets => targets
},
:json => 1
2015-02-07 06:09:02 +00:00
}.to_json
http_post(:uri=>"/scans", :body=>payload, :fields=>x_cookie, :ctype=>'application/json')
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def scan_launch(scan_id)
2015-02-07 06:09:02 +00:00
http_post(:uri=>"/scans/#{scan_id}/launch", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def server_status
http_get(:uri=>"/server/status", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def scan_list
http_get(:uri=>"/scans", :fields=>x_cookie)
end
def scan_details(scan_id)
2015-02-07 06:09:02 +00:00
http_get(:uri=>"/scans/#{scan_id}", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def scan_pause(scan_id)
http_post(:uri=>"/scans/#{scan_id}/pause", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def scan_resume(scan_id)
2015-02-07 06:09:02 +00:00
http_post(:uri=>"/scans/#{scan_id}/resume", :fields=>x_cookie)
2013-08-30 21:28:33 +00:00
end
2015-02-01 08:54:35 +00:00
def scan_stop(scan_id)
2015-02-07 06:09:02 +00:00
http_post(:uri=>"/scans/#{scan_id}/stop", :fields=>x_cookie)
2015-02-01 08:54:35 +00:00
end
def scan_export(scan_id, format)
payload = {
:format => format
2015-02-07 06:09:02 +00:00
}.to_json
http_post(:uri=>"/scans/#{scan_id}/export", :body=>payload, :ctype=>'application/json', :fields=>x_cookie)
end
def scan_export_status(scan_id, file_id)
request = Net::HTTP::Get.new("/scans/#{scan_id}/export/#{file_id}/status")
request.add_field("X-Cookie", @token)
res = @connection.request(request)
if res.code == "200"
return "ready"
else
res = JSON.parse(resp.body)
return res
end
end
2015-02-01 08:54:35 +00:00
def policy_delete(policy_id)
2015-02-07 06:09:02 +00:00
res = http_delete(:uri=>"/policies/#{policy_id}", :fields=>x_cookie)
return res.code
2015-02-01 08:54:35 +00:00
end
2015-02-07 01:07:43 +00:00
def host_detail(scan_id, host_id)
res = http_get(:uri=>"/scans/#{scan_id}/hosts/#{host_id}", :fields=>x_cookie)
2015-02-07 01:07:43 +00:00
end
def report_list
2015-02-07 01:07:43 +00:00
raise NotImplementedError
end
def report_del
2015-02-07 01:07:43 +00:00
raise NotImplementedError
end
def report_host_ports
2015-02-07 01:07:43 +00:00
raise NotImplementedError
end
def report_download
2015-02-07 01:07:43 +00:00
raise NotImplementedError
end
2015-02-07 06:09:02 +00:00
private
def http_put(opts={})
uri = opts[:uri]
data = opts[:data]
fields = opts[:fields] || {}
res = nil
req = Net::HTTP::Put.new(uri)
req.set_form_data(data) unless data.blank?
fields.each_pair do |name, value|
req.add_field(name, value)
end
begin
res = @connection.request(req)
rescue URI::InvalidURIError
return res
end
res
end
def http_delete(opts={})
uri = opts[:uri]
fields = opts[:fields] || {}
res = nil
req = Net::HTTP::Delete.new(uri)
fields.each_pair do |name, value|
req.add_field(name, value)
end
begin
res = @connection.request(req)
rescue URI::InvalidURIError
return res
end
res
end
def http_get(opts={})
uri = opts[:uri]
fields = opts[:fields] || {}
json = {}
req = Net::HTTP::Get.new(uri)
fields.each_pair do |name, value|
req.add_field(name, value)
end
begin
res = @connection.request(req)
rescue URI::InvalidURIError
return json
end
parse_json(res.body)
end
def http_post(opts={})
uri = opts[:uri]
data = opts[:data]
fields = opts[:fields] || {}
body = opts[:body]
ctype = opts[:ctype]
json = {}
req = Net::HTTP::Post.new(uri)
req.set_form_data(data) unless data.blank?
req.body = body unless body.blank?
req['Content-Type'] = ctype unless ctype.blank?
fields.each_pair do |name, value|
req.add_field(name, value)
end
begin
res = @connection.request(req)
rescue URI::InvalidURIError
return json
end
parse_json(res.body)
end
def parse_json(body)
buf = {}
begin
buf = JSON.parse(body)
rescue JSON::ParserError
end
buf
end
2015-02-01 08:54:35 +00:00
end
end