Nessus plugin - add search to relevant commands
Utilize the SearchTerm param in Rex' Tables to filter scrolling outputs. Clean up argument parsing (implement one of the MSF standards). Update help commands to reflect changes Testing: basic functional tests only so farbug/bundler_fix
parent
1828b7fda6
commit
4992c5c3c5
|
@ -36,10 +36,6 @@ module Msf
|
|||
"#{Msf::Config.local_directory}"
|
||||
end
|
||||
|
||||
def cmd_nessus_index
|
||||
nessus_index
|
||||
end
|
||||
|
||||
def commands
|
||||
{
|
||||
"nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port <verify_ssl>",
|
||||
|
@ -84,75 +80,6 @@ module Msf
|
|||
}
|
||||
end
|
||||
|
||||
def cmd_nessus_help(*args)
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'Columns' => [
|
||||
"Command",
|
||||
"Help Text"
|
||||
],
|
||||
'SortIndex' => -1
|
||||
)
|
||||
tbl << [ "Generic Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_connect", "Connect to a Nessus server" ]
|
||||
tbl << [ "nessus_logout", "Logout from the Nessus server" ]
|
||||
tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"]
|
||||
tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"]
|
||||
tbl << [ "nessus_help", "Listing of available nessus commands" ]
|
||||
tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ]
|
||||
tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ]
|
||||
tbl << [ "nessus_admin", "Checks if user is an admin" ]
|
||||
tbl << [ "nessus_template_list", "List scan or policy templates" ]
|
||||
tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ]
|
||||
tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ]
|
||||
tbl << [ "Nessus Database Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------" ]
|
||||
tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ]
|
||||
tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Reports Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ]
|
||||
tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ]
|
||||
tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Scan Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_scan_list", "List of all current Nessus scans" ]
|
||||
tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ]
|
||||
tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ]
|
||||
tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ]
|
||||
tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ]
|
||||
tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ]
|
||||
tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ]
|
||||
tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ]
|
||||
tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ]
|
||||
tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ]
|
||||
tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ]
|
||||
tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Plugin Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ]
|
||||
tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ]
|
||||
tbl << [ "nessus_plugin_details", "List details of a particular plugin" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "User Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_user_list", "Show Nessus Users" ]
|
||||
tbl << [ "nessus_user_add", "Add a new Nessus User" ]
|
||||
tbl << [ "nessus_user_del", "Delete a Nessus User" ]
|
||||
tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Policy Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_policy_list", "List all polciies" ]
|
||||
tbl << [ "nessus_policy_del", "Delete a policy" ]
|
||||
print_line ""
|
||||
print_line tbl.to_s
|
||||
print_line ""
|
||||
end
|
||||
|
||||
def ncusage
|
||||
print_status("%redYou must do this before any other commands.%clr")
|
||||
print_status("Usage: ")
|
||||
|
@ -223,6 +150,24 @@ module Msf
|
|||
end
|
||||
end
|
||||
|
||||
def nessus_login
|
||||
if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
|
||||
print_status("You need to connect to a server first.")
|
||||
ncusage
|
||||
return
|
||||
end
|
||||
@url = "https://#{@host}:#{@port}/"
|
||||
print_status("Connecting to #{@url} as #{@user}")
|
||||
@n = Nessus::Client.new(@url, @user, @pass,@sslv)
|
||||
if @n.authenticated
|
||||
print_status("User #{@user} authenticated successfully.")
|
||||
@token = 1
|
||||
else
|
||||
print_error("Error connecting/logging to the server!")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
def nessus_verify_token
|
||||
if @token.nil? or @token == ''
|
||||
ncusage
|
||||
|
@ -231,6 +176,132 @@ module Msf
|
|||
true
|
||||
end
|
||||
|
||||
def valid_policy(*args)
|
||||
case args.length
|
||||
when 1
|
||||
pid = args[0]
|
||||
else
|
||||
print_error("No Policy ID supplied.")
|
||||
return
|
||||
end
|
||||
pol = @n.list_policies
|
||||
pol["policies"].each { |p|
|
||||
if p["template_uuid"] == pid
|
||||
return true
|
||||
end
|
||||
}
|
||||
return false
|
||||
end
|
||||
|
||||
def nessus_verify_db
|
||||
if !(framework.db and framework.db.active)
|
||||
print_error("No database has been configured, please use db_create/db_connect first")
|
||||
return false
|
||||
end
|
||||
true
|
||||
end
|
||||
|
||||
def check_scan(*args)
|
||||
case args.length
|
||||
when 1
|
||||
scan_id = args[0]
|
||||
else
|
||||
print_error("No scan ID supplied")
|
||||
return
|
||||
end
|
||||
scans = @n.scan_list
|
||||
scans.each { |scan|
|
||||
if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed"
|
||||
return true
|
||||
end
|
||||
}
|
||||
return false
|
||||
end
|
||||
|
||||
def is_scan_complete(scan_id)
|
||||
complete = false
|
||||
status = @n.scan_list
|
||||
status["scans"].each { |scan|
|
||||
if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported")
|
||||
complete = true
|
||||
end
|
||||
}
|
||||
complete
|
||||
end
|
||||
|
||||
def cmd_nessus_help(*args)
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'Columns' => [
|
||||
"Command",
|
||||
"Help Text"
|
||||
],
|
||||
'SortIndex' => -1
|
||||
)
|
||||
tbl << [ "Generic Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_connect", "Connect to a Nessus server" ]
|
||||
tbl << [ "nessus_logout", "Logout from the Nessus server" ]
|
||||
tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"]
|
||||
tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"]
|
||||
tbl << [ "nessus_help", "Listing of available nessus commands" ]
|
||||
tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ]
|
||||
tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ]
|
||||
tbl << [ "nessus_admin", "Checks if user is an admin" ]
|
||||
tbl << [ "nessus_template_list", "List scan or policy templates" ]
|
||||
tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ]
|
||||
tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ]
|
||||
tbl << [ "Nessus Database Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------" ]
|
||||
tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ]
|
||||
tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Reports Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ]
|
||||
tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ]
|
||||
tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Scan Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_scan_list", "List of all current Nessus scans" ]
|
||||
tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ]
|
||||
tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ]
|
||||
tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ]
|
||||
tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ]
|
||||
tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ]
|
||||
tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ]
|
||||
tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ]
|
||||
tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ]
|
||||
tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ]
|
||||
tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ]
|
||||
tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Plugin Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ]
|
||||
tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ]
|
||||
tbl << [ "nessus_plugin_details", "List details of a particular plugin" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "User Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_user_list", "Show Nessus Users" ]
|
||||
tbl << [ "nessus_user_add", "Add a new Nessus User" ]
|
||||
tbl << [ "nessus_user_del", "Delete a Nessus User" ]
|
||||
tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ]
|
||||
tbl << [ "", ""]
|
||||
tbl << [ "Policy Commands", "" ]
|
||||
tbl << [ "-----------------", "-----------------"]
|
||||
tbl << [ "nessus_policy_list", "List all polciies" ]
|
||||
tbl << [ "nessus_policy_del", "Delete a policy" ]
|
||||
print_line ""
|
||||
print_line tbl.to_s
|
||||
print_line ""
|
||||
end
|
||||
|
||||
def cmd_nessus_index
|
||||
nessus_index
|
||||
end
|
||||
|
||||
def cmd_nessus_connect(*args)
|
||||
# Check if config file exists and load it
|
||||
if !args[0]
|
||||
|
@ -326,24 +397,6 @@ module Msf
|
|||
return
|
||||
end
|
||||
|
||||
def nessus_login
|
||||
if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0))
|
||||
print_status("You need to connect to a server first.")
|
||||
ncusage
|
||||
return
|
||||
end
|
||||
@url = "https://#{@host}:#{@port}/"
|
||||
print_status("Connecting to #{@url} as #{@user}")
|
||||
@n = Nessus::Client.new(@url, @user, @pass,@sslv)
|
||||
if @n.authenticated
|
||||
print_status("User #{@user} authenticated successfully.")
|
||||
@token = 1
|
||||
else
|
||||
print_error("Error connecting/logging to the server!")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
def cmd_nessus_save(*args)
|
||||
#if we are logged in, save session details to nessus.yaml
|
||||
if args[0] == "-h"
|
||||
|
@ -370,15 +423,23 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_server_properties(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_server_feed")
|
||||
print_status("Example:> nessus_server_feed")
|
||||
print_status()
|
||||
print_status("Returns information about the feed type and server version.")
|
||||
return
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_server_feed")
|
||||
print_status("Example:> nessus_server_feed -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns information about the feed type and server version.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
resp = @n.server_properties
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Feed',
|
||||
'Type',
|
||||
|
@ -392,14 +453,22 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_server_status(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_server_status")
|
||||
print_status("Example:> nessus_server_status")
|
||||
print_status()
|
||||
print_status("Returns some status items for the server..")
|
||||
return
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_server_status")
|
||||
print_status("Example:> nessus_server_status -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns some status items for the server..")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Status',
|
||||
'Progress'
|
||||
|
@ -410,13 +479,19 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_admin(*args)
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_admin")
|
||||
print_status("Example:> nessus_admin")
|
||||
print_status()
|
||||
print_status("Checks to see if the current user is an admin")
|
||||
print_status("Use nessus_user_list to list all users")
|
||||
return
|
||||
end
|
||||
end
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_admin")
|
||||
print_status("Example:> nessus_admin")
|
||||
print_status()
|
||||
print_status("Checks to see if the current user is an admin")
|
||||
print_status("Use nessus_user_list to list all users")
|
||||
return
|
||||
|
||||
end
|
||||
if !nessus_verify_token
|
||||
return
|
||||
|
@ -429,15 +504,22 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_template_list(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_template_list <scan> | <policy>")
|
||||
print_status("Example:> nessus_template_list scan")
|
||||
print_status("OR")
|
||||
print_status("nessus_template_list policy")
|
||||
print_status()
|
||||
print_status("Returns a list of information about the scan or policy templates..")
|
||||
return
|
||||
end
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_template_list <scan> | <policy>")
|
||||
print_status("Example:> nessus_template_list scan -S searchterm")
|
||||
print_status("OR")
|
||||
print_status("nessus_template_list policy")
|
||||
print_status()
|
||||
print_status("Returns a list of information about the scan or policy templates..")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
|
@ -465,11 +547,12 @@ module Msf
|
|||
return
|
||||
end
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Name',
|
||||
'Title',
|
||||
'Description',
|
||||
'Subscription Only',
|
||||
'Subscription Only',
|
||||
'Cloud Only'
|
||||
])
|
||||
list["templates"].each { |template|
|
||||
|
@ -479,12 +562,20 @@ module Msf
|
|||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_folder_list
|
||||
def cmd_nessus_folder_list(*args)
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
list = @n.list_folders
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"ID",
|
||||
"Name",
|
||||
|
@ -497,7 +588,20 @@ module Msf
|
|||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def cmd_nessus_scanner_list
|
||||
def cmd_nessus_scanner_list(*args)
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_scanner_list")
|
||||
print_status("Example:> nessus_scanner_list -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns information about the feed type and server version.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
|
@ -506,6 +610,7 @@ module Msf
|
|||
end
|
||||
list = @n.list_scanners
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"ID",
|
||||
"Name",
|
||||
|
@ -520,40 +625,31 @@ module Msf
|
|||
print_line tbl.to_s
|
||||
end
|
||||
|
||||
def check_scan(*args)
|
||||
case args.length
|
||||
when 1
|
||||
scan_id = args[0]
|
||||
else
|
||||
print_error("No scan ID supplied")
|
||||
return
|
||||
end
|
||||
scans = @n.scan_list
|
||||
scans.each { |scan|
|
||||
if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed"
|
||||
return true
|
||||
end
|
||||
}
|
||||
return false
|
||||
end
|
||||
|
||||
def cmd_nessus_report_hosts(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_report_hosts <scan ID>")
|
||||
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
|
||||
return
|
||||
search_term = nil
|
||||
scan_id = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_report_hosts <scan ID> -S searchterm")
|
||||
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
else
|
||||
scan_id = arg
|
||||
end
|
||||
end
|
||||
case args.length
|
||||
when 1
|
||||
scan_id = args[0]
|
||||
scan_id = scan_id
|
||||
else
|
||||
|
||||
if scan_id.nil?
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_report_hosts <scan ID>")
|
||||
print_status("nessus_report_hosts <scan ID> -S searchterm")
|
||||
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
|
||||
return
|
||||
end
|
||||
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"Host ID",
|
||||
"Hostname",
|
||||
|
@ -576,22 +672,28 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_report_vulns(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_report_vulns <scan ID>")
|
||||
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
|
||||
return
|
||||
search_term = nil
|
||||
scan_id = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_report_vulns <scan ID> -S searchterm")
|
||||
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
else
|
||||
scan_id = arg
|
||||
end
|
||||
end
|
||||
case args.length
|
||||
when 1
|
||||
scan_id = args[0]
|
||||
scan_id = scan_id.to_i
|
||||
else
|
||||
if scan_id.nil?
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_report_vulns <scan ID>")
|
||||
print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.")
|
||||
return
|
||||
end
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"Plugin ID",
|
||||
"Plugin Name",
|
||||
|
@ -613,21 +715,29 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_report_host_details(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_report_host_details <scan ID> <host ID>")
|
||||
print_status("Example:> nessus_report_host_details 10 5")
|
||||
print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.")
|
||||
print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.")
|
||||
return
|
||||
end
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
case args.length
|
||||
when 2
|
||||
scan_id = args[0]
|
||||
host_id = args[1]
|
||||
else
|
||||
search_term = nil
|
||||
search_vuln = nil
|
||||
scan_id = nil
|
||||
host_id = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_report_host_details <scan ID> <host ID>")
|
||||
print_status("Example:> nessus_report_host_details 10 5 -S hostinfo -SV vulninfo")
|
||||
print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.")
|
||||
print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
when '-SV', '--search-vuln'
|
||||
search_vuln = /#{args.shift}/nmi
|
||||
else
|
||||
scan_id = arg,
|
||||
host_id = args.shift
|
||||
end
|
||||
end
|
||||
|
||||
if [scan_id, host_id].any?(&:nil?)
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_report_host_detail <scan ID> <host ID>")
|
||||
print_status("Example:> nessus_report_host_detail 10 5")
|
||||
|
@ -636,6 +746,7 @@ module Msf
|
|||
return
|
||||
end
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Plugin Name',
|
||||
'Plugin Famil',
|
||||
|
@ -654,6 +765,7 @@ module Msf
|
|||
}
|
||||
print_line tbl.to_s
|
||||
tbl2 = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_vuln,
|
||||
'Columns' => [
|
||||
'Plugin Name',
|
||||
'Plugin Famil',
|
||||
|
@ -698,27 +810,33 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_report_host_ports(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_report_host_ports <hostname> <report id>")
|
||||
print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca")
|
||||
print_status()
|
||||
print_status("Returns all the ports associated with a host and details about their vulnerabilities")
|
||||
print_status("Use nessus_report_hosts to list all available hosts for a report")
|
||||
end
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
case args.length
|
||||
when 2
|
||||
host = args[0]
|
||||
rid = args[1]
|
||||
else
|
||||
search_term = nil
|
||||
rid = nil
|
||||
host = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_report_host_ports <hostname> <report id>")
|
||||
print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns all the ports associated with a host and details about their vulnerabilities")
|
||||
print_status("Use nessus_report_hosts to list all available hosts for a report")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
else
|
||||
scan_id = arg
|
||||
end
|
||||
end
|
||||
|
||||
if [host,rid].any?(&:nil?)
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_report_host_ports <hostname> <report id>")
|
||||
print_status("Use nessus_report_list to list all available reports")
|
||||
return
|
||||
end
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Port',
|
||||
'Protocol',
|
||||
|
@ -775,13 +893,20 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_scan_list(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_scan_list")
|
||||
print_status("Example:> nessus_scan_list")
|
||||
print_status()
|
||||
print_status("Returns a list of information about currently running scans.")
|
||||
return
|
||||
end
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_scan_list")
|
||||
print_status("Example:> nessus_scan_list -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns a list of information about currently running scans.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
|
@ -791,6 +916,7 @@ module Msf
|
|||
return
|
||||
else
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Scan ID',
|
||||
'Name',
|
||||
|
@ -1014,18 +1140,6 @@ module Msf
|
|||
else
|
||||
print_error("Only completed scans could be used for import")
|
||||
end
|
||||
|
||||
end
|
||||
|
||||
def is_scan_complete(scan_id)
|
||||
complete = false
|
||||
status = @n.scan_list
|
||||
status["scans"].each { |scan|
|
||||
if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported")
|
||||
complete = true
|
||||
end
|
||||
}
|
||||
complete
|
||||
end
|
||||
|
||||
def cmd_nessus_scan_pause_all(*args)
|
||||
|
@ -1174,35 +1288,39 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_scan_details(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_scan_details <scan ID> <category>")
|
||||
print_status("Availble categories are info, hosts, vulnerabilities, and history")
|
||||
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
|
||||
return
|
||||
end
|
||||
valid_categories = ['info', 'hosts', 'vulnerabilities', 'history']
|
||||
search_term = nil
|
||||
scan_id = nil
|
||||
category = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_scan_details <scan ID> <category> -S searchterm")
|
||||
print_status("Availble categories are info, hosts, vulnerabilities, and history")
|
||||
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
else
|
||||
scan_id = arg
|
||||
if args[0].in?(valid_categories)
|
||||
category = args.shift
|
||||
else
|
||||
print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history")
|
||||
return
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
case args.length
|
||||
when 2
|
||||
scan_id = args[0]
|
||||
category = args[1]
|
||||
if category.in?(['info', 'hosts', 'vulnerabilities', 'history'])
|
||||
category = args[1]
|
||||
else
|
||||
print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history")
|
||||
return
|
||||
end
|
||||
else
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_scan_details <scan ID> <category>")
|
||||
print_status("Availble categories are info, hosts, vulnerabilities, and history")
|
||||
print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs")
|
||||
return
|
||||
end
|
||||
|
||||
details = @n.scan_details(scan_id)
|
||||
if category == "info"
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"Status",
|
||||
"Policy",
|
||||
|
@ -1214,6 +1332,7 @@ module Msf
|
|||
tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ]
|
||||
elsif category == "hosts"
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"Host ID",
|
||||
"Hostname",
|
||||
|
@ -1227,6 +1346,7 @@ module Msf
|
|||
}
|
||||
elsif category == "vulnerabilities"
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"Plugin ID",
|
||||
"Plugin Name",
|
||||
|
@ -1238,6 +1358,7 @@ module Msf
|
|||
}
|
||||
elsif category == "history"
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
"History ID",
|
||||
"Status",
|
||||
|
@ -1319,27 +1440,32 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_plugin_list(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_plugin_list <Family ID>")
|
||||
print_status("Example:> nessus_plugin_list 10")
|
||||
print_status()
|
||||
print_status("Returns a list of all plugins in that family.")
|
||||
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
|
||||
return
|
||||
end
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
case args.length
|
||||
when 1
|
||||
family_id = args[0]
|
||||
else
|
||||
search_term = nil
|
||||
family_id = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_plugin_list <Family ID> -S searchterm")
|
||||
print_status("Example:> nessus_plugin_list 10")
|
||||
print_status()
|
||||
print_status("Returns a list of all plugins in that family.")
|
||||
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
else
|
||||
family_id = arg
|
||||
end
|
||||
end
|
||||
|
||||
if family_id.nil?
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_plugin_list <Family ID>")
|
||||
print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs")
|
||||
return
|
||||
end
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Plugin ID',
|
||||
'Plugin Name'
|
||||
|
@ -1355,15 +1481,23 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_family_list(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_family_list")
|
||||
print_status("Example:> nessus_family_list")
|
||||
print_status()
|
||||
print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.")
|
||||
return
|
||||
end
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_family_list")
|
||||
print_status("Example:> nessus_family_list -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
list = @n.list_families
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Family ID',
|
||||
'Family Name',
|
||||
|
@ -1377,27 +1511,36 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_plugin_details(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_plugin_details <Plugin ID>")
|
||||
print_status("Example:> nessus_plugin_details 10264")
|
||||
print_status()
|
||||
print_status("Returns details on a particular plugin.")
|
||||
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
|
||||
return
|
||||
end
|
||||
search_term = nil
|
||||
plugin_id = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_plugin_details <Plugin ID>")
|
||||
print_status("Example:> nessus_plugin_details 10264 -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns details on a particular plugin.")
|
||||
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
else
|
||||
plugin_id = arg
|
||||
end
|
||||
end
|
||||
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
case args.length
|
||||
when 1
|
||||
plugin_id = args[0]
|
||||
else
|
||||
|
||||
if plugin_id.nil?
|
||||
print_status("Usage: ")
|
||||
print_status("nessus_plugin_details <Plugin ID>")
|
||||
print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.")
|
||||
return
|
||||
end
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'Reference',
|
||||
'Value'
|
||||
|
@ -1423,13 +1566,20 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_user_list(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_user_list")
|
||||
print_status("Example:> nessus_user_list")
|
||||
print_status()
|
||||
print_status("Returns a list of the users on the Nessus server and their access level.")
|
||||
return
|
||||
end
|
||||
scan_id = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_user_list")
|
||||
print_status("Example:> nessus_user_list -S searchterm")
|
||||
print_status()
|
||||
print_status("Returns a list of the users on the Nessus server and their access level.")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
|
@ -1438,6 +1588,7 @@ module Msf
|
|||
end
|
||||
list=@n.list_users
|
||||
tbl = Rex::Ui::Text::Table.new(
|
||||
'SearchTerm' => search_term,
|
||||
'Columns' => [
|
||||
'ID',
|
||||
'Name',
|
||||
|
@ -1574,13 +1725,20 @@ module Msf
|
|||
end
|
||||
|
||||
def cmd_nessus_policy_list(*args)
|
||||
if args[0] == "-h"
|
||||
print_status("nessus_policy_list")
|
||||
print_status("Example:> nessus_policy_list")
|
||||
print_status()
|
||||
print_status("Lists all policies on the server")
|
||||
return
|
||||
end
|
||||
search_term = nil
|
||||
while (arg = args.shift)
|
||||
case arg
|
||||
when '-h', '--help'
|
||||
print_status("nessus_policy_list")
|
||||
print_status("Example:> nessus_policy_list -S searchterm")
|
||||
print_status()
|
||||
print_status("Lists all policies on the server")
|
||||
return
|
||||
when '-S', '--search'
|
||||
search_term = /#{args.shift}/nmi
|
||||
end
|
||||
end
|
||||
|
||||
if !nessus_verify_token
|
||||
return
|
||||
end
|
||||
|
@ -1642,31 +1800,6 @@ module Msf
|
|||
print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.")
|
||||
end
|
||||
end
|
||||
|
||||
def valid_policy(*args)
|
||||
case args.length
|
||||
when 1
|
||||
pid = args[0]
|
||||
else
|
||||
print_error("No Policy ID supplied.")
|
||||
return
|
||||
end
|
||||
pol = @n.list_policies
|
||||
pol["policies"].each { |p|
|
||||
if p["template_uuid"] == pid
|
||||
return true
|
||||
end
|
||||
}
|
||||
return false
|
||||
end
|
||||
|
||||
def nessus_verify_db
|
||||
if !(framework.db and framework.db.active)
|
||||
print_error("No database has been configured, please use db_create/db_connect first")
|
||||
return false
|
||||
end
|
||||
true
|
||||
end
|
||||
end
|
||||
|
||||
def initialize(framework, opts)
|
||||
|
|
Loading…
Reference in New Issue