From 4992c5c3c5c42167a5d94d3e3b095fd4562ffc0e Mon Sep 17 00:00:00 2001 From: RageLtMan Date: Sun, 31 Jan 2016 22:11:20 -0500 Subject: [PATCH] Nessus plugin - add search to relevant commands Utilize the SearchTerm param in Rex' Tables to filter scrolling outputs. Clean up argument parsing (implement one of the MSF standards). Update help commands to reflect changes Testing: basic functional tests only so far --- plugins/nessus.rb | 737 +++++++++++++++++++++++++++------------------- 1 file changed, 435 insertions(+), 302 deletions(-) diff --git a/plugins/nessus.rb b/plugins/nessus.rb index 99195b7cf0..93490df90e 100644 --- a/plugins/nessus.rb +++ b/plugins/nessus.rb @@ -36,10 +36,6 @@ module Msf "#{Msf::Config.local_directory}" end - def cmd_nessus_index - nessus_index - end - def commands { "nessus_connect" => "Connect to a nessus server: nconnect username:password@hostname:port ", @@ -84,75 +80,6 @@ module Msf } end - def cmd_nessus_help(*args) - tbl = Rex::Ui::Text::Table.new( - 'Columns' => [ - "Command", - "Help Text" - ], - 'SortIndex' => -1 - ) - tbl << [ "Generic Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_connect", "Connect to a Nessus server" ] - tbl << [ "nessus_logout", "Logout from the Nessus server" ] - tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"] - tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"] - tbl << [ "nessus_help", "Listing of available nessus commands" ] - tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ] - tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ] - tbl << [ "nessus_admin", "Checks if user is an admin" ] - tbl << [ "nessus_template_list", "List scan or policy templates" ] - tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ] - tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ] - tbl << [ "Nessus Database Commands", "" ] - tbl << [ "-----------------", "-----------------" ] - tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ] - tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ] - tbl << [ "", ""] - tbl << [ "Reports Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ] - tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ] - tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ] - tbl << [ "", ""] - tbl << [ "Scan Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_scan_list", "List of all current Nessus scans" ] - tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ] - tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ] - tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ] - tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ] - tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ] - tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ] - tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ] - tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ] - tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ] - tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ] - tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ] - tbl << [ "", ""] - tbl << [ "Plugin Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ] - tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ] - tbl << [ "nessus_plugin_details", "List details of a particular plugin" ] - tbl << [ "", ""] - tbl << [ "User Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_user_list", "Show Nessus Users" ] - tbl << [ "nessus_user_add", "Add a new Nessus User" ] - tbl << [ "nessus_user_del", "Delete a Nessus User" ] - tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ] - tbl << [ "", ""] - tbl << [ "Policy Commands", "" ] - tbl << [ "-----------------", "-----------------"] - tbl << [ "nessus_policy_list", "List all polciies" ] - tbl << [ "nessus_policy_del", "Delete a policy" ] - print_line "" - print_line tbl.to_s - print_line "" - end - def ncusage print_status("%redYou must do this before any other commands.%clr") print_status("Usage: ") @@ -223,6 +150,24 @@ module Msf end end + def nessus_login + if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0)) + print_status("You need to connect to a server first.") + ncusage + return + end + @url = "https://#{@host}:#{@port}/" + print_status("Connecting to #{@url} as #{@user}") + @n = Nessus::Client.new(@url, @user, @pass,@sslv) + if @n.authenticated + print_status("User #{@user} authenticated successfully.") + @token = 1 + else + print_error("Error connecting/logging to the server!") + return + end + end + def nessus_verify_token if @token.nil? or @token == '' ncusage @@ -231,6 +176,132 @@ module Msf true end + def valid_policy(*args) + case args.length + when 1 + pid = args[0] + else + print_error("No Policy ID supplied.") + return + end + pol = @n.list_policies + pol["policies"].each { |p| + if p["template_uuid"] == pid + return true + end + } + return false + end + + def nessus_verify_db + if !(framework.db and framework.db.active) + print_error("No database has been configured, please use db_create/db_connect first") + return false + end + true + end + + def check_scan(*args) + case args.length + when 1 + scan_id = args[0] + else + print_error("No scan ID supplied") + return + end + scans = @n.scan_list + scans.each { |scan| + if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed" + return true + end + } + return false + end + + def is_scan_complete(scan_id) + complete = false + status = @n.scan_list + status["scans"].each { |scan| + if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported") + complete = true + end + } + complete + end + + def cmd_nessus_help(*args) + tbl = Rex::Ui::Text::Table.new( + 'Columns' => [ + "Command", + "Help Text" + ], + 'SortIndex' => -1 + ) + tbl << [ "Generic Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_connect", "Connect to a Nessus server" ] + tbl << [ "nessus_logout", "Logout from the Nessus server" ] + tbl << [ "nessus_login", "Login into the connected Nesssus server with a different username and password"] + tbl << [ "nessus_save", "Save credentials of the logged in user to nessus.yml"] + tbl << [ "nessus_help", "Listing of available nessus commands" ] + tbl << [ "nessus_server_properties", "Nessus server properties such as feed type, version, plugin set and server UUID." ] + tbl << [ "nessus_server_status", "Check the status of your Nessus Server" ] + tbl << [ "nessus_admin", "Checks if user is an admin" ] + tbl << [ "nessus_template_list", "List scan or policy templates" ] + tbl << [ "nessus_folder_list", "List all configured folders on the Nessus server" ] + tbl << [ "nessus_scanner_list", "List all the scanners configured on the Nessus server" ] + tbl << [ "Nessus Database Commands", "" ] + tbl << [ "-----------------", "-----------------" ] + tbl << [ "nessus_db_scan", "Create a scan of all IP addresses in db_hosts" ] + tbl << [ "nessus_db_import", "Import Nessus scan to the Metasploit connected database" ] + tbl << [ "", ""] + tbl << [ "Reports Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_report_hosts", "Get list of hosts from a report" ] + tbl << [ "nessus_report_vulns", "Get list of vulns from a report" ] + tbl << [ "nessus_report_host_details", "Get detailed information from a report item on a host" ] + tbl << [ "", ""] + tbl << [ "Scan Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_scan_list", "List of all current Nessus scans" ] + tbl << [ "nessus_scan_new", "Create a new Nessus Scan" ] + tbl << [ "nessus_scan_launch", "Launch a newly created scan. New scans need to be manually launched through this command" ] + tbl << [ "nessus_scan_pause", "Pause a running Nessus scan" ] + tbl << [ "nessus_scan_pause_all", "Pause all running Nessus scans" ] + tbl << [ "nessus_scan_stop", "Stop a running or paused Nessus scan" ] + tbl << [ "nessus_scan_stop_all", "Stop all running or paused Nessus scans" ] + tbl << [ "nessus_scan_resume", "Resume a pasued Nessus scan" ] + tbl << [ "nessus_scan_resume_all", "Resume all paused Nessus scans" ] + tbl << [ "nessus_scan_details", "Return detailed information of a given scan" ] + tbl << [ "nessus_scan_export", "Export a scan result in either Nessus, HTML, PDF, CSV, or DB format" ] + tbl << [ "nessus_scan_export_status", "Check the status of an exported scan" ] + tbl << [ "", ""] + tbl << [ "Plugin Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_plugin_list", "List all plugins in a particular plugin family." ] + tbl << [ "nessus_family_list", "List all the plugin families along with their corresponding family IDs and plugin count." ] + tbl << [ "nessus_plugin_details", "List details of a particular plugin" ] + tbl << [ "", ""] + tbl << [ "User Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_user_list", "Show Nessus Users" ] + tbl << [ "nessus_user_add", "Add a new Nessus User" ] + tbl << [ "nessus_user_del", "Delete a Nessus User" ] + tbl << [ "nessus_user_passwd", "Change Nessus Users Password" ] + tbl << [ "", ""] + tbl << [ "Policy Commands", "" ] + tbl << [ "-----------------", "-----------------"] + tbl << [ "nessus_policy_list", "List all polciies" ] + tbl << [ "nessus_policy_del", "Delete a policy" ] + print_line "" + print_line tbl.to_s + print_line "" + end + + def cmd_nessus_index + nessus_index + end + def cmd_nessus_connect(*args) # Check if config file exists and load it if !args[0] @@ -326,24 +397,6 @@ module Msf return end - def nessus_login - if !((@user and @user.length > 0) and (@host and @host.length > 0) and (@port and @port.length > 0 and @port.to_i > 0) and (@pass and @pass.length > 0)) - print_status("You need to connect to a server first.") - ncusage - return - end - @url = "https://#{@host}:#{@port}/" - print_status("Connecting to #{@url} as #{@user}") - @n = Nessus::Client.new(@url, @user, @pass,@sslv) - if @n.authenticated - print_status("User #{@user} authenticated successfully.") - @token = 1 - else - print_error("Error connecting/logging to the server!") - return - end - end - def cmd_nessus_save(*args) #if we are logged in, save session details to nessus.yaml if args[0] == "-h" @@ -370,15 +423,23 @@ module Msf end def cmd_nessus_server_properties(*args) - if args[0] == "-h" - print_status("nessus_server_feed") - print_status("Example:> nessus_server_feed") - print_status() - print_status("Returns information about the feed type and server version.") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_server_feed") + print_status("Example:> nessus_server_feed -S searchterm") + print_status() + print_status("Returns information about the feed type and server version.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + resp = @n.server_properties tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Feed', 'Type', @@ -392,14 +453,22 @@ module Msf end def cmd_nessus_server_status(*args) - if args[0] == "-h" - print_status("nessus_server_status") - print_status("Example:> nessus_server_status") - print_status() - print_status("Returns some status items for the server..") - return + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_server_status") + print_status("Example:> nessus_server_status -S searchterm") + print_status() + print_status("Returns some status items for the server..") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end end + tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Status', 'Progress' @@ -410,13 +479,19 @@ module Msf end def cmd_nessus_admin(*args) + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_admin") + print_status("Example:> nessus_admin") + print_status() + print_status("Checks to see if the current user is an admin") + print_status("Use nessus_user_list to list all users") + return + end + end if args[0] == "-h" - print_status("nessus_admin") - print_status("Example:> nessus_admin") - print_status() - print_status("Checks to see if the current user is an admin") - print_status("Use nessus_user_list to list all users") - return + end if !nessus_verify_token return @@ -429,15 +504,22 @@ module Msf end def cmd_nessus_template_list(*args) - if args[0] == "-h" - print_status("nessus_template_list | ") - print_status("Example:> nessus_template_list scan") - print_status("OR") - print_status("nessus_template_list policy") - print_status() - print_status("Returns a list of information about the scan or policy templates..") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_template_list | ") + print_status("Example:> nessus_template_list scan -S searchterm") + print_status("OR") + print_status("nessus_template_list policy") + print_status() + print_status("Returns a list of information about the scan or policy templates..") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -465,11 +547,12 @@ module Msf return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Name', 'Title', 'Description', - 'Subscription Only', + 'Subscription Only', 'Cloud Only' ]) list["templates"].each { |template| @@ -479,12 +562,20 @@ module Msf print_line tbl.to_s end - def cmd_nessus_folder_list + def cmd_nessus_folder_list(*args) + search_term = nil + while (arg = args.shift) + case arg + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end if !nessus_verify_token return end list = @n.list_folders tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "ID", "Name", @@ -497,7 +588,20 @@ module Msf print_line tbl.to_s end - def cmd_nessus_scanner_list + def cmd_nessus_scanner_list(*args) + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_scanner_list") + print_status("Example:> nessus_scanner_list -S searchterm") + print_status() + print_status("Returns information about the feed type and server version.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end if !nessus_verify_token return end @@ -506,6 +610,7 @@ module Msf end list = @n.list_scanners tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "ID", "Name", @@ -520,40 +625,31 @@ module Msf print_line tbl.to_s end - def check_scan(*args) - case args.length - when 1 - scan_id = args[0] - else - print_error("No scan ID supplied") - return - end - scans = @n.scan_list - scans.each { |scan| - if scan["scans"]["id"] == scan_id && scan["scans"]["status"] == "completed" - return true - end - } - return false - end - def cmd_nessus_report_hosts(*args) - if args[0] == "-h" - print_status("nessus_report_hosts ") - print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") - return + search_term = nil + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_hosts -S searchterm") + print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - case args.length - when 1 - scan_id = args[0] - scan_id = scan_id - else + + if scan_id.nil? print_status("Usage: ") - print_status("nessus_report_hosts ") + print_status("nessus_report_hosts -S searchterm") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") return end + tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Host ID", "Hostname", @@ -576,22 +672,28 @@ module Msf end def cmd_nessus_report_vulns(*args) - if args[0] == "-h" - print_status("nessus_report_vulns ") - print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") - return + search_term = nil + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_vulns -S searchterm") + print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end end - case args.length - when 1 - scan_id = args[0] - scan_id = scan_id.to_i - else + if scan_id.nil? print_status("Usage: ") print_status("nessus_report_vulns ") print_status("Use nessus_scan_list to get a list of all the scans. Only completed scans can be reported.") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Plugin ID", "Plugin Name", @@ -613,21 +715,29 @@ module Msf end def cmd_nessus_report_host_details(*args) - if args[0] == "-h" - print_status("nessus_report_host_details ") - print_status("Example:> nessus_report_host_details 10 5") - print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") - print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") - return - end - if !nessus_verify_token - return - end - case args.length - when 2 - scan_id = args[0] - host_id = args[1] - else + search_term = nil + search_vuln = nil + scan_id = nil + host_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_host_details ") + print_status("Example:> nessus_report_host_details 10 5 -S hostinfo -SV vulninfo") + print_status("Use nessus_scan_list to get list of all scans. Only completed scans can be used for reporting.") + print_status("Use nessus_report_hosts to get a list of all the hosts along with their corresponding host IDs.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + when '-SV', '--search-vuln' + search_vuln = /#{args.shift}/nmi + else + scan_id = arg, + host_id = args.shift + end + end + + if [scan_id, host_id].any?(&:nil?) print_status("Usage: ") print_status("nessus_report_host_detail ") print_status("Example:> nessus_report_host_detail 10 5") @@ -636,6 +746,7 @@ module Msf return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Plugin Name', 'Plugin Famil', @@ -654,6 +765,7 @@ module Msf } print_line tbl.to_s tbl2 = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_vuln, 'Columns' => [ 'Plugin Name', 'Plugin Famil', @@ -698,27 +810,33 @@ module Msf end def cmd_nessus_report_host_ports(*args) - if args[0] == "-h" - print_status("nessus_report_host_ports ") - print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca") - print_status() - print_status("Returns all the ports associated with a host and details about their vulnerabilities") - print_status("Use nessus_report_hosts to list all available hosts for a report") - end - if !nessus_verify_token - return - end - case args.length - when 2 - host = args[0] - rid = args[1] - else + search_term = nil + rid = nil + host = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_report_host_ports ") + print_status("Example:> nessus_report_host_ports 192.168.1.250 f0eabba3-4065-7d54-5763-f191e98eb0f7f9f33db7e75a06ca -S searchterm") + print_status() + print_status("Returns all the ports associated with a host and details about their vulnerabilities") + print_status("Use nessus_report_hosts to list all available hosts for a report") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + end + end + + if [host,rid].any?(&:nil?) print_status("Usage: ") print_status("nessus_report_host_ports ") print_status("Use nessus_report_list to list all available reports") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Port', 'Protocol', @@ -775,13 +893,20 @@ module Msf end def cmd_nessus_scan_list(*args) - if args[0] == "-h" - print_status("nessus_scan_list") - print_status("Example:> nessus_scan_list") - print_status() - print_status("Returns a list of information about currently running scans.") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_scan_list") + print_status("Example:> nessus_scan_list -S searchterm") + print_status() + print_status("Returns a list of information about currently running scans.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -791,6 +916,7 @@ module Msf return else tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Scan ID', 'Name', @@ -1014,18 +1140,6 @@ module Msf else print_error("Only completed scans could be used for import") end - - end - - def is_scan_complete(scan_id) - complete = false - status = @n.scan_list - status["scans"].each { |scan| - if scan["id"] == scan_id.to_i && (scan["status"] == "completed" || scan["status"] == "imported") - complete = true - end - } - complete end def cmd_nessus_scan_pause_all(*args) @@ -1174,35 +1288,39 @@ module Msf end def cmd_nessus_scan_details(*args) - if args[0] == "-h" - print_status("nessus_scan_details ") - print_status("Availble categories are info, hosts, vulnerabilities, and history") - print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") - return - end + valid_categories = ['info', 'hosts', 'vulnerabilities', 'history'] + search_term = nil + scan_id = nil + category = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("Usage: ") + print_status("nessus_scan_details -S searchterm") + print_status("Availble categories are info, hosts, vulnerabilities, and history") + print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + scan_id = arg + if args[0].in?(valid_categories) + category = args.shift + else + print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") + return + end + end + end + if !nessus_verify_token return end - case args.length - when 2 - scan_id = args[0] - category = args[1] - if category.in?(['info', 'hosts', 'vulnerabilities', 'history']) - category = args[1] - else - print_error("Invalid category. The available categories are info, hosts, vulnerabilities, and history") - return - end - else - print_status("Usage: ") - print_status("nessus_scan_details ") - print_status("Availble categories are info, hosts, vulnerabilities, and history") - print_status("Use nessus_scan_list to list all available scans with their corresponding scan IDs") - return - end + details = @n.scan_details(scan_id) if category == "info" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Status", "Policy", @@ -1214,6 +1332,7 @@ module Msf tbl << [ details["info"]["status"], details["info"]["policy"], details["info"]["name"], details["info"]["targets"], details["info"]["scan_start"], details["info"]["scan_end"] ] elsif category == "hosts" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Host ID", "Hostname", @@ -1227,6 +1346,7 @@ module Msf } elsif category == "vulnerabilities" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "Plugin ID", "Plugin Name", @@ -1238,6 +1358,7 @@ module Msf } elsif category == "history" tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ "History ID", "Status", @@ -1319,27 +1440,32 @@ module Msf end def cmd_nessus_plugin_list(*args) - if args[0] == "-h" - print_status("nessus_plugin_list ") - print_status("Example:> nessus_plugin_list 10") - print_status() - print_status("Returns a list of all plugins in that family.") - print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") - return - end - if !nessus_verify_token - return - end - case args.length - when 1 - family_id = args[0] - else + search_term = nil + family_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_plugin_list -S searchterm") + print_status("Example:> nessus_plugin_list 10") + print_status() + print_status("Returns a list of all plugins in that family.") + print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + family_id = arg + end + end + + if family_id.nil? print_status("Usage: ") print_status("nessus_plugin_list ") print_status("Use nessus_family_list to display all the plugin families along with their corresponding family IDs") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Plugin ID', 'Plugin Name' @@ -1355,15 +1481,23 @@ module Msf end def cmd_nessus_family_list(*args) - if args[0] == "-h" - print_status("nessus_family_list") - print_status("Example:> nessus_family_list") - print_status() - print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_family_list") + print_status("Example:> nessus_family_list -S searchterm") + print_status() + print_status("Returns a list of all the plugin families along with their corresponding family IDs and plugin count.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + list = @n.list_families tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Family ID', 'Family Name', @@ -1377,27 +1511,36 @@ module Msf end def cmd_nessus_plugin_details(*args) - if args[0] == "-h" - print_status("nessus_plugin_details ") - print_status("Example:> nessus_plugin_details 10264") - print_status() - print_status("Returns details on a particular plugin.") - print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") - return - end + search_term = nil + plugin_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_plugin_details ") + print_status("Example:> nessus_plugin_details 10264 -S searchterm") + print_status() + print_status("Returns details on a particular plugin.") + print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + else + plugin_id = arg + end + end + if !nessus_verify_token return end - case args.length - when 1 - plugin_id = args[0] - else + + if plugin_id.nil? print_status("Usage: ") print_status("nessus_plugin_details ") print_status("Use nessus_plugin_list to list all plugins and their corresponding plugin IDs belonging to a particular plugin family.") return end tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'Reference', 'Value' @@ -1423,13 +1566,20 @@ module Msf end def cmd_nessus_user_list(*args) - if args[0] == "-h" - print_status("nessus_user_list") - print_status("Example:> nessus_user_list") - print_status() - print_status("Returns a list of the users on the Nessus server and their access level.") - return - end + scan_id = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_user_list") + print_status("Example:> nessus_user_list -S searchterm") + print_status() + print_status("Returns a list of the users on the Nessus server and their access level.") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -1438,6 +1588,7 @@ module Msf end list=@n.list_users tbl = Rex::Ui::Text::Table.new( + 'SearchTerm' => search_term, 'Columns' => [ 'ID', 'Name', @@ -1574,13 +1725,20 @@ module Msf end def cmd_nessus_policy_list(*args) - if args[0] == "-h" - print_status("nessus_policy_list") - print_status("Example:> nessus_policy_list") - print_status() - print_status("Lists all policies on the server") - return - end + search_term = nil + while (arg = args.shift) + case arg + when '-h', '--help' + print_status("nessus_policy_list") + print_status("Example:> nessus_policy_list -S searchterm") + print_status() + print_status("Lists all policies on the server") + return + when '-S', '--search' + search_term = /#{args.shift}/nmi + end + end + if !nessus_verify_token return end @@ -1642,31 +1800,6 @@ module Msf print_error("Unknown problem occured by deleting the user account having user ID #{user_id}.") end end - - def valid_policy(*args) - case args.length - when 1 - pid = args[0] - else - print_error("No Policy ID supplied.") - return - end - pol = @n.list_policies - pol["policies"].each { |p| - if p["template_uuid"] == pid - return true - end - } - return false - end - - def nessus_verify_db - if !(framework.db and framework.db.active) - print_error("No database has been configured, please use db_create/db_connect first") - return false - end - true - end end def initialize(framework, opts)