Class: Nexpose::SharedCredential
- Inherits:
-
SharedCredentialSummary
- Object
- SharedCredentialSummary
- Nexpose::SharedCredential
- Defined in:
- lib/nexpose/shared_cred.rb
Instance Attribute Summary collapse
-
#database ⇒ Object
Database or SID.
-
#description ⇒ Object
Optional description of this credential.
-
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
-
#host ⇒ Object
IP address or host name to restrict this credential to.
-
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
-
#password ⇒ Object
Password or SNMP community name.
-
#pem_key ⇒ Object
PEM-format private key.
-
#port ⇒ Object
Single port to restrict this credential to.
-
#privilege_password ⇒ Object
Password to use when elevating permissions (e.g., sudo).
-
#privilege_type ⇒ Object
Permission elevation type.
-
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
Attributes inherited from SharedCredentialSummary
#all_sites, #domain, #id, #last_modified, #name, #privilege_username, #type, #username
Class Method Summary collapse
Instance Method Summary collapse
- #_to_param(target, engine_id) ⇒ Object
- #as_xml ⇒ Object
-
#initialize(name, id = -1)) ⇒ SharedCredential
constructor
A new instance of SharedCredential.
-
#save(nsc) ⇒ Boolean
Save this credential to the security console.
-
#test(nsc, target, engine_id = nil) ⇒ Object
Test this credential against a target where the credentials should apply.
- #to_xml ⇒ Object
Methods inherited from SharedCredentialSummary
Constructor Details
#initialize(name, id = -1)) ⇒ SharedCredential
Returns a new instance of SharedCredential.
93 94 95 96 97 |
# File 'lib/nexpose/shared_cred.rb', line 93 def initialize(name, id = -1) @name, @id = name, id.to_i @sites = [] @disabled = [] end |
Instance Attribute Details
#database ⇒ Object
Database or SID.
71 72 73 |
# File 'lib/nexpose/shared_cred.rb', line 71 def database @database end |
#description ⇒ Object
Optional description of this credential.
68 69 70 |
# File 'lib/nexpose/shared_cred.rb', line 68 def description @description end |
#disabled ⇒ Object
Array of sites where this credential has been temporarily disabled.
91 92 93 |
# File 'lib/nexpose/shared_cred.rb', line 91 def disabled @disabled end |
#host ⇒ Object
IP address or host name to restrict this credential to.
84 85 86 |
# File 'lib/nexpose/shared_cred.rb', line 84 def host @host end |
#ntlm_hash ⇒ Object
Windows/Samba LM/NTLM Hash.
73 74 75 |
# File 'lib/nexpose/shared_cred.rb', line 73 def ntlm_hash @ntlm_hash end |
#password ⇒ Object
Password or SNMP community name.
75 76 77 |
# File 'lib/nexpose/shared_cred.rb', line 75 def password @password end |
#pem_key ⇒ Object
PEM-format private key.
77 78 79 |
# File 'lib/nexpose/shared_cred.rb', line 77 def pem_key @pem_key end |
#port ⇒ Object
Single port to restrict this credential to.
86 87 88 |
# File 'lib/nexpose/shared_cred.rb', line 86 def port @port end |
#privilege_password ⇒ Object
Password to use when elevating permissions (e.g., sudo).
79 80 81 |
# File 'lib/nexpose/shared_cred.rb', line 79 def privilege_password @privilege_password end |
#privilege_type ⇒ Object
Permission elevation type. See Nexpose::Credential::ElevationType.
81 82 83 |
# File 'lib/nexpose/shared_cred.rb', line 81 def privilege_type @privilege_type end |
#sites ⇒ Object
Array of site IDs that this credential is restricted to.
89 90 91 |
# File 'lib/nexpose/shared_cred.rb', line 89 def sites @sites end |
Class Method Details
.load(nsc, id) ⇒ Object
99 100 101 102 |
# File 'lib/nexpose/shared_cred.rb', line 99 def self.load(nsc, id) response = AJAX.get(nsc, "/data/credential/shared/get?credid=#{id}") parse(response) end |
.parse(xml) ⇒ Object
203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 |
# File 'lib/nexpose/shared_cred.rb', line 203 def self.parse(xml) rexml = REXML::Document.new(xml) rexml.elements.each('Credential') do |c| cred = new(c.elements['Name'].text, c.attributes['id'].to_i) desc = c.elements['Description'] cred.description = desc.text if desc c.elements.each('Account/Field') do |field| case field.attributes['name'] when 'database' cred.database = field.text when 'domain' cred.domain = field.text when 'username' cred.username = field.text when 'password' cred.password = field.text when 'ntlmhash' cred.ntlm_hash = field.text when 'pemkey' cred.pem_key = field.text when 'privilegeelevationusername' cred.privilege_username = field.text when 'privilegeelevationpassword' cred.privilege_password = field.text when 'privilegeelevationtype' cred.privilege_type = field.text end end service = REXML::XPath.first(c, 'Services/Service') cred.type = service.attributes['type'] c.elements.each('Restrictions/Restriction') do |r| cred.host = r.text if r.attributes['type'] == 'host' cred.port = r.text.to_i if r.attributes['type'] == 'port' end sites = REXML::XPath.first(c, 'Sites') cred.all_sites = sites.attributes['all'] == '1' sites.elements.each('Site') do |site| site_id = site.attributes['id'].to_i cred.sites << site_id unless cred.all_sites cred.disabled << site_id if site.attributes['enabled'] == '0' end return cred end nil end |
Instance Method Details
#_to_param(target, engine_id) ⇒ Object
184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 |
# File 'lib/nexpose/shared_cred.rb', line 184 def _to_param(target, engine_id) port = @port port = Credential::DEFAULT_PORTS[@type] if port.nil? { engineid: engine_id, sc_creds_dev: target, sc_creds_svc: @type, sc_creds_database: @database, sc_creds_domain: @domain, sc_creds_uname: @username, sc_creds_password: @password, sc_creds_pemkey: @pem_key, sc_creds_port: port, sc_creds_privilegeelevationusername: @privilege_username, sc_creds_privilegeelevationpassword: @privilege_password, sc_creds_privilegeelevationtype: @privilege_type, siteid: -1 } end |
#as_xml ⇒ Object
114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 |
# File 'lib/nexpose/shared_cred.rb', line 114 def as_xml xml = REXML::Element.new('Credential') xml.add_attribute('id', @id) name = xml.add_element('Name').add_text(@name) desc = xml.add_element('Description').add_text(@description) services = xml.add_element('Services') service = services.add_element('Service').add_attribute('type', @type) (account = xml.add_element('Account')).add_attribute('type', 'nexpose') account.add_element('Field', { 'name' => 'database' }).add_text(@database) account.add_element('Field', { 'name' => 'domain' }).add_text(@domain) account.add_element('Field', { 'name' => 'username' }).add_text(@username) account.add_element('Field', { 'name' => 'ntlmhash' }).add_text(@ntlm_hash) if @ntlm_hash account.add_element('Field', { 'name' => 'password' }).add_text(@password) if @password account.add_element('Field', { 'name' => 'pemkey' }).add_text(@pem_key) if @pem_key account.add_element('Field', { 'name' => 'privilegeelevationusername' }).add_text(@privilege_username) account.add_element('Field', { 'name' => 'privilegeelevationpassword' }).add_text(@privilege_password) if @privilege_password account.add_element('Field', { 'name' => 'privilegeelevationtype' }).add_text(@privilege_type) if @privilege_type restrictions = xml.add_element('Restrictions') restrictions.add_element('Restriction', { 'type' => 'host' }).add_text(@host) if @host restrictions.add_element('Restriction', { 'type' => 'port' }).add_text(@port) if @port sites = xml.add_element('Sites') sites.add_attribute('all', @all_sites ? 1 : 0) @sites.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) if @disabled.member? s end if @sites.empty? @disabled.each do |s| site = sites.add_element('Site') site.add_attribute('id', s) site.add_attribute('enabled', 0) end end xml end |
#save(nsc) ⇒ Boolean
Save this credential to the security console.
109 110 111 112 |
# File 'lib/nexpose/shared_cred.rb', line 109 def save(nsc) response = AJAX.post(nsc, '/data/credential/shared/save', to_xml) !!(response =~ /success="1"/) end |
#test(nsc, target, engine_id = nil) ⇒ Object
Test this credential against a target where the credentials should apply. Only works for a newly created credential. Loading an existing credential will likely fail.
172 173 174 175 176 177 178 179 180 181 182 |
# File 'lib/nexpose/shared_cred.rb', line 172 def test(nsc, target, engine_id = nil) unless engine_id local_engine = nsc.engines.find { |e| e.name == 'Local scan engine' } engine_id = local_engine.id end parameters = _to_param(target, engine_id) xml = AJAX.form_post(nsc, '/ajax/test_admin_credentials.txml', parameters) result = REXML::XPath.first(REXML::Document.new(xml), 'TestAdminCredentialsResult') result.attributes['success'].to_i == 1 end |
#to_xml ⇒ Object
159 160 161 |
# File 'lib/nexpose/shared_cred.rb', line 159 def to_xml as_xml.to_s end |